jump to navigation

Simple Password protection using PHP ( without Mysql ) May 20, 2011

Posted by Tournas Dimitrios in PHP.
trackback

In case your web-hosting provider doesn’t support a database 🙂 , use this simple script to password protect your pages, Ideal for password protecting Administrative parts or sensitive parts of your web site .
The logic behind the script is very simple , when ever your password protected page is called , the script is first called it checks for the username and password if not found, presents you with a login page and when you submit info (username, password) it checks if the info is correct if correct allows you to access the protected page, else denies access .

<?php
# Simple password protection
# To protect a page include this file in your PHP pages!

session_start();
$admin_user_name = "admin"; 
$admin_password = "pass";
$HTTP_POST_VARS = $_POST ;
$HTTP_SERVER_VARS = $_SERVER ;
$HTTP_SESSION_VARS = $_SESSION ;

//you can change the username and password by changing the above two strings 

if (!isset($HTTP_SESSION_VARS['user'])) {	
	if(isset($HTTP_POST_VARS['u_name'])) 
		$u_name = $HTTP_POST_VARS['u_name'];
	if(isset($HTTP_POST_VARS['u_password'])) 
		$u_password = $HTTP_POST_VARS['u_password'];
	if(!isset($u_name)) {
		?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY bgcolor=#ffff70>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD>
			 <font face=verdana size=2><B>(Access Restricted to Authorized Personnel)</b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>
		<?php
$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];		

		?>
		<form method=post action=<?php echo $form_to; ?>>
		<table border=0 width=350>
		<TR>
		<TD><font face=verdana size=2><B>User Name</B></font></TD>
		<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
		<TR>
		<TD><font face=verdana size=2><B>Password</B></font></TD>
		<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
		</TR>
		</table>
		<input type=submit value=Login></form>
		</center>
		</font>
		</BODY>
		</HTML>		

		<?php
		exit;

	}

	else {		

		function login_error($host,$php_self) {
			echo "<HTML><HEAD>
			<TITLE>$host :  Administration</TITLE>
			</HEAD><BODY bgcolor=#ffffff>
			<table border=0 cellspacing=0 cellpadding=0 width=100%>
				 <TR><TD align=left>
				 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
				 </tr></table>
			<P></P>
			<font face=verdana size=2>
			<center>";				

			echo "Error: You are not authorized to access this part of the site!

			<B><a href=$php_self>Click here</a></b> to login again.<P>
			</center>
			</font>
			</BODY>
			</HTML>";
			//session_unregister("adb_password");
			unset($_SESSION["adb_password"]);
			//session_unregister("user");
			unset($_SESSION["user"]);
			exit;

		}
		$user_checked_passed = false;
		if(isset($HTTP_SESSION_VARS['adb_password'])) {
			$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
			$adb_session_user = $HTTP_SESSION_VARS['user'];
			if($admin_password != $adb_session_password) 
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			else {
				$user_checked_passed = true;

			}

		}	

		if($user_checked_passed == false) {
			if(strlen($u_name)< 2) 
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			if(isset($admin_password)) {
				if($admin_password == $u_password) {
					session_register("adb_password");
					session_register("user");
					$adb_password = $admin_password;
					$user = $u_name;
				}
				else { //password in-correct
					login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

				}

			}

			else {
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

			}
			$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
			if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
			$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
			header ("Location: ". $page_location);

		}

	}
exit;
}

?>
<HTML><HEAD>
	<TITLE>$host :  Administration</TITLE>
	</HEAD><BODY bgcolor=#007f0f>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
		 <TR><TD align=left>
		 <font face=verdana size=5>
		 <b>You are loged -in on this site ! </b>
		 </font></td>
		 </tr></table>			
	</BODY>
</HTML>

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s