Revision: 46294
Initial Code
Initial URL
Initial Description
Initial Title
Initial Tags
Initial Language
at May 17, 2011 01:09 by stephcode
Initial Code
password_protect.php: <?php //header( 'Cache-Control: no-store' ); ?> <?php ############################################################### # Page Password Protect 2.13 ############################################################### # Visit http://www.zubrag.com/scripts/ for updates ############################################################### # # Usage: # Set usernames / passwords below between SETTINGS START and SETTINGS END. # Open it in browser with "help" parameter to get the code # to add to all files being protected. # Example: password_protect.php?help # Include protection string which it gave you into every file that needs to be protected # # Add following HTML code to your page where you want to have logout link # <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a> # ############################################################### /* ------------------------------------------------------------------- SAMPLE if you only want to request login and password on login form. Each row represents different user. $LOGIN_INFORMATION = array( 'zubrag' => 'root', 'test' => 'testpass', 'admin' => 'passwd' ); -------------------------------------------------------------------- SAMPLE if you only want to request only password on login form. Note: only passwords are listed $LOGIN_INFORMATION = array( 'root', 'testpass', 'passwd' ); -------------------------------------------------------------------- */ ################################################################## # SETTINGS START ################################################################## // Add login/password pairs below, like described above // NOTE: all rows except last must have comma "," at the end of line $LOGIN_INFORMATION = array( 'admin' => 'password1', 'password2', 'password3' ); // request login? true - show login and password boxes, false - password box only define('USE_USERNAME', false); // User will be redirected to this page after logout define('LOGOUT_URL', 'http://site.com/'); // time out after NN minutes of inactivity. Set to 0 to not timeout define('TIMEOUT_MINUTES', 0); // This parameter is only useful when TIMEOUT_MINUTES is not zero // true - timeout time from last activity, false - timeout time from login define('TIMEOUT_CHECK_ACTIVITY', true); ################################################################## # SETTINGS END ################################################################## /////////////////////////////////////////////////////// // do not change code below /////////////////////////////////////////////////////// // show usage example if(isset($_GET['help'])) { die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>'); } // timeout in seconds $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60); // logout? if(isset($_GET['logout'])) { setcookie("verify", '', $timeout, '/'); // clear password; header('Location: ' . LOGOUT_URL); exit(); } if(!function_exists('showLoginPasswordProtect')) { // show login form function showLoginPasswordProtect($error_msg) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>Title</title> <link rel="stylesheet" href="style.css" type="text/css" media="screen" title="no title" charset="utf-8"/> </head> <body> <div id="wrapper"> <!--FORM STARTS HERE--> <form method="post"> <font color="red"><?php echo $error_msg; ?></font><br /> <?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?> <p style="margin: 10px 0 0 0; padding: 0; display: block;"></p> <input type="password" name="access_password" style="padding: 7px; height: 16px; width: 134px; border: 0;" /> <p style="margin: 10px 0 0 0; padding: 0; display: block;"></p> <input type="submit" name="Submit" value="Sign In" style="background-color:#cc0001; color: #fff; height: 30px; float: right; border: 0; font-weight: bold;" /> </form> <!--FORM ENDS HERE--> </div> </body> </html> <?php // stop at this point die(); } } // user provided password if (isset($_POST['access_password'])) { $login = isset($_POST['access_login']) ? $_POST['access_login'] : ''; $pass = $_POST['access_password']; if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION) || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) ) { showLoginPasswordProtect("Incorrect password."); } else { // set cookie if password was validated setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed // So need to clear password protector variables unset($_POST['access_login']); unset($_POST['access_password']); unset($_POST['Submit']); } } else { // check if password cookie is set if (!isset($_COOKIE['verify'])) { showLoginPasswordProtect(""); } // check if cookie is good $found = false; foreach($LOGIN_INFORMATION as $key=>$val) { $lp = (USE_USERNAME ? $key : '') .'%'.$val; if ($_COOKIE['verify'] == md5($lp)) { $found = true; // prolong timeout if (TIMEOUT_CHECK_ACTIVITY) { setcookie("verify", md5($lp), $timeout, '/'); } break; } } if (!$found) { showLoginPasswordProtect(""); } } ?> Add to top of every page you'd like to password protect: <?php include("/path/to/password_protect.php"); ?> logout.php <?php include("password_protect.php"); ?>
Initial URL
http://www.zubrag.com/scripts/password-protect.php
Initial Description
Initial Title
Password Protect with PHP
Initial Tags
Initial Language
PHP