Free php and cpanel scripts to automate your daily routine

Free PHP Scripts :: Web Page Password Protect

Password protect your content with Web Page Password Protect by just adding one line of PHP code to your page source. Script will present user with password entry form, and will not let visitor see your private content without providing a password.

Multiple user accounts support, improved security, automatic logout, and manual logout feature.

  • Save password_protect.php somewhere on your server
  • Update it with your desired password or login/password pair. Use any plain text editor to accomplish this step. Sample editors: Notepad (Windows) or vi (Unix).
  • Open script in your browser with "help" parameter to see the line of code to add to every page you would like to be password protected.
    Example: password_protect.php?help

    It will show you protection code to include into your pages. Sample protection code would look like this (yours will be different):
    <?php include("/home/users/htdocs/security/password_protect.php"); ?>
  • Add that line of code to each php page you would like to protect at the very beginning of the page source (it must be the first line).
    For example you want to protect page protect-me.php. Open it for editing, and add the protection string (see above on how to get the protection string) at the beginning. So resulting code would look like
    <?php include("/home/users/htdocs/security/password_protect.php"); ?>
    ... here, at the second line starts your page code ...

Find more detailed description on how to setup password protection script on the forum.

Download Web Page Password Protect


August 5, 2000
Awesome script. i just used it on my site and it works great. really simple to set up.

July 28, 2006
Excellent! Nice and simple, but well worth it!
Mark July 29, 2006
Great script, but it would be ideal if a cookie was set so the user didn't have to re-enter the password when navigating through pages in a directory.
Just a little annoyance, other than that it did its job nicely.

zubrag: Changed script according to Mark's suggestion. Now it supports cookies and requires password only once.
Mark July 30, 2006
Wow, now that's what I call support!

Very well done, thanks a bunch!
Jvuz August 2, 2006
Just a question, can you also add different users?
Jason August 3, 2006
Great script! thanks a bunch! worked perfectly
sundberg [anti-spam] inlife.se August 4, 2006
Where do i put "password_protect.php" ?
Does it need to be put in a secure catalog, maybe outside the webroot?

zubrag: you can place it where you want. Outside the webroot or in a secure catalog would be good. But script will not reveal the password, no matter where it is placed.
FrEaKmAn August 5, 2006
Can we modify this so that we can also include username? I'll try myself but I need help!

zubrag: Added multi-user support. Now Password Protector can either ask password only or login/password pair, depending on settings.
August 6, 2006
How can I get the code to re-direct the user after login (into a subdirectory, for example)?
zubrag August 6, 2006
Ok, you can use this tool as redirector (though it was not designed for this). If you want to redirect to some folder after visitor login, then add following line just before the last ?> line
header('Location: http://www.yourdomain.com/redirection/path/'); die();
August 6, 2006
Thanks! Will try that soon... excellent site, helpful admin!

Thanks again!
dave [anti-spam] sweetser.com August 6, 2006

Your password PHP script looks good and I want to use it at GoDaddy.com, my hosting service. So I created a PHP folder at www.abc.com/PHP

which is where I put the script. However, the example include line starts off with:

How (or if) does "/home/users..." relate to what I need to work with: www.abc.com

In other words, I don't have access to any root folders. From my perspective, everything is based at www.abc.com. Given that, what would the path look like in the include statement? Again, how would a web page point to the PHP script when its location is basically a URL, not an absolute path.



zubrag: In order to get your path for include statement open it in browser passing "help" parameter, i.e.: http://www.abc.com/PHP/password_protect.php?help
It will show you the code to include in every webpage you would like to protect.
Cindy August 8, 2006
I must be really dense - where in the code do I put the include("/home3/marilou/cc-ob-www/elder-connect/password_protect.php");?
And correct me if wrong, I would change password_protect.php to the page name I wish to protect.

Do I put this:
die('Include following code into you pages: <br /><b>include("("/home3/marilou/cc-ob-www/elder-connect/password_protect.php");</b>');
like that?

zubrag: in order to see protection code you should open script in browser. From the code you provided it seems like you invoked it from shell (terminal), that is why it shows a lot of things you would not see when opened in browser. In your case just add include("/home3/marilou/cc-ob-www/elder-connect/password_protect.php"); to a webpage you want to protect.
August 12, 2006
Where do I find the final code you modified to include the login/password pair and the cookie support?

zubrag: Use download link above. All changes are already included.
Gwen August 13, 2006
Where do I put the correct password? Do I add all that code to every page of my website?
Gwen August 13, 2006
I added this code in the HEAD part of the page and it isn't working. Did I put it in the wrong place?

<?php include("/usr/hsphere/local/home/gwen1224/shalitraining.com/password_protect.php"); ?>

do all my pages need to be .php pages. Right now they are .htm pages.

zubrag: Yes, script can only protect php pages.
Gwen August 13, 2006
Okay got it all, looks great, works great. You are awesome!!
Marsha August 13, 2006
I am getting this
Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/.........

Line refers to the cookies portion

setcookie("verify", md5($pass));

what to do ? Everything else is working it's just that line seems not come up with the error.

Can I get the script without the cookies from where should i take off out of the code.

zubrag: this means something goes to output before password_protect.php is run. To avoid setting cookie add // before setcookie so resulting line will be
// setcookie("verify", md5($pass));
Marsha August 14, 2006
Thanks alot for the response, it worked well, I am so happy!!!
PaulM August 15, 2006
I have a similar problem to Marsha. I get the "Warning: Cannot modify header information - etc" referring to the style line that precedes " input { border: 1px solid black; }".

I am sooooo close to having this working perfectly.
zubrag August 15, 2006
try putting your protection string at the VERY BEGINNING of the file in following format:
PaulM August 15, 2006
I don't have a problem with the protection string. That seems to be working fine.

My problem is in the password_protect.php file that I have named index.php. As I downloaded it, after filling in the password you are just left with a blank page. I wanted it to then redirect to a page called index2.php. The PHP header command won't do that because it cannot have anything else written to the screen first.

How do other people use this script?

zubrag: Script was not designed to redirect, but it may redirect after login if you add the PHP "header" command like mentioned in comments above.
Main purpose of the script is protecting information on php pages. In order to protect web page you need to change that webpage source code (add protection string). If you need to protect few php pages then add protection string to each page. Please refer to "Usage" section at the top of this page for details.
Dhani August 17, 2006
Can you please include the options for "logout". Like having the logout button or something?
Dhani August 17, 2006
And one more thing, can I specify one page just for one user in user list array?
Dhani August 17, 2006
what I mean, one page to protect just one user from the user array list who can access it?
zubrag August 17, 2006
This script can protect only on page by page basis. So if you want to grant access: user A - webpage A; user B - webpage B, then this can be accomplished as follows. Copy password_protect.php to protectA.php, and include protectA.php in webpage A. Copy password_protect.php to protectB.php, and include protectB.php in webpage B. In this way you will be able to give user A access to only page A, and user B will only be able to see page B.
Dhani August 18, 2006
and how about the logout options?

this script is what I need, one more thing is the options to include the logout procedure...

zubrag: It will auto-logout when browser window is closed. Adding logout button/link is not so obvious... Will need to think on how to implement it so that it worked good for everybody.
August 20, 2006
How could I set this up to protect my blog (powered by simplephpblog) on my home server running Abyss Web Server?
Filthio August 21, 2006
Congrats on an awesome script. And so easy to use. I had the same problem as Marsha, with "Cannot modify header information". However I did as you suggested and put the include right at the very start of the document. It worked perfectly. Thanks.
Andr August 22, 2006
I'm getting two errors;
1) Cannot modify header information...
I uncommented the setcookie thing, and the error was gone.
2) Fatal error: Cannot redeclare showlogin() (previously declared in /home/bla..bla..bla../admin/password_protect.php:108) in /home/bla..bla..bla../admin/password_protect.php on line 108

The line goes like this;
function showLogin($error_msg)

Any idea?
Andr August 22, 2006
Too many include files I guess.
zubrag August 23, 2006
Andre, seems like you are including it few times in one file. Unfortunately our programmer is currently not available, so I slightly updated script myself. Please download new version. If it does not work for you then please check back in few days.
zubrag August 23, 2006
In order to protect your blog (powered by simplephpblog) you'll need to find some file which is included into all blog pages (this is usually some settings file), and add protection line to that file. Unfortunately I'm not familiar with simplephpblog, so cannot give you more details.
Dhani August 24, 2006
how about adding some parameter into the page.php script that passing the parameter into functions in the included password_protect.php, like:


ps: sorry if I so much to ask, but Im not good enough on PHP... thank you in advances...

zubrag: Nice suggestion Dhani! Thanks. We'll add it on Monday.
Gwen August 26, 2006
Okay, I accidentally overwrote the password_protect php file and can't figure out how to have it ask only for a password and then where to put the password I selected.

zubrag: open password_protect.php in editor. Find SETTINGS START section. If you want to ask password only then USE_USERNAME should be set to false: define('USE_USERNAME', false);

and update passwords array to what you need. Below I'm allowing access with two passwords: root, and adminpass

Burke August 27, 2006
Trying to build the $LOGIN_INFORMATION array from a MySQL database.

This builds the string correctly:

$unpw = $unpw."'".$username."' => '".$password."', ";

then srtip the comma from the end

$unpw_array = rtrim($unpw, ' ,');

$LOGIN_INFORMATION = array($unpw_array);

But it doesn't work. The $unpw builds correctly but when it's added to the (array) it does not work.Do you need CR/LF at the end of each entry?

zubrag August 28, 2006
Example on how to do it based on MySql (this code is not working as is, needs changes to connect to database, and to match your database table/fields names):

$result = mysql_query($query);

while ($row = mysql_fetch_assoc($result)) {
August 29, 2006

First of all, a great script - just what I was looking for! However I am having a little difficulty.

I have placed the file "password-protect.php" in "", and when I browse to it I get the prompt to enter a login and password. Instead I change the address to "" as directed. However, the page doesn't give me the include address, just "Include following code into every page you would like to protect, at the very beginning (first line):".

Apache and php are up and running on my machine (OS X), as can be confirmed by opening other php pages on my machine. Have you got any suggestions as to where I'm going wrong?

Many thanks, Chris

zubrag: Fixed. Please download it again. Thanks for your help!
August 30, 2006
Works like a dream now. Thank you very much for the script and prompt reply.

sarkarsweet [anti-spam] gmail.com August 30, 2006
Hi Zubrag, Thanks for the simple but useful free programme that I have been looking for use.
However, I downloaded it, but do not understand what do I need to do use it for a particular page - only with Password (without any log-in) by spl friends using my Homepage. I viewed the write-up using notepad, but am unable to proceed further! (needles to mention my amateur status).
Will appreciate advice - my e-mail is: sarkarsweet@gmail.com
All the best - Ashit Sarkar (Bangalore)
sarkarsweet [anti-spam] gmail.com August 30, 2006
Further to my earlier msg I have noted that Updating can be done to the file . However, what I cannot figure out is how to:
"Open script in your browser with "help" parameter to see the line of code" - as instructed.

