Password protect a page on site

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ethosadvisory
Forum Newbie
Posts: 3
Joined: Thu Oct 10, 2002 6:16 pm
Location: Essex, MA
Contact:

Password protect a page on site

Post by ethosadvisory »

When a prospect becomes a client, there are a number of forms to complete. I want to protect thos forms so that no one else can access them throught the web site page.

All I need is a simple password protection method. What I want to do is give my new client the username and password with instructions to access the page.

How can this be done?

Thanks for your help.

Ray Randall
Jim
Forum Contributor
Posts: 238
Joined: Fri Apr 19, 2002 5:26 am
Location: Near Austin, Texas

Post by Jim »

Pretty simple.

Create a login page with this code on it:

Code: Select all

// Login Page
<form method=post action=page2.php>
<input type=text name="username" value="username">
<input type=password name="password">
<input type=submit name="submit">
Then send it to a processing script:

Code: Select all

<? 
//If this post is submitted 
if($_POSTї'submit']) { 
        
      //Check password against selected password (Change "mypassword" to a password of your own... 
      if($_POSTї'password'] != "mypassword" and $_POSTї'username'] != "myusername"){ 
           die("This username and password combo is incorrect!"); 
           } 
//If the password turns out to be right, set cookies 

        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

        header("Location: forms.php"); 
} 

?>
Then, on the top of each page that you want to be protected:

Code: Select all

<? 
//Verify that the user has cookies equal to the username and password you selected 

if($_COOKIEї'LoginUsername'] == "myusername" and $_COOKIEї'LoginPassword'] == "mypassword") { 

echo "Your page here..."; 

} else { 
die("username and pass are incorrect!"); 
} 

?>

Now to test and make sure this is accurate.. ;)

Yep, it works. All right, these are the things in the script you need to change....


Page2.php

Change the "mypassword" and "myusername" to a password and username of your choice in the following code:

Code: Select all

$_POSTї'password'] != "mypassword" and $_POSTї'username'] != "myusername"

Also change the following "myusername" and "mypassword" to the username and password you selected in the above in this code:

Code: Select all

setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword");
And change the location of the "header" in this code. Basically, type in the URL of the page you would like your user to see after they log in. It's in this code:

Code: Select all

header("Location: forms.php");

And then, the last thing to change is in the code you put on every page.

Once again, just change the "myusername" and "mypassword" to the pass and username you selected.

Code: Select all

if($_COOKIEї'LoginUsername'] == "myusername" and $_COOKIEї'LoginPassword'] == "mypassword")

As a side note, this isn't the most secure way to do this. What you could do is offer each user his/her own username and verify it against a MySQL DB. If you need help with that, just ask.

Hope this helps!
like_duh44
Forum Commoner
Posts: 63
Joined: Sat Jul 26, 2003 6:57 pm

Post by like_duh44 »

I'm not sure if this is true for everyone, but the following code was not correct, it allowed someone to get through with just the username, no password. So just replace this code:

Code: Select all

<?php
if($_POST['submit']) { 
        
      //Check password against selected password (Change "mypassword" to a password of your own... 
      if($_POST['password'] != "mypassword" and $_POST['username'] != "myusername"){ 
           die("This username and password combo is incorrect!"); 
           } 
//If the password turns out to be right, set cookies 

        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

        header("Location: forms.php"); 
} 
?>

?>
And Replace it with this code:

Code: Select all

<?php
	if($_POST['password'] == "mypassword")
	{	
		if($_POST['adminname'] == "myusername")
		{
        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

		echo "<meta http-equiv="Refresh" content="0; url=restricted_area.php">";		
		}
		else
		{
			die("This username and password combo is incorrect!");
		}
	}
	else
	{
die("This username and password combo is incorrect!"); 
	}

?>

There is one question though... I want the cookie's session to expire after like 2 days or something. How would I go along doing that?
like_duh44
Forum Commoner
Posts: 63
Joined: Sat Jul 26, 2003 6:57 pm

Post by like_duh44 »

Nvm, all you have to do for the cookies are this:

Code: Select all

<?php 
   if($_POST['password'] == "mypassword") 
   {    
      if($_POST['adminname'] == "myusername") 
      { 
        //Set cookies to expire in 24 hours
        setcookie("LoginUsername" , "myusername" , time()+60*60*24); 
        setcookie("LoginPassword" , "mypassword" , time()+60*60*24);  

?>
Post Reply