Using PHP for Password Identification!

[RageD]

This is an alternative to Javascript and all other ways of password identification for a page view! You can also use MySQL for multiple kinds of passwords, but if you only want a couple, this is the way to go: (This requires NO MySQL)

<?php
// Let's define the page that we will see the login form & page title
$pagetitle = "Page Title Here";
if($page == ""){ ?>
<HTML>
<TITLE><?php echo($pagetitle); ?></TITLE>
<BODY>
<form name="login" method="post" action="?page=login">
Password: <input type=password name="password"><br>
<input type=submit value="Login"><input type=reset>
</form>
</BODY>
</HTML>
<?php
// Let's end that section with the following bracket
}
// Start the login page
if($page == "login"){
// The value '$password' comes from name="password" in the password field
    if($password !== "PasswordHere"){
         echo('Incorrect Password');
         exit;
     }
     else{
          echo('You are now logged in!!  Page content goes here!');
     }
}
?>

-Thanks

-RageD

 

[bbalegere]

Simple but effective.

 

[wackyjoe]

thats preety unsecure.

but for a small site with not much traffic its good...

btw if Globals are turned off...HIGHELY RECCOMEMDED

$page = $_GET['page'];

 

[tm]

Hey,
The script would be good for an admin panel or something similar.
I might like to make a few additions to your script - add cookies so you won't have to login every time. the 3600 is in seconds - that's an hour. Change if you wish. (86400 is a day).

<?php
// Let's define the page that we will see the login form & page title
$pagetitle = "Page Title Here";

setcookie("TestCookie", "hello");
if(empty($_COOKIE['TestCookie'])) { die("Cookies disabled!"); } else { setcookie("TestCookie", "hello", time()-3600); }

if(empty($_COOKIE['adminformpassword'])){ ?>
<HTML>
<TITLE><?php echo($pagetitle); ?></TITLE>
<BODY>
<form name="login" method="post" action="?page=login">
Password: <input type=password name="password"><br>
<input type=submit value="Login"><input type=reset>
</form>
</BODY>
</HTML>
<?php
// Let's end that section with the following bracket
}
// Start the login page
if($page == "login"){
// The value '$password' comes from name="password" in the password field
    $password = $_POST['password'];
    if($password == "YourPasswordHere") {
    setcookie("adminformpassword", md5($password), time()+3600);
    }
    if(md5($password) != $_COOKIE['adminformpassword']){
         echo('Incorrect Password');
         exit;
    }
     else
    {
          echo('You are now logged in!!  Page content goes here!');
     }
}
?>

 

[Jim_]

Or, you could use a session cookie...

<?php
$adminpass = "testpassword";
session_start();
if($_GET['act']=="login"){
  if($_POST['passwordx']==$adminpass){
    $_SESSION['logged_in'] = md5($adminpass);
    echo "Logged in.";
  }
}
if($_GET['act']=="logout"){
  session_unset();
  echo "Logged out.";
}
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in']==md5($adminpass)) {
//admin is logged in
//display page here
} else {
//admin is not logged in, so show login form
echo "<form action=\"admin.php?act=login\" method=\"post\"><input type=\"password\" name=\"passwordx\"><input type=\"submit\" value=\"Login\"></form>";
}
?>

 

[stscac]

This sort of thing would qualify to be in the CODE section of the Programming section, but I also think it is fitting to put in the Webmaster Tutorial section.



-Steve

 

[markkk]

thanks a lot..

 

[sacx13]

Another simple code

My code is reading the passwords from a simple file. The user and passwords are delimited by comas. Ex
user1,pass1
user2,pass2

<?php
 $username=$_POST['username'];
 $password=$_POST['password'];
 $handle = fopen('/etc/php.pas',"r");

while(!feof($handle))
{
$line = fgets($handle,1024);
list($u,$p) = explode(',',$line);

$u = trim($u);
$p = trim($p);
    if ($username!="")
    if ($username==$u && $password==$p)
    {
        // just add your session cookies here and etc.
        header("Location: test.html");
        exit();
    }
}

fclose($handle);
?>

 

[RageD]

Yep If you wanted to be very technical and secure you could just create a quick MySQL connect script and encrypt everything to a DB... You could use md5 encryption, or whatever you wanted..

-RageD

 

[sacx13]

For a simple page you dont need a mysql database for authentication ...


Regards