I use Firefox, and the help button is of no help about 'script'! Obviously, I am floundering...

Thanks - Ashit.
ronatola September 1, 2006
hmmmm...this is exactly what I am looking for but...
Like a pervious post, I am using godaddy to host my website. I ftp'd in and created a php folder and dumped the password_protect.php file there. However, when i open the http://www.1234.com/php/password_protect.php page i get a 404 page.
Any ideas? Does my host need to activate php somehow?

Ronatola September 1, 2006
http://www.1234.com/php/password_protect.php comes up as all text and http://www.1234.com/php/password_protect.php?help comes up 404
zubrag September 1, 2006
Ronatola, if it comes up as text/404 then you have no php support enabled. And this tool can only protect php files. Contact your hoster, maybe they want php files to have another extension, like php3, phtml, etc. If they does not support php then you'll need to password protect with JavaScript. We are going to develop such solution in few weeks.
Nils Ingvarsson September 6, 2006

For a PHP novice like me, this script saved my day! Works like a charm. Easy to implement with the provided instructions. And thank you Zubrag for keeping it free. Good job!

For people interested in design, this script is easily implemented in your current webdesign. (It need some tweaking to validate as XHTML though.) Just replace the HTML code in the password_protect.php file with your own. This way you can customize the login page any way you want. Remember to keep all PHP and META code ;)

Here's my try: http://www.utblas1.se/formedlemmar.php
It's in Swedish, but you see what can be done.

Best Regards
Nils Ingvarsson
Jnkping, Sweden
lost September 15, 2006
I am trying to use this code for a blog, and am a real ameteur. What's the best way?
Terry September 17, 2006
This script can be used only to php pages? I have html pages on my site. How can i convert them to php?
September 19, 2006
Thanks you, Work Great.

September 20, 2006
why doesn't the password work except for the last line in the code?

'' => '123456',
'' => '654321',
'' => '789456123'
Claire September 21, 2006
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $kay=>$val) {
if ($_COOKIE['verify'] == md5($val)) {
$found = true;

In the fourth line it says $kay for the array. Should this be $key?

I am just learning php, so am not sure.

September 21, 2006
it still doesnt work
Brian September 23, 2006
I was wondering if there would be a way to save the login in the cookie so that you could access the cookie and know who was logged into the system. Is there any way to do this?
September 25, 2006
you rule. all i found was apache .htaccess stuff and thot "why isn't there something simple like (insert your beautiful script here)?" thanks for sharing, the world is a better place for it.
Parag September 25, 2006
Well done. You script rules!
Short, well-scripted, tidy and does the job fine and easy to use.Thanks for coding/sharing it.
Plz delete this entry if you want to so that other can find support easily.
jack886 [anti-spam] gmail.com September 27, 2006
The password protected page is stored in a sub-directory, when I test to click that protected page, it just go in directly without asking login name and password, what can I do about it? Is this correct? <?php include("/home/stingyan/public_html/password_protect.php"); header('Location: http://www.the-speedperformance.com/products/A-BV01.php'); die(); ?>

Please advice, thank you a lot!!

Beezer September 27, 2006
After I unzip the file it saves it as Microsoft Picture It! file.
Doesn't look like anyone else has this issue. What program do I need to open the file correctly?
Beezer September 27, 2006
I was able to open the file with Edit Plus Text Editor. Thanks.
Junaid September 29, 2006
Junaid September 30, 2006
the script is working perfect for redirecting .html pages but it fails to redirect to a php page
Niyi October 8, 2006
Nice script...thanx for sharing.

How can I use this script with php/mysql database login array. The example above is not really explanatory enough for a novice like me. Thanks
nisha October 10, 2006
zubrag can you please help by writing ftp creator script also? plz plz
surveyjon [anti-spam] westnet.com.au October 10, 2006
Just a slight problem.

Trying to protect 2 pages with different passwords. Have set up seperate protect pages but once one password is entered, both pages are accessible.
Ellen October 11, 2006
What if I don't want to enable the cookie? What code do I change? I'm only using it on one page in my site.
Squid October 11, 2006
surveyjon, i would add at line 105 this... $gpg = $_GET ["gpg"]; and add to the all the cookie information md5 ($val.$gpg) Lines 118, 133. Then when you call the file use <?php include ("path/to/file/password-protect.php?gpg=XX"); ?> I have not tried this yet, but it should work for multiple pages with different codes.
jerome.law [anti-spam] ipsolutionsltd.com October 25, 2006
Many thanks..this is so sweet. Now I want to try to protect my documents. Can I use the same way? Thanks. Jerome
BigGoga October 28, 2006
Very good and usefull script!!!
I have developed it a little. My version bans users IP after 3 uncorrect passwors input. Last banned address is stored in a text file.
If someone is interested in it. I can share my work :)
November 2, 2006
how do I include the password list to accept?

zubrag: open script code for editing in some editor (like notepad, vim, etc.), find SETTING START section, and update it according to comments in the header.
andrew.vos [anti-spam] gmail.com November 8, 2006
why doesn't the password work except for the last line in the code?
I am having this problem too!!

zubrag: Documentation problem. List only passwords when usernames are not in use, like shown below
'my password'
alexcie_larry [anti-spam] yahoo.com November 10, 2006
Hi Its a Great Script you have But i have one question.. I use FRONTPAGE @))# to edit my site can i use your script to protect pages?? Thanks very much
November 15, 2006
Can we use PHPSESSID to protect the pages?
This suggestion is a alterative to the current Cookies Protection.
Emma November 16, 2006
Hi, I must be having a blond moment sorry. Where do I change the password and username to what i want? Is it: I tried but it didn't work.

'zubrag' => 'root',
'admin' => 'adminpass'

November 18, 2006
Hi I set this up it looks like it's working but it will not accept any passwords? with no changes to the script I assume the default is.
doug.turner [anti-spam] nadel.com November 21, 2006
Fantastice script! is there away to set the password to any number between two specific numbers. I need the script to let in multiple users. Thanks
frankkthetank [anti-spam] gmail.com November 26, 2006
Ahh, I'm sorry, I have no idea how to do this.
Could it be explained easier to me?
Thanks in advance
December 3, 2006
Great script Zubrag
Nice and simple
Just a couple of quick questions

Can it be changed to prtect html files or do I need something different? I know this has been asked already but saw no answer

Is it possible to restrict the number of times the user has access? EG. I set it up on a page which outputs codes, but how do I alter it so if the user wants to get more codes, they need to contact me again/re-purchase

December 6, 2006
You can convert an html file to a php file in most cases simply by saving it as a php file in dreamweaver. (Maybe frontpage too, although i'm not sure about that).
fred [anti-spam] lentjes.com December 14, 2006
I an't get the script working. Where do I put the username and where the password?
Jake December 14, 2006
I put this on a Journal Entry Form that I have and I type in the username/pass just fine, type my journal entry, but then when I hit submit, it brings me back into the the login page, then I have to type in username/pass again and then it submits my journal entry. Anyway to change that?
Jake December 14, 2006
Delete my comment. I put the line of code in front of when it should have been at line 1, missed that part. Sry.
sales [anti-spam] prismimages.net December 17, 2006
hi i dont have a clue in the slightest with php but i have a few pages on my site and i want the user to be able to login and depending on their username or password depends on the link that it goes to. say the user name is cat it will go to cat1.php and if it is dog it will go to dog1.php

i cant find anything that can do this without using mysql.

sales [anti-spam] bradfordtradecentre.co.uk December 19, 2006
hi i am trying to secure a admin folder in my ftp how do i do this ive tried putting the script in the folder but its not working
Luke December 19, 2006
You must be the smartest PHP Programmer on earth. Why didn't anyone think of this before??? I've been looking for this exact script since php3... Thank you, thank you, thank you!
Frank December 20, 2006
Simple but awsome ....
A magnificent work
contact [anti-spam] digitalsun.us December 26, 2006
Great Script! Thank you!
Just one question. I get this error: Warning: Cannot modify header information - headers already sent by (output started at /home/content/j/a/n/janepark/html/uploadScript/fileUpload.php:3) in /home/content/j/a/n/janepark/html/uploadScript/password_protect.php on line 120.

how do i fix this?
Greco December 28, 2006
I have never used PHP ... But this script sounds fantastic!!!
I have renamed the HTML page as PHP. Will it work?
January 4, 2007
How would you get directly into this page without the popup? Straight from URL?

http://yourwebsite/page username=? password=?
Amanda January 4, 2007
Thanks for this script. It works with Frontpage, I just changed the file extension on an already created .htm page to .php and it works like a charm. So easy!
Tom January 5, 2007
After logging in with your script,
I cannot log out. Neither: include (password_protect.php?logout) nor
setcookie("verify",' ') worked. Once
logged in, I can then always see the protected form. What am I doing wrong?
Many thanks.
lafhog January 7, 2007
Great script Zubrag
Short and simple
Just one quick question
is it possible to password_protect a Folder or Dir, to just display that folder and all its files.
January 10, 2007
that is perfect!!!! thanks a lot
January 10, 2007
Hey This thing is great But, I inserted the code to my page and it worked the first time, but it doent work any more. Please Help. It just shows a white screen instead of the Password log in form
Regulus January 13, 2007
It's a great script, exactly whay I am looking for. But just wondering if the number of paswords you can include on the script can be unlimited or not. I intend to include as many as 45,000 passwords on the script. Is this still possible?

Thanks for the great work on the script
January 15, 2007
Great script! It works perfectly. Thank you so much!!!
jerboyd [anti-spam] sympatico January 17, 2007
hi. thanks for this script. i am using it to protect a members only area of my site but i would like to have two levels of security. so some pages are available to anyone who logs in and some are abailable to people who log in with a second security level. is this possible? also how can i have a form for a user registration. thanks for your time
admin [anti-spam] egold-biz.info January 18, 2007
Hi, did I get it correct - that this script will only work to protect php webpages. So I cannot use it to protect my page if it is written in html?
Ange January 26, 2007
Holy cow! I am not a programmer, but it worked perfectly for me. Thank you thank you thank you!!!
January 29, 2007
Great programming!
JBone ~ Majerwebs January 29, 2007
Script is perfect
florence January 30, 2007
Thanks you, Work Great. And you're great

Flo, from France
rscott [anti-spam] nwdusa.com February 1, 2007
Big Goga,

Would really like to see what you had done for the reject IP address after 3 incorrect password attempts.


Anyone modify this to use Session ID rather than cookies???


Great Script. The awesome functionality lets us breathe a little easier here...

Shawn February 6, 2007
I've tried to edit the cookie portion out of the script to no avail. I would like the script to always require the user to provide a username and password. Some way to easily comment out or disable this feature.

Thanks, for a great script!
azearly February 13, 2007
Using password only, can only enter 3 passwords out of 4 that i want to use.
How do i get the forth password to validate?
maurinet February 15, 2007
Zubrag: this script is awesome! Thanks a whole lot!!!
Small question: is there a way to protect a folder with this same script? (I'm using it for a webpage with pictures, and it works gerat, but somebody can still write the address of the directory and access the photos).

