Page 1 of 1

Password protect a page on site

Posted: Fri Nov 29, 2002 7:20 am
by ethosadvisory
When a prospect becomes a client, there are a number of forms to complete. I want to protect thos forms so that no one else can access them throught the web site page.

All I need is a simple password protection method. What I want to do is give my new client the username and password with instructions to access the page.

How can this be done?

Thanks for your help.

Ray Randall

Posted: Fri Nov 29, 2002 10:02 am
by Jim
Pretty simple.

Create a login page with this code on it:

Code: Select all

// Login Page
<form method=post action=page2.php>
<input type=text name="username" value="username">
<input type=password name="password">
<input type=submit name="submit">
Then send it to a processing script:

Code: Select all

<? 
//If this post is submitted 
if($_POSTї'submit']) { 
        
      //Check password against selected password (Change "mypassword" to a password of your own... 
      if($_POSTї'password'] != "mypassword" and $_POSTї'username'] != "myusername"){ 
           die("This username and password combo is incorrect!"); 
           } 
//If the password turns out to be right, set cookies 

        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

        header("Location: forms.php"); 
} 

?>
Then, on the top of each page that you want to be protected:

Code: Select all

<? 
//Verify that the user has cookies equal to the username and password you selected 

if($_COOKIEї'LoginUsername'] == "myusername" and $_COOKIEї'LoginPassword'] == "mypassword") { 

echo "Your page here..."; 

} else { 
die("username and pass are incorrect!"); 
} 

?>

Now to test and make sure this is accurate.. ;)

Yep, it works. All right, these are the things in the script you need to change....


Page2.php

Change the "mypassword" and "myusername" to a password and username of your choice in the following code:

Code: Select all

$_POSTї'password'] != "mypassword" and $_POSTї'username'] != "myusername"

Also change the following "myusername" and "mypassword" to the username and password you selected in the above in this code:

Code: Select all

setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword");
And change the location of the "header" in this code. Basically, type in the URL of the page you would like your user to see after they log in. It's in this code:

Code: Select all

header("Location: forms.php");

And then, the last thing to change is in the code you put on every page.

Once again, just change the "myusername" and "mypassword" to the pass and username you selected.

Code: Select all

if($_COOKIEї'LoginUsername'] == "myusername" and $_COOKIEї'LoginPassword'] == "mypassword")

As a side note, this isn't the most secure way to do this. What you could do is offer each user his/her own username and verify it against a MySQL DB. If you need help with that, just ask.

Hope this helps!

Posted: Mon Aug 18, 2003 7:45 am
by like_duh44
I'm not sure if this is true for everyone, but the following code was not correct, it allowed someone to get through with just the username, no password. So just replace this code:

Code: Select all

<?php
if($_POST['submit']) { 
        
      //Check password against selected password (Change "mypassword" to a password of your own... 
      if($_POST['password'] != "mypassword" and $_POST['username'] != "myusername"){ 
           die("This username and password combo is incorrect!"); 
           } 
//If the password turns out to be right, set cookies 

        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

        header("Location: forms.php"); 
} 
?>

?>
And Replace it with this code:

Code: Select all

<?php
	if($_POST['password'] == "mypassword")
	{	
		if($_POST['adminname'] == "myusername")
		{
        setcookie("LoginUsername" , "myusername"); 
        setcookie("LoginPassword" , "mypassword"); 

		echo "<meta http-equiv="Refresh" content="0; url=restricted_area.php">";		
		}
		else
		{
			die("This username and password combo is incorrect!");
		}
	}
	else
	{
die("This username and password combo is incorrect!"); 
	}

?>

There is one question though... I want the cookie's session to expire after like 2 days or something. How would I go along doing that?

Posted: Mon Aug 18, 2003 7:59 am
by like_duh44
Nvm, all you have to do for the cookies are this:

Code: Select all

<?php 
   if($_POST['password'] == "mypassword") 
   {    
      if($_POST['adminname'] == "myusername") 
      { 
        //Set cookies to expire in 24 hours
        setcookie("LoginUsername" , "myusername" , time()+60*60*24); 
        setcookie("LoginPassword" , "mypassword" , time()+60*60*24);  

?>