Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[TUT] PHP Password Protected Page
#1
This login does not use a database so the password is in the code which is "lol". Since it is server sided no one can right-click to view password.

I'll explain how the code works below.

In Section 1 the code uses sessions to determine whether a user is logged in. Our session variable is "$_SESSION['auth']" and we assign to a value of false or 0 which means that the user is not authorized to view the page.

Section 2 checks to see if the form was submited and then if the password is equal to "lol". If the password is equal to "lol" then our variable changes to true or 1.

Section 3 checks to see the variable is equal to 0. If it is equal to 0 then that means that the user has not logged in and so we need to login screen to be shown.

Section 4 checks to see if the variable is equal to 1. If it is then that means that the user is logged in and then is allowed to see the other content and so it is shown.

Remember that this script is basic and many more features could be added including security. This is just so you understand how it works.

Code:
<?php
//Section 1
session_start();

$_SESSION['auth'] = 0;

//Section 2
if (isset($_POST['submit']))
{
    if ($_POST['password'] == "lol")
    {
        $_SESSION['auth'] = 1;
    }
}

//Section 3
if ($_SESSION['auth'] == 0)
{
    echo
    ('
<form method="post">
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
    ');    
}

//Section 4
if ($_SESSION['auth'] == 1)
{
    echo
    ('
<b>This is our secret content. You can use HTML codes here also.</b>
    ');
}
?>
Reply
#2
Thanks for this . Will be useful
Reply
#3
(07-06-2010, 04:01 PM)PurpleHaze Wrote: This login does not use a database so the password is in the code which is "lol". Since it is server sided no one can right-click to view password.

I'll explain how the code works below.

In Section 1 the code uses sessions to determine whether a user is logged in. Our session variable is "$_SESSION['auth']" and we assign to a value of false or 0 which means that the user is not authorized to view the page.

Section 2 checks to see if the form was submited and then if the password is equal to "lol". If the password is equal to "lol" then our variable changes to true or 1.

Section 3 checks to see the variable is equal to 0. If it is equal to 0 then that means that the user has not logged in and so we need to login screen to be shown.

Section 4 checks to see if the variable is equal to 1. If it is then that means that the user is logged in and then is allowed to see the other content and so it is shown.

Remember that this script is basic and many more features could be added including security. This is just so you understand how it works.

Code:
<?php
//Section 1
session_start();

$_SESSION['auth'] = 0;

//Section 2
if (isset($_POST['submit']))
{
    if ($_POST['password'] == "lol")
    {
        $_SESSION['auth'] = 1;
    }
}

//Section 3
if ($_SESSION['auth'] == 0)
{
    echo
    ('
<form method="post">
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
    ');    
}

//Section 4
if ($_SESSION['auth'] == 1)
{
    echo
    ('
<b>This is our secret content. You can use HTML codes here also.</b>
    ');
}
?>

This will come in handy once I edit a CMS Im editing. Thank you.
Reply
#4
Handy script , Try to add some more useful tricks to keep this thread alive
Mad
Reply
#5
By any chance, is this possible to trick/break?
Reply
#6
There are tons of security authentication systems in php avalable free on interbet
Reply
#7
(08-25-2010, 04:30 AM)`P R O D I G Y™ Wrote: By any chance, is this possible to trick/break?
you could probably hijack the session.
Reply
#8
It's better to set a cookie

PHP Code:
setcookie("auth"1,  time()+3600); 

Close browser=destroy session. Use a cookie keeps them logged in that one up there lasts an hour.
(11-23-2010, 08:40 PM)Guest Wrote: Alright, did the 'Support' get removed from SupportForums?
You're not a good Emotional Helper.
Reply
#9
Thanks for the find, this will be used.
Reply
#10
Yeah dude good tut, but its easy to crack tho...
[Image: spring.png]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  PHP Framework List: An Ultimate Guide to 102 PHP Frameworks for Web Developers tk-hassan 0 936 07-27-2020, 11:26 PM
Last Post: tk-hassan
  [PHP] Very Basic Login Page BreShiE 17 7,918 07-11-2013, 05:57 AM
Last Post: 1n9i9c7om ツ
  [SF Coders] Password Generator ★Cooldude★ 8 3,104 12-07-2011, 12:42 PM
Last Post: ★Cooldude★
  PHP Video Tutorials (PHP For Beginners) Eleqtriq 4 3,660 10-10-2011, 01:00 PM
Last Post: Greyersting
  PHP error on page submit kaosjon 7 2,709 09-18-2011, 03:31 AM
Last Post: AceInfinity

Forum Jump:


Users browsing this thread: 3 Guest(s)