Thanks in advance,
Werewolf_NC February 16, 2007
I can't put in my own name and passwords into the script. If I change anything in the password_protect.php script the login page won't load at all. Am I doing something wrong for the name and password?
February 19, 2007
Thanks it worked well but It would be great if you also made it so you could make an option for no cookies.
February 23, 2007
How secure is this please? I really love the simplicity of it, just want to know that it is safe.
fallen_angel February 27, 2007
Excellent script! Works flawlessly! Kudos to Zubrag.

This can be used on htm/html pages if you add a handler into your .htaccess file -

AddHandler application/x-httpd-php .htm .html
March 4, 2007
wow, great code -- you just made my life a lot more simple, thanks!!
March 11, 2007
Very clean. what else can I cay?
cate March 12, 2007
this is an amazing code ! clean, easily customizable, etc. perfect.

is there any way to clear the cookie once a user navigates away from the server, so they have to re-enter it the next time they come back?

like, say my site was site.com. when i leave site.com and go to blah.com, it stops saving the cookie so when i return to site.com, i have to enter the password again.

thanks !
Lew March 13, 2007
Zubrag; Great code. Thanks for your efforts. It really helped me out. Its coders like you who make the web work.
Noswombat March 14, 2007
Thank you soooooooooo much......I used it for .htm pages and it worked a treat
osourcem March 14, 2007
i've got some problem as others:
Warning: Cannot modify header information - headers already sent by (output started at /home/blabla/domains/blabla.com/public_html/apsauga/testas.php:2) in /home/blabla/domains/blabla.com/public_html/apsauga/password_protect.php on line 118

how to solve this? i removed header from the page which has to be displayed after login prompt
March 18, 2007
does this script filter mailicious input?
March 19, 2007
I want to password protect a URL page to be accessed from eBook.
I want the access to be transparent to user ie. the reader just clicks the hyperlink to the target webpage WITHOUT being presented with, and having to, enter any user id or passwords! (in other words, these are already pre-set in the page).
Reason is to prevent accidental stumblers onto my webpage but allow book readers to access via the hyperlink click.

Will this do it? How to protect the target URL destination?
roysorin [anti-spam] gmail.com March 20, 2007
hii this is very good system login :)
March 21, 2007
Thanks much for making this, Zubrag!!!
March 23, 2007
Thank you so much for the great script, it's just what I was looking for.
A question though - Once a user logs in, they are permanently logged in, it seems. I would like the users to be logged off once they navigate away from the protected page - I would like the script to always require the user to provide a username and password.
root [anti-spam] olgiatipy.org March 24, 2007
Posting this in case it may help some others who want, like I did, to password-protect pages written in HTML

If the page you want to protect is HTML, there is a quick and nasty way to turn it into a .php page:

Add the following two lines before the first line of the HTML page:
print <<<END_OF_HTML

add the following two lines after the last line of the HTML page:
and save the resulting page with a .php extention.

You now have a .php page, which you can protect by adding the line:
<?php include("/directory/of/your/web/site/password_protect.php"); ?>
at the very beginning (after of course changing /directory/of/your/web/site/ to suit your local situation).
Graeme March 25, 2007
Awesome code but how to i make it so it goes to the right page? All that happens is that it comes up with a blank page.
dj_jonathan_martin [anti-spam] yahoo.com March 26, 2007
Thanks so much for this great script!

Having a bit of a problem though, when I run the help execution to get the path, I get a local c:\ path ... any advice would be appreciated! Thanks again :)
dj_jonathan_martin [anti-spam] yahoo.com March 28, 2007
nevermind that was the absolute file path on the server. WORKS GREAT!! THANK YOU !!!
exentia [anti-spam] cooltoad.com April 1, 2007
Thank you very much
spented half a day trying htaccess
no luck
happened upon your site googling
15 minuites later all working
as my 5year old says "wicked"
Vivian April 4, 2007
Thanks! This is exactly what I was looking for.

One thing though, it doesn't seem to work in Mozilla Firefox. When I click the link it should show the password page, but it just skips that step. It only worked once in the beginning, but that was it.

Any suggestions on why it's not working?
April 6, 2007

phani April 10, 2007
Thank you very much
michelle [anti-spam] NOSPAM [anti-spam] lwmarina.biz April 12, 2007
Ok.. For the folks that want a password protected page and have NO IDEA how to install anything at all..

If I install(haha ya right) this on a single page, like a private page on my site, do people have the same login's and password.. just give all the people the same id and password??
philwojo April 13, 2007
Vivian, it sounds like you are forgetting about the cookie it sets, you will only see it work once as after you log in it set's your cookie's and then it' won't run again.

Michelle, you set the login's and passwords in the file, so you can put in as few or as many as you want to, or you can give everyone the same one.

Gregorio Aristizbal April 15, 2007
Excelent work!!! Got my password script working in no time! Really easy to use and straightforward. Works well on GoDaddy, with Mozilla.

Could not use the htaccess method due to hosting restrictions, but the script does a great job. You just saved me from having to do it from scratch! Thanks again man.

Take care!

PS. Agree with shawn on the comment "I've tried to edit the cookie portion out of the script to no avail. I would like the script to always require the user to provide a username and password. Some way to easily comment out or disable this feature."
dazakun [anti-spam] shaw.ca April 18, 2007
Awesome script! Thanks! I got it working very quickly with the helpful forum instructions.

One question I have is if it is possible after implementing the login/password form (user has to input both fields) on the main page of a website, to have it redirect to another page on the website after successful authentication. Thanks again
Wesley April 19, 2007
Great script! I modified it slightly to create an online proofing system. It redirects clients to their respective directory depending on the credentials they provide! Thanks again!
Hugh April 20, 2007
Very nice bit of work. Kudos! I have added two functions:-

- javascript to automatically select the pasword box (I disabled the username for my pages); and
- created a setting to show hide the hyperlink to your website - I didn't want to make it too easy for anyone to know how I was securing my pages - the less the bad guys know the better!

But very nice work.


foo April 22, 2007
I changed the passwords in the script but whenever i try to login with the username/passwords i added i get Incorrect password.
pula April 25, 2007
Great script! keep up the good work.
AJ April 25, 2007

I am interested in doing a similar thing - would i be able to see your modifications / source?

Many Thanks,

Folder April 25, 2007
AJ, check the forum, there are multiple threads about redirect after login. Brgds, Folder
Ben April 27, 2007
First, great script!
Al lot of people are asking about changing the usernames and passwords from the default.

Make sure you make the changes in the script and not in the instructions!!!

- Ben
DaveyDee April 28, 2007
I've been googling to find a solid, easy to depoly password script for a few days now and thank goodness I found Zubrag. You are a star my friend - this script is so simple yet so effective. Take a gold star and go to the top of the class!
Kory May 9, 2007
Great script!! I love it!!

My only question is if the script can be made to reflect on different users; for example: if "Bob" logs in then I want it to show "Bob's" page. Or if "Fred" logs in, then I want it to show "Fred's" page.
AJ May 9, 2007

go to the forums. zubrag, some others and myself have got that covered (you just add:

$REDIRECTS = array (
'username1' => 'PATH_TO_PERSONAL_PAGE',
'username2' => 'PATH_TO_PERSONAL_PAGE'

etc etc

underneath 'login details' in the password_protect script
May 11, 2007
how do I redirect back to the login page after someone clicks logout by using the passwordProtectedsite.php?logout=1


// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
exit("Logged Out");
Kory May 12, 2007
Thanks AJ! But, the script fails to redirect to a php page, all it does is redirect to the root of the site when it's set to redirect to thefile.php. But, it does work with HTML files, unfortunely those don't let me set up protection on them, only the php files let me do that. I am stuck. Any suggestions??
Kory May 13, 2007
Update to previous post:

I finally figured it out!
I am doing a HTML post to password_protect.php file, it leaves a cookie if the password is good, it then redirects to another php file that is set to be secured with password_protect_2.php which has the same usernames and passwords but does not make the file redirect. This work-around works great!! I hope that may help somebody with the same problem! Thanks again!!!
jesstankersley [anti-spam] gmail.com May 13, 2007
This was awesome! Works like a charm! Thank you!!!!!
joe [anti-spam] salesdepartment.com May 15, 2007
I installed this several months ago on a phpbb 2.19 board. Since the day it was installed the board has not had one single spam registration. Pretty phenominal! I was getting near 10 spammers a day before installing this script.

And, another minor miracle I picked up somewhere particularly for those of you with phpbb boards. Rename admin_db_utilities.php with some off-the-wall name. Do the same with your admin_forums.php file. Rename admin_forums.php correctly "only" when you need to admin your forums. Then rename it something non-functional when you're done. No hackers since using this process.
carl [anti-spam] dltlive.com May 17, 2007
This is how I get mine to redirect to the orginal login page. In my password_protect.php this is what this area looks like:
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
It may not be exactly what people are looking for but it works for me. Hope this helps. Good luck!
tom_cai12 [anti-spam] hotmail.com May 21, 2007
This is awsome!

I am new in php. Is there easy way to process contents based on the password in the same page? for example, if password = "external" , process function1 elseif password = "internal" process function2?

May 23, 2007
Wonderful! Thank you so much for sharing this...
May 23, 2007
Web Page Password Protect rocks. I had it set up in under 5 minutes and it did exactly what I wanted it to.
Daniel K May 23, 2007
to: Kory
I've been stuck same place as you, is it possible you could upload/send the work-around?
Kory May 25, 2007
In response to the question from Daniel K:

[Admin note] created topic on the forum for this issue: Password Protector - redirects
May 27, 2007
No problem installing. Easy to use. Thanks Hansen Denmark.
JT May 31, 2007
Great script, much appreciated Zubrag
June 9, 2007
this script is fantastic! very nice work.
kdhawkins [anti-spam] gmail.com June 12, 2007
I know nothing about HTML really, I can cut and paste and fiure stuff out generally, but reading all of this giving me a headache, plus I'm using MS Publisher 2003... OF all that has been mentioned, could you tell me how to set up a password protected page where each member can use their email address as their login and choose their own password? I want to put this on my own website (yahoo), but I'm really trying it out for another (university) website in the fall. Any help that you can give me is VERY appreciated!

Thanks so much!

