Free php and cpanel scripts to automate your daily routine

Free PHP Scripts :: Advanced Password Protect

Password protect web pages by adding one line of PHP code to the page source. Script will show login form to protect content from unauthorized access. Includes login form, signup form, password reminder, and user management page for admin. Uses flat file database, no MySQL required. Can be set up to redirect after successful login.

  • Update settings.php to match your needs (admin password, login form, signup form, and reminder form settings)
  • Upload password protector (all the files from the package) to your server
  • Set write permissions on users.php (users list file)
  • Open User Manager manager.php in your favorite browser (it will prompt for admin password from settings.php). You'll see:
    • Logout link
    • Protection string to be added at the top of each page you want to protect
    • List of users (Username, Password, Email, Redirect URL)

How to protect a webpage:
  • Add protection string (available on User Management page) to each php page you would like to protect, at the very beginning of the page source (it must be the first line).
  • For example you want to protect page members-only.php.
    • open source code of the members-only.php in your favorite editor
    • add the protection string (see above on how to get the protection string) at the beginning

How to link to login form:
You can add a link to login form from on any of your pages.
If you saved password protector in "protect" folder on your server, sample html code for link would be:
  <a href="http://www.example.com/protect/login.php">Login</a>

How to link to signup form:
You can add a link to signup form from on any of your pages.
If you saved password protector in "protect" folder on your server, sample html code for link would be:
  <a href="http://www.example.com/protect/signup.php">Signup</a>

How to link to password reminder form:
You can add a link to password reminder form from on any of your pages.
If you saved password protector in "protect" folder on your server, sample html code for link would be:
  <a href="http://www.example.com/protect/reminder.php">Password Reminder</a>

Note: login form, signup form, and password reminder form have its own header and footer templates. Find more information about password protector advanced on the forum.

Download Advanced Password Protect


November 16, 2007
is there a way to approve registration when a new user uses the signup form
dedi November 16, 2007
this really really good script :) thanks anyway.
frank November 20, 2007
john December 3, 2007
I added the protection string to the very first line of my php file code as suggested, but when i try to access the page with that code i get the following "Cannot find users list!" What am i doing wrong or is this a bug.
tim December 14, 2007
I get the same "Cannot find users list" error.
http://www.parisnajd.com December 15, 2007
thanks it's great
Ryan December 16, 2007
This is an amazing script!
Also, thank you for the great documentation. It helps while problem solving.
tim [anti-spam] highestpraisetabernacle.org January 19, 2008
Will This script protect a .html page?
January 27, 2008
This is really a great script.
Thank you by clear documentation.

Luiz Carlos
hypocrite420 [anti-spam] rediffmail.com January 28, 2008
Great,but notcompleted at all- i think so.
March 5, 2008
after the user sign up to viewed protected page. Everytime they come back, they need to sign up again.. how do i make that so, user no need to sign up again and again.
BTW. This is nice script.

sam March 5, 2008
Is anyone figure out how to fix that cannot find user list errors?
Please help.
dreamzdb [anti-spam] gmail.com March 13, 2008
To fix the user list error go into your settings file and change the 9th line from "define('USERS_LIST_FILE', 'users.php');" to define('USERS_LIST_FILE', '../users.php');

** or change it to the full URL of that file location.
dreamzdb [anti-spam] gmail.com March 13, 2008

The above solution will cause problems with the manager.php file.

** Instead: Change line 13 in login.php to read

$users = @file('../' . USERS_LIST_FILE);
daveeee1234 [anti-spam] hotmail.com March 27, 2008
i need a little help . if my site is made of html pages , can i add a few pages of php ? can a site contain both html and php ? would someone like to help me do it ? i already have the html site set up , but i need help to make a password protected page for multiple user accounts ?if you want to help me , add me to msn daveeee1234@hotmail.com i know it isnt much , but ill pay you 25 bucks . please and thank you
rizvishahab [anti-spam] rediffmail.com March 28, 2008
problem in new user's signup
error is :
cannot ad new user in database
rizvishahab [anti-spam] rediffmail.com March 28, 2008
plz. solve my problem

I get the error "Cannot add user to database" error.
lordtrini [anti-spam] gmail.com April 1, 2008
anyone know of something with simular features but with mysql database...
rdl April 25, 2008
how do i set "write permissions" on user.php ???

