PHP - Password Protect a page *FIXED*

madjamonline · Post by **madjamonline** » Wed Dec 05, 2007 5:03 pm

Hi there,
I know everyone likes using the password protect extension but that is not very secure. This PHP code can be used to secure your page.

There are two ways you can do it. Make sure that on both of them, you set each of the page extensions to PHP!

If you want to protect more than 1 page and you don't want the user to keep entering the password, use this way.

Insert this code in the pages you want protected.
Enter it in the Start of Page area.

Code: Select all

<?php
$password = "enter your password here...";
$bad_page = "enter the page that the user will be redirected to if it is a bad login.";
if($_GET["cmd"] == "verify")
{
if(!($_GET["password"] == $password))
{
header('Location: '.$bad_page);
}
else
{
session_start();
$_SESSION["loggedin"]="true";
}
}
?>

Now enter this in the start of body section of your page.

Code: Select all

<?php
// EDIT THIS BIT AT YOUR OWN RISK
if($_SESSION["loggedin"] == "true")
{
?>

Now enter this in the end of body section of your page.

Code: Select all

<?php
// EDIT THIS BIT AT YOUR OWN RISK
}
if(!($_SESSION["loggedin"] == "true"))
{
// Edits allowed
?>
<font face="arial" size="2">A password is required to access this page.<br>
Please enter the password below.<br>
<form action="<?php echo $_SERVER['PHP_SELF']?>">
<input type=hidden name=cmd value=verify>
<input type=password name=password>
<input type=submit value=Enter></form>
<?php
}
?>

If you only want to protect one page,
use this code.

Insert this code in the start of your page:

Code: Select all

<?php
$password = "your password...";
$bad_page = "incorrect password page...';
if($_GET["cmd"] == "verify")
{
if(!($_GET["password"] == $password)
{
header('Location: '.$bad_page)
}
}
?>

Now enter this bit in the start of body section:

Code: Select all

<?php
if($_GET["password"] == $password)
{
?>

Now enter this in the end of body section of your page.

Code: Select all

<?php
// EDIT THIS BIT AT YOUR OWN RISK
}
if(!($_SESSION["loggedin"] == "true"))
{
// Edits allowed
?>
<font face="arial" size="2">A password is required to access this page.<br>
Please enter the password below.<br>
<form action="<?php echo $_SERVER['PHP_SELF']?>">
<input type=hidden name=cmd value=verify>
<input type=password name=password>
<input type=submit value=Enter></form>
<?php
}
?>

If there are any problems, please say so!

madjamonline · Post by **madjamonline** » Sun Dec 23, 2007 7:20 pm

I am sorry.
It works ok for me.
Did you check all of the codes?

Make sure you publish the page. The code will not work in preview mode.

If you do encounter problems, don't be afraid to say about them?!

bjlolmaugh · Post by **bjlolmaugh** » Mon Feb 23, 2009 4:58 pm

Question: Do I use both sets of codes (1 page password and multipage password)? Or do I have to choose which set of codes to use?

madjamonline · Post by **madjamonline** » Wed Mar 11, 2009 9:44 pm

bjlaird wrote:Question: Do I use both sets of codes (1 page password and multipage password)? Or do I have to choose which set of codes to use?

I don't quite understand...

madjamonline · Post by **madjamonline** » Wed Mar 11, 2009 9:46 pm

brassnugget wrote:Am attempting to use above password protection for more than one page. Generally works well but get asked for password on every page - doesn't seem to recognise that I am alreday logged in.

Any thoughts on what might be causing this?

Thanks

This code was posted soo long ago I have forgoten but when reading it the session should be in tact. REMEMBER: (I didn't mention this!) The pages need to be in the same directory for it to remember the session!

I am working on an advanced MYSQL members system as an extension now so that will be a lot better!

www.wysiwygwebbuilder.com

PHP - Password Protect a page FIXED

PHP - Password Protect a page FIXED