Aa June 12, 2007
I tryed to paste the code into "nvu" and then open it but any password works. How do I set the password?
melissa June 14, 2007
Is there any way to create a "logout" with this password protect?
Craig June 15, 2007
Love the script man. Works a charm. The only i suggest, is a log out feature, more secure. But still a great job!
Ben June 16, 2007
Works great. Thanks for the log out feature too!
June 17, 2007
404 errer what the umm how do i fix it it was on a freewebs page
houssam.ballout [anti-spam] gmail.com June 20, 2007
Hello all,
I've included the file in the files that I want,but when I lunch them,the login form is not shown
any help please
June 26, 2007
Excellent script, worked like a charm. Thanks very much! :)
Dave H June 26, 2007
Great script! Unfortunately the cookie does not seem to be working as I have to enter the password again when I browse to another protected page in the same directory
pga June 26, 2007
well, im using this for my schools website but i want to style it so that it fits better. how do i do this?
Sasa June 27, 2007
ok i just got the script, its perfect, but, one question, i am password ptrotecting a proxy page, protection page is awsome, as soon as i go to a diffrent page through proxy, sets me back to log in., any help appreciated
jim June 28, 2007
Fantastic script. Even for a PHP newbie, really easy to use. Thanks
droom June 29, 2007
Thnx for script. Im very new in php but it took 10 minutes to understand how to use it. Really thank you
scott June 30, 2007
does anyone know how to echo the current user?
pat [anti-spam] organizedwisdom.com June 30, 2007
Another fan of this script! Thank you.
July 7, 2007
This rocks. Thank you!
Jordan July 8, 2007
I love your script but there needs to be a log out function when the user closes the browser. What if the user is on a public computer? A logout option will be very useful, and needed.
July 14, 2007
Great working script with full details on instructions...however, I'm having 1 minor blurp...once I enter the password and hit 'submit' it goes to (renamed file = login.php) login.php...can this be changed to a html file?
support [anti-spam] giggigteam.zzn.com July 21, 2007
g8 script but can u set up a form and when its filled out it automaticly adds username and password so they can login
marek4 [anti-spam] ya.ru July 30, 2007
BuB August 4, 2007
So Easy, and So Darn nice. GREAT Work. Love the cookie thingy, and how it times out instantly when they shut down the browser and come back.
monin12001 [anti-spam] hotmail.com August 4, 2007
I am getting this
Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/.........

Line refers to the cookies portion...
just like marsha told...

i want cookies but dont want that error msg.. any help
Thank u
RTP August 4, 2007
nice script. thanks
Brother T August 6, 2007
How would you do this? I want to
1 - have the login form open in a smaller window (target="_blank")
2 - have the small window close after login info is accepted while
3 - updating the original window to reveal the protected site content.
JohnnyF August 9, 2007
For some reason, when I enter the URL www.mysite.com/password_protect.php?help - it gives a dialogue box asking me if I want to open or save the password_protect.php file. I'm pretty sure this is a server issue. Has anyone got any ideas?
August 9, 2007
does this program offer user logging?
Lozza August 9, 2007
I'm adding in the code at the top of the script like it says - but when I go to the secure.php file on the site it doesn't load up the login fields. Any thoughts?!
August 9, 2007
Excellent. Nice of you to post your work for free. Well done!
daybroadway [anti-spam] yahoo.com August 10, 2007
I am having a problem with the login on my php login page. I created a login page where users can login into the site and access other php pages on the site. I put the php protect password on the pages desired. the problem i am having is when the user goes to the login page and logs in it says it's successful but when they go to the protected pages it asks them to login again.
Mick August 14, 2007
This is a fantastic script, exactly what I wanted, thanks!
Hendy88 [anti-spam] gmail.com August 16, 2007
The code works GREAT! Just one problem, in that after the user logs in from my index.php page, they get redirected to another page telling them they are logged in and everything works great. Problem is if (within the same browser session), they stray away from these PHP pages and then come back to the original index.php page... instead of showing the content, it shows and "Index of" and a listing of the files in the Parent Directory on the server. Any suggestions on how to fix this?
Tracy August 17, 2007
Fabulous piece of code! I couldn't get .htaccess/.htpasswd to work, so I was looking for another solution. This is exactly what I needed! Thanks!
August 18, 2007
I am using this script but the google adsense ad not relative to content on password protected pages.They ask to give password protected directory/file & authentication URl then waht is to be written in authentication URl ?
koisti August 21, 2007
I'm using only password protection so not user name needed. The password should be an email address, so have to add check to submit that it even looks like an email address like xxx.xx@xx.xx?
And the password can be anything..
so if you hit correct password it goes works like original but if you try give email address withous @ mark it gives an error message not a valid email address
Gang Zhou August 23, 2007
Excellent! Very easy to use and very convenient!
Guillermo August 23, 2007
I've put it to work in just a minute!!! Thanks a lot!
Anne August 27, 2007
Thank you, thank you! Brilliant piece of code!! I'd spent hours trying others - noe of which worked. Yours was super-quick to install and worked immediately.
Shadow Slash August 28, 2007
Ohhhhh i'm so jealous! I wanna try that stuff now! It's just a shame that my website's server is currently down so I can't try uploading the password_protect.php thingy T_T
kevin [anti-spam] plessinger.net August 28, 2007
Perfect worked like a charm. You rock!
E-man August 30, 2007
VERY Cool! Simple, easy and it gets the job done unlike others I have tried with line after line of extra junk code. Thanks for such a great code.
Renee September 13, 2007
Thanx heaps!! Got it working straight up! Saved me heaps of time. Cheers ;)
greg September 13, 2007
great code! agreed to password protect a site without knowing how to do it. this makes me look good. ;-)
Dave Clarke September 13, 2007
I am not very good at php, adn wa wondering if you could show me how to edit the script so it checks mysql db for the user and password rather than a preset one!
waldir September 18, 2007
I would like to have a form for registration on my site, where user would inform login and password, and they would have automatic access to the protected directory. How could I do it? Thanks.
badgirl September 19, 2007
Thank you so very much for writing this script and for making it so easy that even I could understand it. It worked perfectly, and I am using GoDaddy. I was even able to put it right into a the look and feel of my website. And my site uses CSS. If anybody needs help with getting it to work for them, just let me know. If I can do this...anybody can do it. :-) zubrag you totally rock!
soojan September 19, 2007
that's grt man... it worked fine ! thanx dude.
ncarrier [anti-spam] hotmail.co.uk September 21, 2007
This did not work for me :( spend ages on this and it still would not work followed every step buy no luck
Eduardo September 22, 2007
Muito obrigado pelo script! Ser muito til para o meu site. Obrigado amigo!

Thank you for this script! It will very useful to my site. Thank you friend!
September 26, 2007
This is an awesome script. I can't thank you enough for creating it!!!
amber September 26, 2007
my boy chris from akron gave me the web site and forgot to give me the password can i get it though
October 1, 2007
Very Nice!!! Thanks!!!
October 10, 2007
Hi Zubrag.
Is it possible to rename the html pahaes to php to be able to use this script?
bram October 10, 2007
is there a way to use the forms with a 'GET' method and not 'POST' because I have another script on that page and in won't work if there is another form with a post method on that page :s
rs-knights [anti-spam] hotmail.co.uk October 14, 2007
i'm having problems trying to add more users could you give me an template/example? of 2 users

Jaffa Designs October 15, 2007
This is a great script that is easily integrated into full HTML/CSS sites. Well written and easy to understand...Thanks Z - Jaffa Designs (Australia) http://www.unaking.com/password_protect.php
asta October 15, 2007
How do I do this (similar to earlier post):
- make access to protected web page transparent to reader of an eBook ie. the reader just clicks the hyperlink ona eBookpage referencing external protected URL, withour having to, enter user id or passwords!

Reason is to prevent accidental stumblers onto my webpage but allow book readers to access via hyperlink, without requiring them to enter the password.

Can the password be auto-supplied forexample,maybe likeso:


so that reader doesn't have to be bothered by it?
asta October 15, 2007
I found the answer digging in the forum. Awesome script. Thanks......
AC October 15, 2007
Great Script, thank you for sharing it and being so helpful.
October 17, 2007
Can this script be used as a registration option, so that when users come to my site they can register themselves, get a username and password and then login into the site, instead of me having to create a username and password everytime. This is a super script which is why i'm asking if more functionality can be added.
julian October 22, 2007
id like to set up the password within a box in my site. im using iweb, so its simple to add the login script as a box in the page (i.e. my home page) but once a user enters their details, id like the page to open in a new tab or window. how do i do this? so what id need is code to tell this to open in a new window once login is complete...i can simply add the page with the generated code into the page.. should be easy i think!
Demortes October 23, 2007
Excellent addon to protect my osCommerce admin tool. I love it so much, you are a genius. Saved me the time to learn this type of stuff. I just included it in the header file that is used all the time in the administration tool.
Bob October 24, 2007
fantastic add-on took less than an hour to reconfigure and password protect the admin area. Cheers!
October 26, 2007
this doesnt work it display tons of junk and im really mad
October 31, 2007
when the page refreshes it again asked for username password...
kalobaharon [anti-spam] yahoo.com November 6, 2007
please i don't understand it properly thank may God bless u.
Robert November 8, 2007

Grate script thank.
Is it possible to make chackbox to decide weather to use cookies or not. This will be great function for me.
benjus [anti-spam] alice.it November 10, 2007
Hi... first of all: sorry for my bad english! (i'm italian) i've tried this script but it doesn't work...i upload the php file, then open the help section... i login and when i press the button to enter, it appears a blank page... why? help, please!
benjus [anti-spam] alice.it November 10, 2007
Now i've solved the first problem, i've obtained the php include string... the problem is that even if i put the string on the top of the page code, the login for doesn't appear... and i don't know why
Raine November 14, 2007
Hey! I figured out how to create a link to previous page on a subdirectory and you can enter back to your password protected page without logging in. It's easy to do with javascript.

<A HREF="javascript:javascript:history.go(-1)">Previous Page</A>

Note: this will only work if had you previously logged in, as script remembers password until browser is closed.
lol November 19, 2007
epic fail.
JT November 25, 2007
I'm trying to get the Web Page Password Protect script to work for me. I've followed your instructions and had it going on the first try, but messed up at some point. So started over. Now, every time I get this error message on the page I'm protecting after inputting my specified user name and password: "Warning: Cannot modify header information - headers already sent by (output started at /home/content/d/o/r/dorjecontem/html/Download.php:3) in /home/content/d/o/r/dorjecontem/html/password_protect.php on line 137
What's gone wrong? I simply can't repeat my initial success (which I botched by trying to style the password protect input page to more closely match my site). Thanks. I'm soooooo close!
November 25, 2007
For me scripts don't work
frankie.soliz [anti-spam] yahoo.com November 29, 2007
can i watch tonights game?
bachi November 30, 2007
hi can any body tell me what is the password for this script?

thank you
bachi November 30, 2007
if we upload all our php files in to our server. then how the browser onen our site with out asking the p/w. and i want any body open my site and i dont want to give the permission to save or print my web pages.. can any body suggest for this?
December 3, 2007
looks nice but doesn't work. didn't have time to figure out why, but needs some work. tried it with php and html doc. just goes to protected page with now username or password page. let us know when its fixed. would like to try it. thanks
flash December 3, 2007
i've tested this script every which way an it fails miserably, as has about 75% of the scripts that I test on the net. When you type ...password_protect.php?help, you do not get a valid output for one. Too many errors to list here.
Brian December 3, 2007
script does work with firefox. include


That will suppress the errors coming through and make it so you can put it before the content of a page in the include so when the right password and login has been entered you can then see the rest of the content.
Davo December 4, 2007
Disregard flash's comments. I have uploaded password protect on my website and have it working nicely.(even with firefox) Thanks to everyones help on the forums I have tailored the code to suit my site.
baboo December 4, 2007
Works great for me! Verified in IE, Firefox, and Opera.
'flash' why don't you post a topic on the forum? They will help you to get it setup correctly.
December 14, 2007
Works great! Thanks!
December 20, 2007
Love this program. Thanks.
tuaans [anti-spam] gmail.com December 23, 2007
thanks you.
besi [anti-spam] mailbox.co.za December 29, 2007
i would like to try this but is having plain text passwords on a script safe at all? why are passwords not in msql database and encrypted?
Jill January 4, 2008
noemail [anti-spam] hotmail.com January 4, 2008
many thanks!
January 6, 2008
the password and id # doesnt work
January 6, 2008
the password and id # doesnt work
Banning January 8, 2008
this script is hot and works 100% i've been using it for awhile now... i pull all my stuff from a database... if you need help on connecting this script to a database just run a search on this page for mysql or database and up towards the top in 2006 zubrag was kind enough to help a fellow out with connecting it to a database and that code has work perfectly for me.
hawkeye0386 [anti-spam] gmail.com January 14, 2008
The script works great! But where I work, they want some form of a logout button. I just don't know how to code it to work with the script. I can get it to close the window, but then it doesn't delete the cookie.