i am thinking that is the reason why i keep trying to signup and getting the error message "cannot add user to database".

help appreciated!
Tim April 28, 2008
Didn't work. Did everything in the readme.
James May 3, 2008
This is fantastic. Worked right out of the box. Any trouble I had was my own dumb fault. Thank you guys for being so generous with your scripts!
jay-smith [anti-spam] hotmail.co.uk May 7, 2008
hi it works great 4 me but the sign in doesnt work =( can you help please it says "Cannot add user to database" because of "Permission denied in /home/a6348610/public_html/members/signup.php on line 97
" ?????? please help
asheikha [anti-spam] gmail.com May 10, 2008
This is really a good script.

a May 10, 2008
its great but the signup.php has an error on line 97
May 30, 2008
this script rocks. thanks.
June 15, 2008
It would be great if you take the care to provide examples/demo of your scripts.

I even suggest that you make them Commercial with added features, easy support and installation and congrats for your efforts and time in making great scripts.

That's said, being not a programmer or a whiz genius like you, kindly provide whenever possible Simple Easy Steps Help. Thank You.

peter June 21, 2008
can someone post a log out link on here
msbarnabas [anti-spam] gmail.com June 28, 2008
Instead: Change line 13 in login.php to read

$users = @file('../' . USERS_LIST_FILE);

I did this correction for the cannot find user list problem... But even then it isn't working. Please someone help me
west158 July 18, 2008
OMG every single login doesnt work, but this one, OMG it boody works, if i had (seriously - im not drunk) 1mill, i would donate it to this script, i would donate to this site for my life if i could. thanks i have been looking for this type of script for ages and it works
Doofus July 29, 2008
How do I set "write permissions" on user.php ???
August 6, 2008
Has anyone turned on the admin user name for login? If so, how?

For people who have "can't find user list" error - I got around it by putting all files (pages and protection) in the same folder. No code changes needed.
If you are using Filezilla FTP, you can change write permissions by right-clicking the user.php file in FZ.
sssssss [anti-spam] ddd.com August 8, 2008
dex September 3, 2008
is it possible to easy add redirection based on login?

September 5, 2008
added to every page when try to access protected page never loads the page stays on the login page. What's wrong?
beatson September 14, 2008
How do I set "write permissions" on user.php ??? i keep getting cannot add user
redicedesigns.com September 26, 2008

In order for you not to get the "Cannot add user to database" error, you have to change the rights on the actual server, not the PHP files. For example changing it from:
"rw- r-- r--" to "rw- rw- rw-"
mike September 27, 2008
I have a demo website for some testing proposal, and I want visitors of my site to request username and passwords for testing demo. For some security reasons
I need the script should automatically drop the user from user,php upon login.
So when he logout must request for new username and passwords.
Is there any way in login.php to add some code that will get $login and $pass from login form and remove or change their value in user.php
Or perhaps some other solution.

neex1233 [anti-spam] aol.com September 28, 2008
User signup

Fatal error: Using $this when not in object context in /home/thenicow/public_html/123/signup_form.php on line 3

comes up on the register page. What do I do? Tell me at neex1233@aol.com.
September 30, 2008

''!!! Comments posted here will not be answered. If you want to ask a question please post it on the forum.''
October 2, 2008
The following worked for me on the setting page to fix the user list not found error. Just replace with your own servers path.
define('USERS_LIST_FILE', 'C:\\Inetpub\\wwwroot\\apps\\compuware\\users\\users.php');
Shayak Banerjee October 13, 2008
How to protect a web-application from duplicate user log-in, that is logging-in with same username and password, But creating different session's.I think with this a user can violet the basic law's of physics, making more than one request at a time. I've tried many experiment but I was unable to come up with a feasible solution, Please tell me one with which I can protect my web-app from this issue.Send me at: shayak_banerjee@hotmail.com
will October 16, 2008
amazing script
Jack November 16, 2008
can anyone make this script send an email to the administrator when someone signs up?
Evan November 17, 2008
Can anyone tell me why I'm getting this error?

