Password Protection example

[zubrag]

A lot of requests for more detailed description on how to setup password protector. Will do my best to clarify.

Download password protector to your local computer.

Unzip files from downloaded zip archive. You'll get password_protect.php.

Open password_protect.php in your favorite editor. You'll see following section inside:

Code:

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'admin' => 'adminpass'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);

##################################################################
#  SETTINGS END
##################################################################

Update this section according to your needs. You can add/delete users in this section.
By default it is setup to grant access for two users:

User: zubrag
Password: root

User: admin
Password: adminpass

After you updated settings, save password_protect.php somewhere on your hosting server.
Lets say your website address is http://www.haveahobby.com, and you saved password_protect.php in /htdocs/protector/ folder

Open your browser, and type your site URL + path to the password_protect.php?help
In our example it would be: http://www.haveahobby.com/protector/password_protect.php?help

It will output something like
<?php include("/home/haveahobby/htdocs/protector/password_protect.php"); ?>
This output is a protection code which needs to be added to every php file you want to protect.

Lets say you want to protect your existing file named members.php.

You open members.php in your favorite editor, and add protection code at the very beginning of the file.

Lets say before update your members.php was:

Code:

<?php
echo "This information needs to be secured. Members area. Only members should be able to access it";
....
?>

After update it would look like (we added protection code at the beginning):

Code:

<?php include("/home/haveahobby/htdocs/protector/password_protect.php"); ?>
<?php
echo "This information needs to be secured. Members area. Only members should be able to access it";
....
?>

We secured members.php.

Now open your members.php file in browser. It should show login/password prompt.

Add protection string to every php file you want to protect.


Tip: if you want to protect html file, and your hosting supports php, then you can rename your html file into php file, and use password_protect.php as described above.

For example you want to protect sensitive-info.html.
Rename it to sensitive-info.php, and follow steps above.

Related links:
- implementing login form into site design
- adding logout link
- password protect pdf, doc, ppt, etc.
- Advanced Password Protect - supports signup, password reminder, redirect after login, header/footer templates and more
- Password protect HTML

[psp]

thank you.
Very simple and easy to understand...great script

[badgirl]

Thank you so very much for writing this script and for making it so easy that even I could understand it.  It worked perfectly, and I am using GoDaddy.  I was even able to put it right into a the look and feel of my website. And my site uses CSS.  If anybody needs help with getting it to work for them, just let me know.  If I can do this...anybody can do it.  :-) zubrag you totally rock!

[jon novello]

This looks great, but I'm curious -- how secure is this?  I have a client that wants a password protected page linked from his website, where he can direct users to go to and download his software.  I don't think he needs it to be super duper secure, but knowing that it's basically not all that hackable would be nice.

Thanks.

j

[sarahb]

Hi,

Will this password protect php script work on a Windows IIS server?  That's were my site is located.  The script looks perfect, but I know nothing about programming so wondered if I will have any problem placing it on this type of server.

Thanks,
Sarahb

[xtianbraun]

Hello everyone!

I tried this, but it doesn't work for me... 

http://www.redlatinoamericana.com/web/intranet.php

Can anyone help me? Thanks!

[laquintain]

hello i was wondering if i could yous this for yahoo geocites?I have the free version and i want to pasword protect my blog.I was wondering how i can use this to block people from my blog.

[tejaswi1506]

i am not able to dis.some gateway error is coming after doing                         
"Update this section according to your needs. You can add/delete users in this section.
By default it is setup to grant access for two users:

User: zubrag
Password: root

User: admin
Password: adminpass

After you updated settings, save password_protect.php somewhere on your hosting server.
Lets say your website address is http://www.haveahobby.com, and you saved password_protect.php in /htdocs/protector/ folder

Open your browser, and type your site URL + path to the password_protect.php?help
In our example it would be: http://www.haveahobby.com/protector/password_protect.php?help" step.........................please help me........help me to make my site password enabled

[PhilippeT]

500 phpwrapper internal error : ERR_MISSING_CGI_PRIVILEGE (45)

No matter what I do, I'm getting the above mentioned error.

Any Idea where it is coming from ?

http://users.skynet.be/Theunissen_Beniest/password_protect.php?help

Best regards

[jenmca]

I have carefully followed all the instructions on how to get the password protect script working but when I enter the address of the protected page it comes right up, the password is not required to see the page.  Could I be missing something? I put the password_protect.php file on my server, changed the username and password and added the line of code needed to protect the page to the very first line like required. Any ideas?

Jennifer

[eitsfan]

I'm having the same problem as jenmca. I'm also no expert at this so I'm probably doing something wrong, but I can't figure it out! Any help would be gratly appreciated!

Chris

[fluorescente]

Thank you very much
It works nicely but I try to connect it to a database with no success
You told on the comments we should change this:

$LOGIN_INFORMATION = array();
while ($row = mysql_fetch_assoc($result)) {
$LOGIN_INFORMATION[$row['USERNAME-FIELD-NAME']] = $row['PASSWORD-FIELD-NAME'];
}

I made the connection to the database the dreamweaver way (recordset) and it seemed to work. Anyway my site is only password, no user&pass, so I changed your code into:

$LOGIN_INFORMATION = array();
while ($row = mysql_fetch_assoc($result)) {
$LOGIN_INFORMATION[$row['USERNAME-FIELD-NAME']];
}

All with the names from my site, but it doesn't work.
What can be? Please help me
My code after other try was:

$LOGIN_INFORMATION = array();
do {
   $LOGIN_INFORMATION[$row_contras['pass']];
    } while ($row_contras = mysql_fetch_assoc($contras));

It didn't work either...
I left it like this:

$LOGIN_INFORMATION = $row_contras;

It only takes the first password from the table of my database.. so I only have one available password by the moment, since I don't know what more to try in order to it takes all the passwords from the table

Thank you VERY much

[fluorescente]

Ok! I didn't read properly.
I had to put the password name from the form and the row name from the database

$LOGIN_INFORMATION = array();
do {
   $LOGIN_INFORMATION[$row_contras['access_password']] = $row_contras['pass'];
    } while ($row_contras = mysql_fetch_assoc($contras));

Anyway it doesn't work. Now it only takes the last value from the database

I tried this:
$LOGIN_INFORMATION = array();
for($i=0; $i<$totalRows_contras; $i++){
   $LOGIN_INFORMATION[$row_contras['access_password']] = $row_contras['pass'];
}

And it only takes the first value. I hope you can help me to understand it
Thanks
What happens? Thanks

[-dhi-]

Hi!
I follow your instructions but it didn't want to work!
I have this error:
"Warning: Cannot modify header information - headers already sent by (output started at /var/www/save.php:9) in /var/www/protector/password_protect_page.php on line 165"

what does it mean?
I really don't know what to do!
Please help me
Thank you!
Sorry
I didn't read your post about it, now I don't get any problem with that warning
but, I still have another problem, I put "save.php" (the one that I want to protect) on the root folder, and put my "password_protect_page.php" on the protector folder.
But then, when I tried to open the save.php, there's nothing on that page, BLANK.
what does it mean?
please, help me
thanks