Orlando January 14, 2008
Do you have codes that may be added in html files to be protected? i'm using html codes in my page. Where in this site can i find such, if any..
rohen22 [anti-spam] gmail.com January 14, 2008
Awesome script! I'm trying to use it as a redirect, so far so good!!! Thanks!
ivo [anti-spam] paximadia.com January 15, 2008
I do not want a user/password combination, but just a password. According to the description, I would need to change the user/password combination to just a password (starting from line 51). But if I do, I keep getting two fields to fill out, instead of one. Anyone any ideas what I could be doing wrong? Other than that, great script and thanks to the very clear explanation also customizable for a non PHP-person like me!
ivo [anti-spam] paximadia.com January 15, 2008
Sorry, after I submitted my previous comment, I saw that there is also a forum. And there it was explained: in line 58, change 'true' to 'false'.
Ali January 16, 2008
This was exactly what I was looking for , but I am having a lil problem; The cookie doesn't seem to work. I have cookies enabled so I am wondering what I am doing wrong. as it is I am required to log into each page I navigate too. Are there any other settings I need to put in?
Hartmut January 16, 2008
I love it. Simple and effective.
You made my day.
SleepinDevil January 20, 2008
You guys do realize this script is very primitive and very insecure.. Also its almost 2 years old now... Since you all use PHP head on over to www.php.net and read the online documentation for SESSION_START() and learn how to use PHP Sessions. They are much more secure and much more versatile!
-Ragnarok Server PHP & Database Admin
Gerard January 21, 2008
Great script , thanks for sharing.
big_djg [anti-spam] yahoo.com January 21, 2008
i need sum help with setting up the password on my webpage... im reading wat to do but i dont get it to well. Can someone please help me my email:is Big_djg@yahoo.com
dave January 23, 2008
include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');

That doesn't look anything like what everyone else put up... solutions?
rchamberst2 [anti-spam] hotmail.com January 23, 2008
I am trying to password protect a webpage. I am using frontpage 2003 can I use this code and if so how?
NELSON January 23, 2008
saif_phy [anti-spam] yahoo.com January 24, 2008
This code is fine but password is case senstive. How can I make it otherwise
January 29, 2008
Thanks for this. Fantastic.
azrobert [anti-spam] cox.net January 30, 2008
Having Problems getting include line

saved password_protect.php to server but hwen i enter the path and /password_protect.php?help

It comes up with a login box and won't recognize my passwords or users

January 30, 2008
I have found the solution to the logout not working with the back button. Re direct it to a blank page that contains a link with the Javascript code (<a href="javascript:window.close();">You Must Click Here to Finish Logging Out!!!!! </a>) to force browser to close. This is a simple way to remind people to close the browser
denroy [anti-spam] activeice.co.za January 30, 2008
Hey, this is a great script,but i have a bit of a problem. all my username and password are stored in an database and although i am linking to the database correctly i cant get into the desired page.

all my user deatails fails to log me in correctly
Patel January 31, 2008
Hi Zubrag,

Great script. Just what I have been looking for.

I am trying to redirect the page in the event there is an invalid login/pwd to the original page I place the login and pwd. How would I go about doing that? I am able to redirect to the right page if the login/pwd is correct. I tried below code and did not work:

if ($check == "Ok"){
header('Location: http://localhost/containertrucking/websitex/menu.html'); die();
header('Location: http://localhost/containertrucking/websitex/index.html'); die();

Thanks in advance for your help.
Paige February 1, 2008
I love the script! It works perfectly. The only question I have is, can you customize it? By that I mean change the colors of the log in interface? (eg. background, box color, font, etc)? And if so how could I do that?
February 3, 2008

I tried the script and after a few modifications and tries, it worked great !

Just my thought though, wouldn't it be better, instead of redirecting user to an embedded html inside the php, to just ask them using a javascript?
john [anti-spam] cleanexpo.com.au February 6, 2008
The script works fine - thanks - but how do I set it to log out? At present if they move to other page son the web site they can just re-enter the password protected page and it is not until the browser is shut down entirely does it then prompt for the password again.
vishalgaurav01 [anti-spam] gmail.com February 18, 2008
Yeah, Good Script,

tes February 18, 2008
great script! thanks!
jonnovello [anti-spam] yahoo. com February 18, 2008
So, how secure is this script? I have a client who wants a password protected page that allows users to download his software. It would be nice to know that what I'm using for him is basically secure.

johnstell [anti-spam] interstellar-solutions.co.uk February 20, 2008
Great script - works easy - just one thing though - not sure how to protect a second page when a user fills in a form on the first page and then is redirected to a second page?

What code do you have to use again on the second page - it isn't quite clear?
patelgasagency [anti-spam] gmail.com February 20, 2008
Big Hello,
thanks for the work done by the pioners of this site and the way the work has expanded in the grounds back home. will like to appriciate the work done by all of you for us and the community to be rooted to the ground and trying to bring the feeling of togtherness and unite the people of entire samaj.
s-barrick [anti-spam] suddenlink.net February 21, 2008

Will this php script work on a Windows IIS server? That is where my site is that I would like to add this script. I know nothing about programming, but this script looks like it is just what I'm looking for...

Artix February 22, 2008
Who can help?
Some one is inserting his index.html in mai webpage...and i have changed my password..i-m using an php script...if someone can help me it whould be nice...
brandonc503 [anti-spam] yahoo.com February 25, 2008
Hey, great work btw. I am trying to get the user name from cookie but seems to be encrypted, which is great, but how would i go about decrypting it. thanks.
February 26, 2008
Great Script!!! you saved me from putting too uch time into doing it myself. Just a question If I front end the pages I wish to password protect with this, I should be able to specify session variables pulled from the mysql db and propagate them to the page being protected, that way the app can carry a variable on the server side such as username that can be populated to the protected pages.
February 26, 2008
It is not working for me. Can anyone help? I put the script under test folder and created a simple html page and included one liner. I am hosting at godaddy.


clabinger [anti-spam] sbcglobal.net March 3, 2008
Is there a way to use this script to prevent access to other files (such as images) by people who have not entered the password? OR: To prevent viewing of subdirectories on the website (Index of /folder)?

Thanks in advance.
March 4, 2008
is it free
uvex_ [anti-spam] hotmail.com March 4, 2008
Can u add a function, so that we can change the password, without editing the code??
March 6, 2008
<QUOTE>jonnovello [anti-spam] yahoo. com February 18, 2008
So, how secure is this script? I have a client who wants a password protected page that allows users to download his software. It would be nice to know that what I'm using for him is basically secure.

I have the same concern. Everything I have read says that simple password scripts are not really secure and are easy to by pass or obtain passwords.
How secure is this program? Does it really protect personal information contained in the protected page?
karl [anti-spam] nilsen.as March 12, 2008
Thanks for a nice script.
Just what I needed, password for reading the internal sites.

Thougt of contribution info - i would have contributed!

grahamson.1 [anti-spam] hotmail.co.uk March 13, 2008
hi and i am fron sctland and i am finding it really hard..

wat i am trying to find out is how can i make a box saying pass and a box saying uuser name and submit. and when u get the pass right u go to anuther page.. ?

please some one help me
Antispam March 14, 2008
Thanks a lot!
Pola March 16, 2008
This worked like a champ.Cannot be enough thankful to you.Great work.
infoATflutelab.com March 16, 2008
The script could not be opened in MSIE or FF. So how can I resolve the code to paste? Maarten
ScrumpsNet March 17, 2008
Very cool Script!!
Thanks for posting.

With some Usernames and Passwords combinations after login I need to re-direct them to another page. How would you implement script like that into your current code structure?
March 20, 2008
This is a dumb website it doesnt work at all
Kerry March 24, 2008
Using it to protect my live xampp server root.

Thanks a bunch :-)
rajibhossan [anti-spam] yahoo.com March 25, 2008
I need advance php tutorial
bachanal [anti-spam] ntlworld.com March 25, 2008
Thank you, thank you, thank you! I am a designer struggling with coding and "programming" stuff! Would you believe that after days of searching the web, your script was the ONLY one I understood and could use! I am so grateful! I have registered with your forums for the future. Great - Diana
March 25, 2008
Thanks sooooooooo much for this I have been playing around with .htaccess this little script is fanatstic
March 25, 2008
wonderful script - works perfectly - and I've never used php before - well done! V grateful!!!
ursus [anti-spam] giterental.com March 28, 2008
Excellent script, easy to set up and works well. Thankyou. Ursus the Bear.
Sena March 30, 2008
Thank you so much!!!! It works perfectly :)
KarlKaluns March 30, 2008
How good is this script? Is it "hackable"?
Sam March 30, 2008
I have a way of making it work in html
Just put
<iframe src="the/path/to/password_protect.php"></iframe>
Sam March 30, 2008
EDIT : the HTML can only do this if the path was like
and not a root path
JFD March 31, 2008
To those who were asking how to always require login, just change the timeout minutes to an extremely small value (ie .001).
Rick April 1, 2008
I am using the login and password name fields to access a protected web page. If I add a wrong login(username), password or both and press "submit", I get a display of "Incorrect password". Is any way to improve the code so that if I add a wrong user name but correct password, it displays "incorrect login(username)" or if I add a correct login(username) and a wrong password, it dislays "incorrect password" and if I add a incorrect login(username) and a incorrect password, it displays "incorrect login(username) and password". I tried to manipulate the code but failed to get it working.
alexandernewman19 [anti-spam] comcast.net April 7, 2008
I need some help, I haven't the slightest idea on how to do this, I get the form on LOGIN and Password, but I don't know how to set the information for it. When I do I get 3 errors, would some one help me step by step, php codes are my weakest area in coding things and building webspage thats why I stick HTML.
reckylawalata [anti-spam] yahoo.com April 9, 2008
script yang hebat dan luar biasa. sangat membantu dalam aplikasi yang saya buat untuk kantor kami. terima kasih dan Tuhan memberkati
Jakoma April 10, 2008
Im using freewebs for my website and i just wondered wjere to put the script
and also i cant get the code
spawnkornfreak [anti-spam] yahoo.com April 14, 2008
great work!!!
but how to add the users login name to my page?
for example i want to add their login name right after the logout button... also is there a way that we could add a visitors log?
silentgaia [anti-spam] gmail.com April 16, 2008
for some reason, when i paste the php code onto the page i want to protect, it wouldnt work. Can anyone please help me? I've done everything.
rmist April 16, 2008
silentgaia, is the page you are trying to protect a .html file or a .php? It should be a php file. Also is the php code pointing to the correct place where the script is? If the password_protect.php file is in the same directory as the web page you are protecting, you can just put the path as password_protect.php