Warning: Cannot modify header information - headers already sent by (output started at /home/bouncear/public_html/southparkmobile/vipaccess/login.php:4) in /home/bouncear/public_html/southparkmobile/vipaccess/login.php on line 96

Warning: Cannot modify header information - headers already sent by (output started at /home/bouncear/public_html/southparkmobile/vipaccess/login.php:4) in /home/bouncear/public_html/southparkmobile/vipaccess/login.php on line 108
Colin November 19, 2008
Ok can someone please help me. When i try to put a new user it says can not add to data base why is this? It also says cannot find user list when i try to log in. One other question: what is the original admin log in?
tommy November 26, 2008
I find it great..but it's a little confusing on how it works. could u tell us or make a place to insert a link to login page and a place to put in the users password because this is confusing
orlandoech [anti-spam] yahoo.com December 2, 2008
Is it possible to add redirection based on user login?

so i.e; XYZ logs in and goes to /xyz.html, ABC logs in and goes to /abc.html
December 10, 2008
Someon can help me with this error?

Warning: fopen(users.php) [function.fopen]: failed to open stream: Permission denied in /home2/pmoreira/public_html/protect/signup.php on line 97
December 26, 2008
I need a script! my site don't accept php files!
acolema2 [anti-spam] gmail.com December 27, 2008
For those that are having the "can not find userlist error", here is what I did to fix it.

I have my files in a serpate folder so I changed the USERS_FILE_LIST definition in the settings php to read:


after that it worked fine. It tells the server to go down a server, then into the ppa folder, where my users.php is stored.

Hope this helps.
dj.danc3r [anti-spam] gmail.com December 27, 2008
This script will work ONLY on PHP.
As the code is supported only for PHP.

If you want to use it on HTML it won't work so contact the host of your website and ask them if they can enable PHP for you.
acolema2 [anti-spam] gmail.com December 28, 2008
Fatal error: Using $this when not in object context in /home3/snapplex/public_html/whatgrade/ppa/reminder_form.php on line 63

Anyhow know how to fix this?
December 31, 2008
only change file Permission to 777
only change file users.php Permission to 777
Antony January 5, 2009
Hi Guys

I can't add more than 50 lines in users.php, no errors, nothing...

Any suggestions?
January 9, 2009
i have this two problem
Warning: Cannot modify header information - headers already sent by (output started at D:\www\t2_index.php:1) in D:\www\password_protect_advanced\login.php on line 67

Warning: Cannot modify header information - headers already sent by (output started at D:\www\t2_index.php:1) in D:\www\password_protect_advanced\login.php on line 79

plz help
confuzion January 11, 2009
hey to anyone having problems make sure u try this,

go to the program you use to upload files, i use cuteftp and after u upload the files right click users.php and click the option called chmod and then check mark write for all 3

this is prob why your having errors, if your using a free website then just give up
confuzion January 11, 2009
if your not chmoding the file that means your not giving the website permission to write to the file when new people sign up
Cris March 15, 2009
Thanks a lot.
Paula Wol March 21, 2009
excellent stuff. This works beautifully, thanks!
Ernst April 9, 2009
for the ppl with user problems: change the path to the same link as you get generated to protect your page's without the login.php" with the users.php'
Dzizys June 1, 2009
It really helps me . thx brothers and sisters...
jyarnold [anti-spam] att.net June 2, 2009
I figured out the redirect based on username, now I'm wondering, does this script have any sort of encryption? By the way, this is awesome!
Bry Gee June 3, 2009
Great Script!!
Having 3 header and footer files, could this go to just one of each and just add a string to the page titles?
ie $title ='Please enter your username';
June 3, 2009
css added and files rearranged

working example http://www.lincolnnational.co.uk/login.php

Will make this available if ok with Zubrag
Davidmsilver18 [anti-spam] gmail.com June 6, 2009
Has anyone figured out how to fix the 'Cannot find users list!' problem???
Bry Gee June 17, 2009
what link do you have in the settings?

you can do a direct link

ie define('USERS_LIST_FILE', '/homepages/42/h45454545459/htdocs/4mysite.co.uk/users.php');

may be the better option than
define('USERS_LIST_FILE', 'users.php');
Pontus June 23, 2009
The question was asked before but I ask it again. How to make users who signed up only sign up once and then they can use their login info to login without signing up again?

