PHP — Access to a password protected page
You could use something like this: Then on each file you want to protect, put at the top: It isn’t a very nice solution, but it might do what you want Edit You could add a logout.php page like: Solution 2: Assuming you’re on Apache: http://httpd.apache.org/docs/1.3/howto/htaccess.html#auth Solution 3: If you want to avoid cookies, sessions and don’t want to play with .htaccess files, you can also do http authentication soley with PHP: http://www.php.net/manual/en/features.http-auth.php You can hard code the password into the file and change it as needed, or include it from a file not in your web_accessible directory. It would be nice if the password is remembered for a while once user entered it correctly.
PHP — Access to a password protected page
I would just like to find a way in PHP (a link, a button, etc.) to give the user the possibility to open a (http-authentication-based) password protected page.
I already tried with a simple href containing the link to:
http://username:password@domain but it seems it does not work anymore in current browsers.
Is there a way to do this? It seems a very trivial problem, but actually I still have not found a way.
As you say, the username:password scheme won’t work accross all browsers. What you can do — if you don’t mind a script based solution — is to establish authentication via AJAX first, then present the user a normal link.
- A client side script establishes authentication via AJAX.
- Once this succeeds, you present the appropriate link to the user.
- The user’s client automatically submits the credentials generated in step 1 once the user follows the link.
See this How-To for example.
Don’t know why this should not work. Possible security issues that modern browsers are trying to avoid.
But to get this done, you could use
PHP password protected page cookie, Also your code will never jump into the password protected content block. $password = «password»; if (sha1($_POST[‘password’]) == …
Basic PHP password protected webpage
I am trying to figure out an easy way to have a password protected php page.
Essentially it would just have a user name and password field with one username and one password (pre set). If entered wrong it notifies the user, if entered right it reveals the page.
I don’t want to use a database and I am pretty sure can be done in a simple PHP script, thing is it’s a language on my list to do.
Anyone help me out here? Thanks a lot in advanced.
Code here: http://pastebin.com/j16kfGD6
PHP Password Protect page, 2 Answers. Sorted by: 1. In the end of your example, you have else, so: // > else < header ('Location: http://google.com'); exit; >Share. Improve this …
What is the best way to password protect folder/page using php without a db or username
What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way.
It would be nice if the password is remembered for a while once user entered it correctly.
I am doing approximately what David Heggie suggested, except without cookies. It does seem insecure as hell, but it is probably better having a bad password protection then none at all.
This is for internal site where people would have hell of a time remembering their login and password and would never go through sign up process. unless it is really easy they would not use the system at all.
I wanted to see other solutions to this problem.
With user base consisting of not very tech savvy people what are other ways to do this.
Edit: SHA1 is no longer considered secure. Stored password hashes should also be salted. There are now much better solutions to this problem.
You could use something like this:
//access.php if (isset($_POST['password'])) < if (sha1($_POST['password']) == $password) < $_SESSION['loggedIn'] = true; >else < die ('Incorrect password'); >> if (!$_SESSION['loggedIn']): ?> You need to login
Password:
Then on each file you want to protect, put at the top:
It isn’t a very nice solution, but it might do what you want
You could add a logout.php page like:
If you want to avoid cookies, sessions and don’t want to play with .htaccess files, you can also do http authentication soley with PHP:
You can hard code the password into the file and change it as needed, or include it from a file not in your web_accessible directory.
The downside is you don’t have the ability to format the «login» screen — it will be a standard http authentication dialog box
I doubt if this would count as the best wasy of doing it, but it would work. And since security doesn’t seem to be a big issue for you, the fact that this way’s as insecure as hell probably won’t bother you either.
Have a login.php page that takes a password and then sets a cookie if the login details are correct. Each php file can then check for the existence of the cookie to determine whether or not the user is «logged in» or not, and display information accordingly.
login.php . if(isset($_POST['password']) && $_POST['password'] == 'my_top_secret_word') < setcookie('loggedin', 'true', time() + 1200, '/url/'); >else < setcookie('loggedin', 'false', time() - 1200, '/url/'); // display a login form here >etc each «protected» page would then check for this cookie:
if(isset($_COOKIE['loggedin'])) < if($_COOKIE['loggedin'] == 'true') < $showHidden = true; >else < $showHidden = false; >> else
I’m sure you get the (highly insecure) idea .
Php — Password protected part of website / custom log in, I have a public website with 1 page that is password protected. On this page are links to several pdf files and just some text. This page and the files …
Password protecting a webpage with PHP
I’ve tried to password protect my website with Tom’s answer here. I have copied his access.php script only changing the 5th line to:
I’ve then created another file (‘test.php’) in the same directory on the server, and added the following to it:
However when I type in ‘hello’ on my site, it tells me my password is incorrect. Is there something about the way the server has been setup that would not allow this? Although I have tried this on two different servers that have both been setup for html and php, and in both cases my password is not accepted.
You can’t change the 5th line to «hello» cause the provided code aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d already means «hello» after the sha1 process of encripting security. Or: maintain the code provided and you will see «hello» working.
How do I protect a page only for logged users?, 1. You should basically use session management to track whether a user is in an authenticated session or not. If not, you (re)direct them to the index …