Hope that helps
April 17, 2008
Thanks !!!! I really apreciate a lot this script.
novoshare [anti-spam] gmail.com April 17, 2008
Thanks !!.
I have found more in two interesting sources ( http://filesfinds.com & http://fileshunt.com ) and would like to give the benefit of my experience to you.
April 19, 2008
1 million thank yous!!!
Christian April 19, 2008

I tried this script, but doesn't work for me, help please :(!

harismol [anti-spam] pollux.gr April 19, 2008
u saved my weekend with this great script. Thank you very much
etaxero [anti-spam] gmail.com April 21, 2008
This script worked AMAZINGLY well... I am learning php and this helped me out so much!
croz April 21, 2008
wont work for me, getting message "A file permissions error has occurred. Please check the permissions on the script and the directory it is in and try again."

Any ideas? I am pretty sure my directory is correct
admin [anti-spam] arperture.com April 22, 2008
http://sphider.arperture.com - Arperture Search uses this script. :)
April 22, 2008
This is great! I was having so many issues with security - and this will take care of it. Thanks so much!
jm April 26, 2008
meliej April 27, 2008
you are incredible! this script is great and i really, really appreciate you sharing it, especially for free!
general [anti-spam] benbaxter.co.uk April 27, 2008

I've placed the pass protect php file on the server and added the code to the top of the php file I want to protect - but when I link to the latter it goes straight to it without asking for any login details?

What am I doing wrong?
badinfluencedj [anti-spam] hotmail.com April 30, 2008
hi zubrag..Great script..just wondering if i could pick ya brain,as im having a bit of trouble...i uploaded the script to one site for testing.and it worked great.not problems at all..but as i copyed the folder and pasted to new site..it seems to have gone wront..

i made sure i delete the note directory folders that are always created.but i reckon i have missed somethink....the error message i get is___
e:\domains\d\dnbupload.com\user\htdocs\upload\samples\login\login.php on line 67

if you could help that wood be great..look forward to hearing from you..and thanks a heap for the scrip..ITS PROPERRR..
Caelan May 4, 2008
I was wondering if you could include a demo on this page so that I (and others) could see it in action before I download it.

Thanks :)
Nisho May 4, 2008
This code is ******* amazing... im speechless. But i keep getting this error:

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\index.php:8) in C:\wamp\www\password.php on line 141

I have tried to read some of the 1000 of comments above, and i have tryied to include that line of code at the begenning of the document, but it didnt work out, i think im doing something wrong... can you help me guys?
Thanks alot...
Nisho May 4, 2008
Ah i just added the // (comments) on line 141... and it has stopped showing that. but im just wondering if it would cause a problem ? i havent really gone through the code and im not that advanced in php yet, so if someone could tell me what does that line do and if its problematic to remove that line. the line is:

setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
sergeyp [anti-spam] mac.com May 6, 2008
Great script, I must be having a problem each time i go between pages that are protected or want to refresh, it forces me to log in again. Is this a problem with the cookies?
Matt May 7, 2008
wow, amazing, works a treat, THANK YOU.
Dan May 9, 2008
thanks a lot thats was what i was looking for >< , its easy to use and usefull
andrew [anti-spam] aeonianrock.com May 9, 2008
hey sweet script man. Quick question. How can I determine the user name that is logged in? I have users who will submit a news post, and i want to insert the user id of the person logged in that is posting. It appears you are hashing the user with the password. This would be great if you could help.
Scott May 12, 2008
Hey, I have a Ning social community with about 600 members and I was thinking of adding some special features for select members using this script. Is there an easy way for me to implement this for my "premium" members?
May 13, 2008
Excellent! Thank you!
May 13, 2008
This works perfectly. And it requires very little maintenence to get the VARS right.
May 14, 2008
I've got a question: Whenever I put in a wrong password, it gives me a message about the incorrect password as expected. However, when I put the correct password after that does not allow me through? Anyone have this issue?
kukla [anti-spam] omen.ru May 16, 2008
marlon.s.r.morrow [anti-spam] gmx.us May 19, 2008
The code does not work for me. can you please email me and help me? marlon.s.r.morrow@gmx.us
joshkin20 [anti-spam] yahoo.com May 20, 2008
I have a basic question on this script. I have specific pages (with submission forms on them) that I want each individual user to be able to see. Any solutions?
May 23, 2008
telo May 28, 2008
the issue related to generating new accounts:

the problem is in this file--> scripts/sb_login.php on line 171


function redirect_to_url( $relative_url = "index.php" ) {
$baseurl = baseurl();
header('Location: ' . $baseurl . $relative_url);


replace with this:


function redirect_to_url( $relative_url = "index.php" ) {
$baseurl = baseurl();
//header('Location: ' . $baseurl . $relative_url);
echo( '<meta http-equiv="refresh" content="0; url=' . $baseurl . $relative_url . '">');

pcphil1 [anti-spam] blueyonder.co.uk May 28, 2008
Thanks. This looks like a great script. I have not used it yet but intending too soon. Quick question though. What if someone does a right click and view source on the web page if the web page is not right click protected that is. Will they see the username and password needed to enter the site ? Just a thought. Thanks again anyway.
mkiper [anti-spam] unomaha.edu May 28, 2008
Thanks for a wonderful script. It was very helpful to me. Your instructions were very clear and the code works great.
daniel June 2, 2008
AL June 3, 2008
Spot on. Quality script. Clear instructions.
frisoleder [anti-spam] gmail.com June 5, 2008
Isn't it smarter - just in case you're stupid and lose the included file - to use require() instead of include()?
With require, the rest of the script is not executed when the file isn't present. Include will continue nevertheless.

Great script, still1
carsonfire [anti-spam] gmail.com June 7, 2008
Works great, except when my host switched from PHP 4 to PHP 5, it suddenly is back to requiring the password on every page.
test June 8, 2008
How to password protect just one page?
The context is a puzzle game, where if you enter the right password, you get to see the next page. Any suggestions?
linuxcu [anti-spam] hotmail.de June 13, 2008
I will use and recomment all my friends.
Thanks again
prestley10 [anti-spam] hotmail.com June 17, 2008
I would really like to use this script! But maybe for a different purpose. I have a membership site, and as a promotion, if someone signs-up for the mailing list, the can use a program. But I would only like them to be able to use it once if they have purchases a membership. I provide them the username and password. Can you edit this script so when the person uses the program once on a page, it no longer allows them to use it again? I hope this makes sense.Please help me. I would be so grateful.
nazmul_imm [anti-spam] yahoo.com June 18, 2008
i can't use like this way

<?php includ .....
<what ever.....
teocomi June 19, 2008
thank you very much! it works!
fluorescente [anti-spam] gmail.com June 21, 2008
I can't get it to work getting passwords from a database without users.

I explained in the forum. I really hope you or someone can help me.

Thanks in advance
ascemilas [anti-spam] hotmail.com June 24, 2008
About Redirect to other web address // html code --

sjb2000 [anti-spam] blueyonder.co.uk June 26, 2008

thanks for the code. I down loaded it a few days ago and have it working ok on my site. My only problem is that each time I move to a new page I have ti input the login and password again.

I assume it is a problem with cookies, but have allowed them. I have also tried to four different computers, same problem.

Any advice welcome.

Secret June 29, 2008
I need help, im not good with programming, i think i have done it so far on my website it ask for password, when i enter password it goes back to my page, how do i create page forit to go to, like images? Please help me im lost
July 10, 2008
wat is the id n password?
phoenixagent013 [anti-spam] gmail.com July 14, 2008
good luck
phoenixagent013 [anti-spam] gmail.com July 14, 2008
July 18, 2008
genius stuff: I had never worked with php scripts and thanks to the clear instructions I got it up and running in 10 minutes. Thanks mate
euripides1 [anti-spam] hotmail.com July 19, 2008
Hi, this is a great script, question - Ive been using it for some time now and it work perfect, I was using it to lock the pages in a particular folder now I have another folder that I want to lock but I want to have a different login design page but when I try it even before implementing my design just the pure code from the script it does not work..

So the question is: does the scrip only work once per domain?

Like I said I have implemented it for a particular folder with it's own login design that represent that information once in, now I wanted to use it for another folder with another login design that will represent the information that will be in the pages after login..

Ann July 22, 2008
wow... thanks a lot! it's easier than I thought. But one more thing, can I track who've been locked in. Like.. can I find out who viewed the page?
JRpassions Photography July 29, 2008
Awesome code - I do not know jack about php, and I have been searching for a code for our photography site. Thanks to you, our clients can be sure no one other than them will access their galleries filled with hundreds of images!
July 30, 2008
Excellent! Easy! Effective!
Dfender July 30, 2008
I need help, I want to protect an .asp document, is there any way to protect an asp document? what can I do?!
July 30, 2008
only one question

how do you open the script in help parameter??

where is the help parameter?
chris July 31, 2008
I like this; it's simple, effective and worked first time. Many thanks
Manuel August 2, 2008
Is there an easy way to make the passwords available one time only?
Deepak August 4, 2008
It's simple and effective one.Great work.
iowieiwie [anti-spam] one.lt August 5, 2008
very very good work !!! excellent !!! thank you !!!! :****
August 7, 2008
Hi, It seems zubrag disappeared around 2006. Does anyone know how I can set it to work with a guest registering an email as username and a fixed password, then email me so I can authenticate the user before allowing access.
That is I dont really need to the secure the page so much as to see who is accessing it.
That is, if I dont know who is accessing certain pages they cannot see those pages.
My apologies if I am way off the mark here, new to this.
Phillip August 11, 2008
Thank you so much for the free script! New to PHP,couldn't have done this myself just yet:)
Rob August 12, 2008
Just what I needed. Very simple and good working script. Thank you.
Brian August 12, 2008
Can i modify this to adapt as a wordpress plugin?
krister [anti-spam] knutars.com August 18, 2008
Excellent solution dude!
Works like charm right out of the box.
Thanx a million :-)
jeff [anti-spam] syntaxproductions.net August 22, 2008
This kicks $#$. It was the only way I could protect my file upload section as webDAV and htaccess wouldn't work. Thanks A Lot!
milisku.09 [anti-spam] gmail.com August 22, 2008
Thanks for the scropt, it's very usefull
terry54661 [anti-spam] googlemail.com August 28, 2008
great script it works really well but I can only use it on its own page. How would I get the script to be within a page on my site? i.e when people browse around its always on a page somewhere?

pdguimaraes [anti-spam] gmail.com August 30, 2008
thanks man... you just saved me a precious day coding something already lovely coded ! my only suggestion is to all future users is to keep the script out of the host root to avoid password detection in case of apache failure. greetings from portugal !
g. September 5, 2008
excellent script, thank you!