bob June 24, 2009
great setup, thanks so much.

one question - is it possible to keep a log of a user's last login?
June 25, 2009
The last version is 1.1 or Password Protect was updated to a more new ?
steve June 28, 2009
help, log out script?????
jan [anti-spam] cmd.com.my July 11, 2009
nice stuff. i will be using this to add to a folder before the user can reach the cubecart 3. see test on www.no1.com.my/shop
Kiesha July 23, 2009
I have cpanel and I went to my files manager. do I go to password protect directories or file manager? and what file do I download it under or to?
linfidel August 24, 2009
Answer to your questions:
* Look up the word "Comment" in a dictionary.
* Post your questions in the forum.

This is for comments. If you can't understand that, turn off your computer now, you are a danger to the internet.

Disclaimer: I have no affiliation with this site, I am just a programmer who is not totally lame.
John August 27, 2009
css added and files rearranged

working example http://www.lincolnnational.co.uk/login.php

Will make this available if ok with Zubrag"



luci_unikatu [anti-spam] yahoo.com August 28, 2009
the script it's great but i want to see the date when the user was registered
qwertyuiop August 30, 2009
thankyou for this!
dean_cochrun [anti-spam] yahoo.com September 9, 2009
Ok for cannot find user list file change these two files

Line 6 from this $data_file = USERS_LIST_FILE; to this $data_file = 'users.php';

From this define('USERS_LIST_FILE', 'users.php'); to this ('USERS_LIST_FILE', 'full/path/to/file/users.php');
radi50 [anti-spam] hotmail.com September 26, 2009
September 30, 2009
gshaun October 6, 2009
hi. wonderful script. does it come with a captcha?
Seanagin [anti-spam] yahoo.com October 15, 2009
Sean park
Seanagin [anti-spam] yahoo.com October 16, 2009
kevin [anti-spam] jmldesign.com October 28, 2009
Hi, I like the script, except that when I log out, I can still go back to the page, so it's really not logged out. Any advice on that?
October 30, 2009
thanks, got it figured out.
one question, i have it set up for each user to have their own page. when i log in as a user, i can easily type in another users page and have access to it. Is there a code or a way to make sure that only that one logged in user has access to only their page and no one elses? maybe a line that excludes everyone except that 1 user to access each page?
drhasan November 1, 2009
Thanks for this script

November 9, 2009
a truely awesome script that works first time. Thank you. Thank you. Thank you. Thank you!!!!!!!
eshanne November 14, 2009
is there any databases i need to add? because i can't login nor signup the form.. help me please..
p759624 [anti-spam] ymail.com November 14, 2009
January 24, 2010
its really good script thanks for it

laltea [anti-spam] gmail.con January 24, 2010
its really cool
but i have problem whenever i entered the password protected page i get message on the top page as
Warning: Cannot modify header information - headers already sent by (output started at /home/derhken/public_html/page39.php:7) in /home/derhken/public_html/login.php on line 101
what can be the resaon
Gary January 29, 2010
This is AWESOME!!!works like a dream!
aiehfi [anti-spam] yahoo.co.in February 7, 2010
Hello! The whole script is working well but I want those who forgot password to get it when they fill "password reminder" file. There is only one space for messaging writing. will the same message reach all. If I write password there, despite having different password for different users, they all will get the same one password. what to do? Please help
bobby February 25, 2010
Great script. Can I add more fields to the sign up form?
Kuhn1996 [anti-spam] Web.de February 27, 2010
March 10, 2010
How can I implement payment option to my php code
CookieMonster March 10, 2010
In manager.php, I see a user.def file name. What do I do with that? I know I need to do something because when I try to log into the manager file on my server, I am getting errors, after logging in to the manager file, in relation to user.def. Can someone please explain how I create this file or what I need to do to stop getting these errors? Thanks!
annasue [anti-spam] comcast.net March 14, 2010
I'm new to this and, so far, it works well. I believe I've edited everything I'm supposed to but when I'm accessing the manager.php and click on "logout", I get this message, even though the file is there in that direcoty:
Web page cannot be found.
linda April 27, 2010
This is really a good script.
May 11, 2010
</div></div><a href="http://zubrag.com">
<div class="commentBox">
<div class="ctitle">I'm new to this and, so far, it works well.
May 15, 2010
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];

