Basic PHP password protected webpage
Code here: http://pastebin.com/j16kfGD6
PHP Page password protection
You have to check first if the password has been submitted in your with
function.
// this has to be checked first
// added isset to check if its existing
if( isset($_SESSION[$session_key]) && $_SESSION[$session_key] ) return;
^-------------------------------^
if( isset($_POST['password']) && $_POST['password'] == $password ) {
^--------------------------^
...
}
Full password protected website
Thats not the way to approach this.
First make use of a session, but only hold a isLoggedIn
flag in the session not the password.
Second, all scripts can be in the public_html
folder, but what you do is add a little script that checks the loggedIn state to all scripts and if not loggedIn throw the login page
Heres a simple example
login_check.php
<?php
session_start();
if ( ! isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] == 0) {
header('Location: login.php');
exit;
}
Now in your login script
login.php
<?php
session_start();
if ( isset($_SESSION['loggedIn'] && $_SESSION['loggedIn'] == 1) {
// already logged in
header('Location: index.php.php'); // or some other page
exit;
}
If ( "The password is correct" ) { // this is of course pseudo code
$_SESSION['loggedIn'] = 1;
header('Location: somepage.php');
exit;
} else {
unset($_SESSION['loggedIn']);
header('Location: login.php');
exit;
}
?>
Now in all your other scripts
<?php
// first thing is always to check if this user is logged in
// so any access from a user not yet logged in just get
// thrown to the login page, or maybe your index.php
require_once 'login_check.php';
You can also use this session to hold useful but not sensitive things like
$_SESSION['user_id']; // id of the users info in user table
$_SESSION['FirstName'];
$_SESSION['LastName'];
$_SESSION['nickname'];
and anything else that might be useful to know across your application that you dont want to go to the database each time to collect.
Additional info
Your HTML is not well formed
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Page Title</title>
</head>
<body>
<form role="form" method="POST" style="margin: 0px" action="index.php">
<input type="password" name ="pass" class="form-control" id="pwd" />
<input type="submit" name="login" class="btn btn-danger" value="Login" />
</form>
</body>
</html>
Password protecting a webpage with PHP
You can't change the 5th line to "hello" cause the provided code aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d already means "hello" after the sha1 process of encripting security. Or: maintain the code provided and you will see "hello" working.
What is the best way to password protect folder/page using php without a db or username
Edit: SHA1 is no longer considered secure. Stored password hashes should also be salted. There are now much better solutions to this problem.
You could use something like this:
//access.php
<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if (sha1($_POST['password']) == $password) {
$_SESSION['loggedIn'] = true;
} else {
die ('Incorrect password');
}
}
if (!$_SESSION['loggedIn']): ?>
<html><head><title>Login</title></head>
<body>
<p>You need to login</p>
<form method="post">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
exit();
endif;
?>
Then on each file you want to protect, put at the top:
<?php
require('access.php');
?>
secret text
It isn't a very nice solution, but it might do what you want
Edit
You could add a logout.php page like:
<?php
session_start();
$_SESSION['loggedIn'] = false;
?>
You have logged out
Multiple password Protect Php for a single user
If I understand correctly, user has to enter 4 different passwords, so you can use session to remember each stage like followings:
<?php
session_start();
$error = false;
if (!isset($_SESSION['login'])) {
$stage = (isset($_SESSION['stage']))? $_SESSION['stage'] : 0;
$stage_labels = array(
'First',
'Second',
'Third',
'Final'
);
$passwords = array(
'111',
'222',
'333',
'444'
);
if (isset($_POST['password']) && $_POST['password'] == $passwords[$stage]) {
if ($stage == 3) {
// if the final password matches, create a session variable for login
$_SESSION['login'] = 'loggedin';
header('location: ' . $_SERVER['PHP_SELF']);
exit();
} else {
// if password matches the respective stage, increase the value of stage by 1 to move on to next stage
$_SESSION['stage'] = $stage + 1;
header('location: ' . $_SERVER['PHP_SELF']);
exit();
}
} elseif (isset($_POST['password'])) {
$error = true;
// if form submitted with mismatch password, stage will restart from 0 again
print '<p align="center"><font color="red"><b>Incorrect Code entered</b><br>Please enter the correct code or contact Administrator</font></p>';
$_SESSION['stage'] = 0;
}
if (!$error) {
print '<p>Please enter your '. $stage_labels[$stage].' password</p>';
}
print '<form method="post"><p align="center"><h2>Please enter code to intiate transfer</h2><br>';
print '<input name="password" type="password" maxlength="10"><input value="Authenticate" type="submit"></p></form>';
} else {
echo 'You have logged in';
}
?>
PHP password protected page cookie
Your requirement is a very classical practice. You can read a tutorial here: http://www.phpnerds.com/article/using-cookies-in-php/2
Notes:
- Compare hash to hash
- Never save your plain-text password in a cookie
- More secure: don't save hashed passwords in cookies like the tutorial.
Just store a session hashed code and using a DB table session to map
it with the user's sessions.
Hope it helps.
Related Topics
Org.JSON.JSONexception: Value <Br of Type Java.Lang.String Cannot Be Converted to JSONobject
Generating Random Numbers from Skewed Normal Distribution
Understanding Imagemagick's Convert and Translating to Ruby Rmagick
How to Compare 2 HTML Pages, and Output Only the Different Bits in Ruby or PHP
What Ocr Options Exist Beyond Tesseract
How to Display an Blob Image Stored in MySQL Database
Laravel 4 Custom Named Password Column
Function Eregi() Is Deprecated
How to Change the Woocommerce_Form_Field HTML Structure
Warning: MySQL_Result() Expects Parameter 1 to Be Resource, Boolean Given
Display Output in Parts in PHP
How to Do Multiple SQL Statements in One MySQL_Query