View Full Version : Password Protection
what would you reccommend for a PHP password protection script. I don't have SQL and really don't feel like buying it just for that.
I am looking for a script that will allow me to login via a form on a website. Not one of them popups using .htaccess/.htpasswd
I made a password protection system just for you. It uses PHP's ini parser and allows multiple users. I would suggest making the password.ini file 700 or something like that so no one but your scripts may read it. You can use any form to log in, just make one field named "user" and another named "pass"
See a working demo of it at http://blinnovations.com/login.php
To log in as fesh: http://blinnovations.com/login.php?user=fesh&pass=hello
The source code:
#!/usr/local/bin/php
<?
// login.php
// $user is the user from the form input
// $pass is the password from the form input
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass == $parsed[$user]){
// Execute any necessary code
echo "login correct";
}
else{
echo "login incorrect";
}
?>
The ini configuration file:
[hello]
user = password
fesh = hello
fish = password
Alright I am pretty sure I understand it. Just one question, do I add that source to my index.php or do I create a file like login.php that I have to link the form to (ex POST="/login.php")?
For the INI file I just change the usernames and the passwords....now what about the [hello] tag? What does that do...
You should have another page the login through a form. The [hello] in probably isn't necessary, but php.net showed something similar in its example, so I put it in too.
If you want to check the password with every php document, you can have the login page giver the user a cookie for the user variable and for the pass variable, and put the checking code in every page.
I could create a file (lets say login.php) and place
#!/usr/local/bin/php
<?
// login.php
// $user is the user from the form input
// $pass is the password from the form input
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass == $parsed[$user]){
// Execute any necessary code
echo "login correct";
}
else{
echo "login incorrect";
}
?>
<FORM CODE HERE>
that code in the file. Save it. How do I tell it what page to load if the user logs in correctly?
If you just want it to redirect the user, put the following in place of "echo 'login correct';"
header("Location: http:whatever.com/whatever.php");
If you want to, you could make the page it redirect to have code to check that the user is logged in, and have login.php set cookies containing the user and password variables.
Great, what has to be added to login.php to set the cookie? What do I have to add to members.php to check for the cookie?
ummm...cookies!
Too add the cookies, you add "setcookie("user",$user); andsetcookie("pass",$pass);" after the user has been verified. The cookie setting code is as follows:
#!/usr/local/bin/php
<?
// login.php
// $user is the user from the form input
// $pass is the password from the form input
//if($pass
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass && $pass == $parsed[$user]){
// Execute any necessary code
$passa=$parsed[$user];
echo "login correct";
setcookie("user",$user);
setcookie("pass",$pass);
}
else{
echo "login incorrect";
}
?>
After the user executes that page with a correct usrname and password, they will be able to access any page with the original password checking code without entering his password again.
To see it in action, go to:
http://blinnovations.com/login.php
then go to: http://blinnovations.com/login2.php?user=fesh&pass=hello
and go to: http://blinnovations.com/login.php again
notice that in the third step, you are logged in correctly without a username or password.
Ok so I am adding this to my login.php page:
#!/usr/local/bin/php
<?
// login.php
// $user is the user from the form input
// $pass is the password from the form input
//if($pass
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass && $pass == $parsed[$user]){
// Execute any necessary code
$passa=$parsed[$user];
header("Location: ./members.php"); ;
setcookie("user",$user);
setcookie("pass",$pass);
}
else{
echo "login incorrect";
}
?>
That is going to set the cookie for the username and password. Is there anything I would have to add to 'members.php' to verified the username/password cookie?
heere's what members.php should look like:
#!/usr/local/bin/php
<?
// members.php
// $user is the user from the form input
// $pass is the password from the form input
//if($pass
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass && $pass == $parsed[$user]){
// Execute any necessary code
?>
hello world
Place Your HTML Code here
<?
}
else{
echo "login incorrect";
}
?>
Important: on the line with the header() function, you accidentally put two semicolons.
yeah I saw that after I posted it (I pasted it into a txt file)
Being that I can add HTML to the members.php page, can I add HTML to the login.php page?
Okay, here is login.php with the form code built in. You may mofify it as you like. It is at http://blinnovations.com/login4.php
#!/usr/local/bin/php
<html><head><title>login.php</title></head><body>
<?
// login.php
// $user is the user from the form input
// $pass is the password from the form input
if($action == "login"){
//if($pass
$file = "./password.ini";
$parsed = parse_ini_file($file);
if ($pass && $pass == $parsed[$user]){
// Execute any necessary code
$passa=$parsed[$user];
header("Location: http://whatever.com/whatever.php");
setcookie("user",$user);
setcookie("pass",$pass);
}
echo "login incorrect";
}
?>
<form action=<? echo "\"$PHP_SELF\""; ?> method="post">
<input type="hidden" value="login" name="action">
<input type="text" name=user>
<input type="password" name="pass">
<input type="reset"> <input type="submit">
</body></html>
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.