$login = strtolower($login);
$pass = strtolower($pass);

Added these simple lines to make it case insensitive. : )
Jason June 10, 2010
Holy crap this was the easiest script to setup. Works like a charm! This is EXACTLY what I had been searching in vain for. THANK YOU!!!!!! Keep up the awesome work!
June 24, 2010
wow. this is great!
PS. if you get a 'Cannot find users list' error, all you have to do, in settings.php, is make the relative path('define('USERS_LIST_FILE', 'users.php');'), and make that the FULL PATH. i.e, 'define('USERS_LIST_FILE', 'http://yousite.com/full/path/to/users.php');'.
rohan4 [anti-spam] aol.com June 25, 2010
Hi ya - this is a great script.
Is it possible to give examples on how to read and write to a Mysql database rather than a flat file?
Signal1100 [anti-spam] yahoo.com June 26, 2010
Hi' i'm so happy
Ayush August 5, 2010
please tell me where to put the code on the page
below <html> or where???
ayush August 7, 2010
what is zend optimiser
how to and where to install it???
Ayush August 7, 2010
dont see the above 2 comments.
i have got it
its a superb script
great one
csa September 21, 2010
thnakx. internet.npok.net
csa September 21, 2010
thankx :D
so :D
BobH (KY, USA) November 25, 2010
A good concept, but without a trouble shooting FAQ it is a waste of time -- unless it happens to work for you right out of the box. Main problem appears to be address issues for websites with multi folders (directories). This needs better documentation -- and the forum does not help much. But thanks, Zubrag, for letting us try before paying for something we cannot use -- as many others do.
rbsuperb December 4, 2010
i been looking for simple script i can use and this really by far are the simpliest and its so easy to install. keep it up Zubrag, its been a great help many many thanks
oneflatfoot January 14, 2011
I keep getting "incorrect password". What am I doing wrong?
Mgreen January 19, 2011
How can you approve a user before allowing access to the protected page?

I would like the user to be able to sign-up and then, I could activate or approve them to access the protected page.
qirrank [anti-spam] gmail.com March 15, 2011
Cool ! I love U !
fcorrea [anti-spam] adyges.cl April 16, 2011
HELP ANY ONE!!! When i put the Protection string to be added at the top of each page to be protected, and try to login, it keep asking for the user and password, it seems it get into a loop
mfischer [anti-spam] x2000club.com April 29, 2011
I was wondering the same thing!
I have made the sign up form a form from allforms.com--NO ADS!!!!

However, that means i have to do it manually...
alhop_2006_2008 [anti-spam] hotmail.com May 2, 2011
i do not understand how i am adding protection string in page i need to protect it ...any one know more about it ...please ???
csa August 14, 2011
I copy from C:/Windows/Fonts/Arial.ttf to D:/apache webserver/www/hiere ist the script, and now its work :D
csa August 14, 2011
The capcha scripts :D
Edwin4christ September 16, 2011
please im having this error from signup form.php im new to php please script is too important for my project. please someone should help me out
error msg:

( ! ) Fatal error: Using $this when not in object context in C:\wamp\www\edwincar\signup_form.php on line 3
Brian G December 5, 2011
A pirce of advice to anyone intending to use this script on multiple sites - instead of pasting the protect include link into the top of every page add a generic <?php /include/secure.php ?> then add the generated protection string into that. If you change anything on your site you only have one file to update.
December 5, 2011
Another tip - only one header and footer needed - the only difference is the page title, just structure your pages like this example using the register.php:

<?php $pagetitle = "Please Register";
require_once('_secure/header.php'); ?>
<h2>Please Register</h2>
<h3>Please enter details below:</h3>
<?php require_once('_register/signup.php');
require_once('_secure/footer.php'); ?>

and use this as the title tag of your header:

<title><?php echo $pagetitle; ?></title>
roll December 22, 2011
How can I protect the whole dictionary with this php? htmls are protected but other content not really
peta January 10, 2012
"How can I protect the whole dictionary with this php? htmls are protected but other content not really" Directory, not dictonary
support [anti-spam] compumiami.net January 14, 2012
I have this site and when I click on login, sometimes the page is in blank, any idea why that happend ?
truth [anti-spam] misconduct.co.za January 25, 2012
You really know what you are doing, well-done! And thanks for sharing.
Amiel Anda February 3, 2012