I will use it for multi-user with different pages for different users, as you instructed above

[zubrag August 17, 2006
if you want to grant access: user A - webpage A; user B - webpage B, then this can be accomplished as follows. Copy password_protect.php to protectA.php, and include protectA.php in webpage A. Copy password_protect.php to protectB.php, and include protectB.php in webpage B.]

and I noticed that if you add the same user/pwd to multiple scripts it will be able to open all the pages (protected by different password_protect.php) without re-login. so you can have pages common to multiple users, and others exclusive to single users; or common to different groups of users. excellent.
ukarage [anti-spam] yahoo.fr September 5, 2008
did all you said to do but ... when I type the url of my page, no password prompt appears, only my php page ...
jennifer September 5, 2008
I'm getting this error:
PHP Fatal error: Call to undefined function: php include()
hermit_au [anti-spam] yahoo.com September 8, 2008
Thanks for the script. How can one change their html web pages into php pages?
ziondatamatics51 [anti-spam] gmail.com September 9, 2008
I am yet to write my first eBook. I had been postponing it for quite sometime now for some reasons or other. It is not I schedule even for next one month.
josh September 11, 2008
thanks a lot man, this is an awesomescript
chriskaub [anti-spam] yahoo.com September 11, 2008
I want to set up a one word password where visitors to my site can enter it in to continue to my next page, how do I write the script and what is the Source Codes, Body and Object Events???
September 12, 2008
This is awsome! It works so well! I used to have this bad one, when you looked at the source, it told all of the usernames and passwords!!!!
hennern [anti-spam] hotmail.com September 14, 2008
Thanks a million!!! Just what I needed...
Johnny September 16, 2008
Need to password protect the whole site not just a page...any ideas
Rick September 18, 2008
Add the line of code to each and every page on the site.
September 18, 2008
it doesn't work with explorer 6 and 7.
what can I do?
Rick September 19, 2008
Can you describe "not working" in more detail?

My "not working" problem is actually "working too well". IE 6 and 7 require the user/pass for every page. I assume that's because IE is not properly handling the session cookie. I have tried the obvious security settings in IE with no luck. Still working on this.

If your "not working" is that the page is showing without a password prompt, this is most likely caused by an error on the path to the script. BTW relative paths DO work OK. "./password_protect.php" works just fine for me.

September 26, 2008
hi zubrag,
I have small media community in my neighbor, i setup some pages on my server for them to stream media on demand using WMP activex.
Here is my server structure...
index.php -> stream catalog -> (on of the stream of user choice e.g) stream07.php (protected)
here is the scenario

1- 1 login per ticket (username) no account sharing
2- login count e.g. user can login specified number of time. e.g a ticket has only 3 login opportunities and will expire after third login.
3- timer countdown on protected page e.g 30 min after that the page should close itself or refresh and log him out and redirect him to catalog page so he needs to re login to view page again or choose another stream.

Thanks in advance
October 2, 2008
This isn't a support forum. Go figure it out yourself.

To zubrag cool script!
Air^Wolf October 9, 2008
Hi Zurbag,
i keep getting this error after i login "Your submission could not be processed because a security token was missing or mismatched." but when i go back to the main pag with the link and click the link for the protected page again it loads perfectly !

Thanks in advance
Air^Wolf October 9, 2008
Hi Zubrag,
i keep getting this error after i login "Your submission could not be processed because a security token was missing or mismatched." but when i go back to the main pag with the link and click the link for the protected page again it loads perfectly !

Thanks in advance
www.rapidz.tk [anti-spam] gmail.com October 12, 2008
thank you
GCW October 13, 2008
The script works great except if I logout in FireFox 3.x if you go back to login it does not require a username and password. It works fine with IE.

Also I signed up for the forum and have never received an verification email.
sohsowski [anti-spam] gmail.com October 14, 2008
Does anyone know how to "rebrand this" by adding the script in a webpage already made?
Jason October 14, 2008
I'm interested in using this script for multiple users. I read and understand the post describing how to use multiple directories. My problem is I need a login link on my homepage and want the script to redirect users based on their username/password. Is this possible?
Jason October 15, 2008
Oops... I posted my question in the wrong spot. After searching the forums I was able to use this code for multiple users.
sethp1234 [anti-spam] gmail.com October 16, 2008
what about doing the same thing for
Jacpar October 18, 2008
The script loads very my following page :

On that page, I have a link as follow :

When I click on that link, the password is requested again. I don't want that request coming back !

Is there any solution in order to not repeat the login ?
glanz October 18, 2008
I cannot get it to work. Screen flashes then red letters "Incorrect password" appears. I did everything exactly as you explained. Domain is a_name.info which should not matter? I am close? Thanks,
denis October 22, 2008
how work this script
James October 28, 2008
Does anyone know how secure this method actually is? Just wondering. I have used this on my site and I am just curious. I know some types are more secure than others...
Hmfpa October 28, 2008
This thing is 100% secure except for brute force attacks. Thanks
November 7, 2008
works great, thanks
kassalemb2000 [anti-spam] yahoo.com November 8, 2008
My name is Kassalem.
roccosirocco November 9, 2008
You just made the Internet a better place with your addition of an awesome script.

Thank you, it's simple and perfect.
November 9, 2008
Thx for this great script!
mr.3rbje [anti-spam] hotmail.com November 11, 2008
Thank you
jassikhalsa07 [anti-spam] gmail.com November 12, 2008
i am jassi
November 14, 2008
Is there a way to only allow users to try login three times before they are locked out?
psalpren [anti-spam] pacbell.net November 14, 2008
I am trying to download your Webpage Password Protect but am getting Microsoft Picture It Photo 7.0 instead.???? Is there an easy way to hide the script from a logon page that shows the user names and corresponding passwords? I have been trying to place the necessary script along with what I need to delete from the logon page into a .js file but I cant seem to get it to work. Im not sure that what you have for download (everyone is pointing me to this page) is going to do the trick, but Id certainly like to try it.
Thanks for any response.
Respectfully,Paul Alpren

sad November 17, 2008
misfit November 22, 2008
i dont understand how it is done, can someone explain thouroughly ?
jan November 23, 2008
Great script!!
geo November 25, 2008
This is pretty neat. Thanks very much, any idea why it asks for password twice though?!
geo November 25, 2008
Forget that last comment. I put the code in twice silly me. This is the best.
M-00-O-00-M [anti-spam] HOTMAIL.COM November 25, 2008

http://if.web.id November 26, 2008
Thanx for this great script... i use it for my rapidleech.
Orlandoech December 2, 2008
Is it possible toadd redirection based on user login?

I.e: ABC logs in and goes to /ABC.html and XYZ logs in and goes to /XYZ.html
elc December 2, 2008
Nice little script. But I advise folks to disable the help feature once they have it deployed -- otherwise passing the 'help' parameter to any secured page spits out the path to script, which probably is not desired.

// allow 'help' parameter to display path to this file?
define ('ALLOW_HELP', false);


if(ALLOW_HELP && isset($_GET['help'])) {
bin December 4, 2008
Thanks a lot for this script.. Is there any option to get a log for each user login?
swatidhanta [anti-spam] gmail.com December 10, 2008
I am a good author
roberts_studio [anti-spam] hotmail.com December 10, 2008
This might be good for programmers but there are no instructions that mean anything to us amateurs
Confused December 12, 2008
password_protect.php only work with zubrag/root username password login pair. When i change it to something else then it gives me an error saying incorrect password.
December 14, 2008
This is super! All these years later and I still found great use in this script.
Irina December 16, 2008
zubrag, I want you to wake up every morning and say to yourself: "I am brilliant!" :-) Coz you are! Thanks for writing this wonderful script and sharing it with us! And for goodness sakes, put PayPal donate button on here so I can send you some $$ for your efforts!!!
Dj - Web Creations By Z December 19, 2008
There's been a lot of talk about how to affect an elegant logoff scenario. Here's how I perform the logout.

I set up a separate page to say 'Thanks for using the system'. Prior to calling the password protect function, I set a variable, $logout=1. In the password protect script, I check this variable. If set, I assign the Timeout time to .001 (basically less than a second). The thank you screen is displayed and the user is effectively logged out.
Dj - Web Creations By Z December 19, 2008
I'd also like to thank Zubrag for making this script available. Although I am an experienced developer, I am new to web-based applications. Unlike in industry where everybody shares technical know-how, it seems that most other web developers regard you as their competition and are unwilling to do so. When I found this script a little over a year ago, it really helped me out and I have now used it in several applications. Thank you very much.
efendere [anti-spam] yahoo.com December 21, 2008
i need my password
December 22, 2008
Yeah. Totally didn't work. Worthless script written by an amateur.
December 23, 2008
Script works just fine. Just guy above doesn't know how to use it.
lol December 25, 2008
wallace December 25, 2008
Excellent work! Brilliant! Got it working in less than 2 minutes. Love the ?help and the logout feature.
December 26, 2008
Effin awesome!
clinton December 31, 2008
thank you. this work great.
David January 1, 2009
can someone please install this for me ? or is there instructions on how to do it ?
katie [anti-spam] towntek.com January 2, 2009
Thanks, this was just what I was looking for. Works perfectly.
Bailey January 4, 2009
Um... Its cool?...
Onlooker January 8, 2009
I am running a dynamic php website. I need to password protect about 10 pages, however, I am not able to allocate the php include at the very top due to the dynamic structure of the website. As a result of which I get a Warning: Cannot modify header information - headers already sent by ... I can comment setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); - the warning disappears, but then then I am prompted to login each tome I click on a new protected page. Is there any way around it?
jonny January 10, 2009
Hi Zubrag! Great script, thx for your offer! But I have a problem now that never occurred before.

I had it protect a page in a directory A in my server area with credentials a1/a2. It worked fine, and firefox/IE kept the password so I didn't have to enter it all the time.

Then, today I protected another 4 pages in a different directory B in my server area, with common credentials in all four b1/b2, and now the browser (be it Fx, IE, Chrome, whatever) doesn't ask to keep the password in any of the pages --the one in A, and all in B.

So, I now have to provide credentials in each page, even during the same session.