This script is wonderful
February 27, 2012
Only complaint is that an encoded version of the user_ID and password is stored as a cookie on the client. i was able to change this to a session variable, which keeps all password information off the users machine. any reason why it was not written like this to begin with? nevertheless, this is EXCELLENT, thank you very much. my minor modification was so easy to make given how the code is written and documented. Great contribution.
deforcee [anti-spam] aol.com March 2, 2012
I just implemented the script but I am experiencing what a few others have experienced which is after login all I get is a blank page/window.. Please advise as to what the problem could be??? Thanks!
Bazar6 March 7, 2012
If y'all are having problems you'd be better off asking in the forum. The box on the bottom right says: "If you want to ask a question please post it on the forum."

ZUBRAG: Thanks a ton for this script!!! I used this password protect one side of the page and your contact form with reCaptcha on the other side of the page to request the password (keep things under control). I rarely do PHP, but these scripts and guides are awesome and easy to use/customize!!!
vishwasjagadish [anti-spam] gmail.com July 18, 2012
how set enable or disable buttons from a login page ,depending on the usertype using php.
for instance if(usertype==member) {

plz help me
design_team [anti-spam] uswebsitecreations.com August 13, 2012
<b>Thanks For the Great Script</b>
ali.gelali [anti-spam] gmail.com September 19, 2013
rifdut [anti-spam] yahoo.com November 19, 2013
If cookie is set. the login.php is not showing the form, or redirect to user page.
How to make the login.php is redirected to his page, when user go to login.php page but his cookie is set.

Thanks for your simply powerful program.
December 19, 2013
I am still looking to use a database to generate a user list, any ideas
Skimo March 22, 2014
By far the best password protector I have used. Simple, fast, and easy, this wins hands down.
kinanda21 [anti-spam] yahoo.co.uk April 15, 2014
Brilliant. Very many thanks for sharing this.
deejay871 [anti-spam] hotmail.com April 16, 2014
something i don't understand, if i define 2 user with a specific page, everyone can access all



Connected with login password for test1.php can access to test2php

How to correct this ?
pritam August 8, 2014
hello sir,
is is working but after logout if i click back button then page is showing directly without login prompt
jeff January 10, 2015
Script still works after all these years. Way to go!!!
January 20, 2015
Thanks a lot for this. It solved my problem with password protecting registration page of my site. :)
khantamim51 [anti-spam] gmail.com April 1, 2015
May 4, 2015
I still get "Cannot find users list!" error after trying both fixes (individually) in posts 13 and 14.
Please help!!!
jamie.curd [anti-spam] gmail.com May 31, 2015
Thank you for this, it has helped me SO Much
Ruksana September 29, 2016
Hi, my reminder page is coming up with an error - http://www.premierbusinessclub.co.uk/member/reminder_form.php
s.postema [anti-spam] home.nl December 18, 2016
how to mail out whit the reminder.
smpt settings
weston [anti-spam] inspireddesign.biz March 16, 2017
I'm getting errors about the path and file even though I have the correct path at the very top.Can you help?

Code from manager.php:
<?php include("/home/idprospex/public_html/members2/login.php"); ?>

My index.php page:
<?php include("/home/idprospex/public_html/members2/login.php"); ?>
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>ProSpex Members Area</title>

Warning: include(/home/idprospex/public_html/members2/login.php): failed to open stream: No such file or directory in /home/idprospex/public_html/members2/index.php on line 1

Warning: include(): Failed opening '/home/idprospex/public_html/members2/login.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/idprospex/public_html/members2/index.php on line 1

weston [anti-spam] inspireddesign.biz March 16, 2017
I got it. That file did not get uploaded.
test [anti-spam] test.com June 19, 2018
Works great guys, I have a question.

Sorry if has been asked before, but I was able to find it.

In the $LOGIN_INFORMATION = array the user and pass are plain text, can we stored them encrypted somehow as md5? https://prnt.sc/jwves2

I would appreciate some help, as my skills at this are poor and could not find answers on the net.