I have the password_protect.php file in different locations in A, and B (i.e., I use different instances of it).

A, and B hold different websites /projects.

I'd be grateful if you or anyone else could assist me.
starnsun [anti-spam] comcast.net January 12, 2009
This program is GREAT. The best one I found and really easy to set up. Thank you for the great instructions, for this program and especially for continuing to publish it.
2daybiz January 13, 2009
Install and customize your own job site with the latest Job Site PHP Script. Posting and tracking resumes and candidates have just become easier and efficient. Upload multiple resumes using the resume builder, set visibility and priority for the employers to access it easily & precisely. Separate logins for job seekers & employers. (http://www.2daybiz.com/jobsite_script.html)
shawan.diu [anti-spam] gmail.com January 13, 2009
Web Page Password Protected web page is safe for all. I also did it! on ther other hand, my users also can brows freely but Avast anty virus represent that virus available! its just fake virus created by bloody Avast Antivirus!!
webportation [anti-spam] yahoo.com January 13, 2009
"Web Page Password Protected web page is safe for all. I also did it! on ther other hand, my users also can brows freely but Avast anty virus represent that virus available! its just fake virus created by bloody Avast Antivirus!!"
FOR DETAILS YOU CAN VISIT: http://www.webportationbd.com
savita313 [anti-spam] gmail.com January 14, 2009
Amazing Site I like it. It Was Quite Interesting NiceWork I appreciate the information you provided Excellent post. Keep it up! Good day!
jl-belter [anti-spam] wiu.edu January 15, 2009
Is it possible to get the code to make it you need to enter the password each time? Only because the stuff on the page I'm password protecting can only be seen by the workers. And I don't want someone on a public computer log in. Then someone else go to the website and click on it and see the information. Any help would be appreciated. Otherwise THANKS SO MUCH for the post/file!
Replicas79 January 23, 2009
Brilliant script, works just how I wanted without any complications
January 29, 2009
The script seems to work but it does not point on any web page.
What I need is this: I want to control the access of www.ppp.com. So when username and password are good, www.ppp.com sould open.
But username and password are good and nothing happens. I have a blank page.
drogg87 [anti-spam] yahoo.com February 2, 2009
can you send me a php code for search and login
lainbd.flat [anti-spam] gmail.com February 3, 2009
Your sub-domain will be also password protected http:www.lainbd.com luxurious apartment in Bangladesh
Prem February 4, 2009
Thanx for this great script...
February 6, 2009
how do you
A) log out?
B)make specific users go to individual pages???
bartman February 8, 2009
excellent script very easy to use. I'm a noob at this and needed to protact info on a soccer club site this was perfect.

rrsvghajni [anti-spam] gmail.com February 8, 2009
bolaji February 8, 2009
am a website designer, and am building bank page. i build bank account number and password. i want to use a specific number for the account and a specific letter foe the password. and i dont dont how to do that. i use html
Shabnam February 9, 2009
Thank you so much! I'm not great with PHP but this was a breeze to set up. :]
Thomas February 14, 2009
Great script. This was very helpful
rwm February 17, 2009
Thanks! This was so much more simple than other solutions I tried, and just as effective.

QA February 19, 2009
You might want to mention that Mac users can use the plaintext editor neXtSoft NotePad. Not sure if you're aware of that app.
thfc [anti-spam] hotmail.com February 20, 2009
Script is excellent - thank you!
bestbaby2love [anti-spam] yahoo.com February 20, 2009
hi guys i try this code and it is not working
February 20, 2009
This is a great script, I am using it to protect my site while it is under development.
Galoop February 20, 2009
Great Script and greater - how to - info

thanx alot...
craig_mb [anti-spam] yahoo.com February 21, 2009
What if a user loses their password? Can you add a value for the email to the array and a "send me my password" for folks who lost their password?
David February 22, 2009
Brilliant script, thanks! Fixed the issue with protecting my editing pages from inadvertant use :)
Noob Coder February 22, 2009
i have a problem on the signup.php part, everytime user registers an account it always say "Cannot add user to database"?
and im always getting this PHP Error

Warning: fopen(/home/a5017784/public_html/others/users.php) [function.fopen]: failed to open stream: Permission denied in /home/a5017784/public_html/others/signup.php on line 97

please help. . .(T_T)
February 23, 2009
I entered the code but it will not lode in safari or firefox can anyone help me
Tim February 23, 2009
I got this to work for a single user login but will it function for multiple logins where each user has a separate page that is protected by that respective user?
John February 26, 2009
Work's great. Easy as pie to set up and made some changes so it fits the look of the page. Fantastic.
February 27, 2009
nice tool works for me! i'm using abyss web server and php 5... http://outro.webs.com
KW March 3, 2009
This is fantastic! Thank you very much for doing this!
Jassim Raja March 4, 2009
Thanks much! It works great. I love it. Thank you for keeping it free and simple to use.
bcrossb [anti-spam] san.rr.com March 4, 2009
i have two protected pages,using two different user name. if the user wants to see page on, enters user name for that page( as defined in login.php), works fine. then wants to see protected page two by returning to main page, clicking "selection" box, login.php comes up blank. no option to enter new user name to see page 2. only way i have found to get around this is to start browser over. any ideas?
nice script!!!
flapdrol March 5, 2009
wachtwoord ???
Alan March 9, 2009
Hi, thanks for such a great and simple to use script
Jay March 11, 2009
i really dont understand about "help" parameter, any one can explain it abit more please. thanks
March 13, 2009
Hi - great script. How can I jazz up the sign in area a little - can I addd a .jpg for example under the username and password field? This would be tremendous because it would help me here but also on a larger proejct im working on (etoolreview.com)
March 18, 2009
I got to see the Username and Password protect sample By entereing /help on the end of my webroute. I also added the login name and password that I supplied and that Worked, I even had the code to enter on my very first line of the pages that I wanted to protect.

But it DIDN'T work for me on the actual webpage. It just pushed my mormally centered template over to the left.

No sign in form page appeared.

Your help would be appreciated.

Andrea March 21, 2009
TERRIFIC SCRIPT! Thank you for sharing!

the help parameter is simply giving you the include code. If you are familiar with php its a standard include with path to the file. put it as top line of code in your page you want to protect.
include ('path/to/nameofmyfile.php');

this uses cookies, you should use two different files for two different pages. Just put one user/pass for one file>save. Then put other user/pass > save as new filename. Then include the seperate relevant protection file on each page. Otherwise a user inputs a va;id login and can potentially have access to both pages, which defeats the purpose of what you are trying to do.

March 21, 2009
Great staff, it works like a charm
mahfuz April 2, 2009
can anyone post any script of adding contents(like image/text) to any webpage directly with administrative privilage.i want to edit my web page directly from net with my administrative privilage which means only i can edit (like adding image or text) my webpage directly from net but none.pls respond quickly.
mahfuz April 2, 2009
can anyone post any script of editing(like adding image or text)a webpage directly from net with administrative privilage.i want to edit my webpage directly from net that means no one but me can edit me webpages directly from net.please respond quickly..
Dwaybe April 2, 2009
Hello. I am doing this in Dreamweaver CS3. I have the php in my folder plus on my server. I am having trouble figuring out where to actually put my username and password for this to work. I am also having trouble figuring out how to link everything to my pages. Please help me ASAP :(
Steve April 5, 2009
For those who have problems with the script! IT DOES WORK, provided that you followed the directions! Re-read everything all over again. If you follow the instructions CAREFULLY step-by-step IT WILL WORK FOR YOU!
bunty_mana [anti-spam] sify.com April 6, 2009
i have use your password protected code but how can i creat the login id and password for different usser to view the different pages
for example : - when raj login he go to page 1
when rama login he go page 2
and any other login they go any other page which i define for them different usser different page
April 7, 2009
When I go to my php page, it doesn't have the password protection. I used the code from the ?help on the password_protect.php file, added it on the first line of my php file, no luck!
lennie April 9, 2009
Great script, trouble-free installation if you follow the well-commented instructions in the script.
Very much appreciated.
Mick April 9, 2009
Thanks Zubrag
Your work is appreciated, cheers!

zabboto [anti-spam] gmail.com April 10, 2009
Hello! I would like to set up a website where I could upload password protected music. Each password could only be used once to download the files...is there anyone who might be able to help me learn how to set something like this up?
[anti-spam] bcrossb April 10, 2009
annabiele [anti-spam] yahoo.com April 15, 2009
I have a pet, but how do I get a login?
April 17, 2009
Guys, this is insanely easy to customize and install.....i arrived to this page 10 minutes ago and the protection is working already.....THANKS SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!
Alex Glynn April 18, 2009
I never post comments on this sort of thing but I must say this is absolutely brilliant.
aiehfi [anti-spam] yahoo.co.in April 21, 2009
supergreat! really very very great. it works really!!
Tochiman April 22, 2009
April 24, 2009
Amazingly simple. Yet awesomely built! Thanks!!!
April 28, 2009
so i am not really sure what I am doing wrong but after I enter my username and password I get this error:

Warning: Cannot modify header information - headers already sent by (output started at /mnt/netapp01/students/cpbanks/sushi/admin/dataOptions.php:2) in /mnt/netapp01/students/cpbanks/sushi/admin/password_protect.php on line 138

I'm taking a class on php right now so I honestly have no idea what that error means. Your code seems to work for everyone else so I am going to cross my fingers and hope it can work for me too!
DezB April 29, 2009
In relation to the previous post, I got the same error, any thoughts anyone??

This is an excellent script and is obviously very much appreciated by all who use it, thank you Zubrag
mark.juice [anti-spam] hotmail.com April 29, 2009
very good work! thanks for your script, so simple yet so powerfull!
rohcodom [anti-spam] gmail.com April 30, 2009
your script rulez! is simple and brilliant... Thanks.
garymcgill77 [anti-spam] msn.com May 1, 2009
hi there great script BUT 1 thing when i login i get Cannot find users list!

so i have to close it then re-open then i can see the content
nicholas.reed.web [anti-spam] gmail.com May 9, 2009
I am using password protect very nicely. It logs in ok to pages 1 and 2 that are password protected, however, on a third page, it asks for a login again. After loggin in to this third page again (as you are prompted to) you can access pages 1,2 and 3 without any issues.

So really, this is a case of double-login, which always occurs on page 3.

Page 3 is the page that does the database work, it recieves data through a POST in php.
aadnanheaven [anti-spam] yahoo.com May 12, 2009
Srikanth May 16, 2009
My soul dying will rest in peace after finding this excellent script which I was honestly longing for. It is God's gift through Zubrag.
emiliorruiz [anti-spam] gmail.com May 17, 2009
Warning: Cannot modify header information - headers already sent by (output started at /hermes/bosweb/web233/b2332/ipw.eruizfco/public_html/delta_77/biblioteca_digita.php:1) in /hermes/bosweb/web233/b2332/ipw.eruizfco/public_html/delta_77/password_protect.php on line 139
tranmkp May 21, 2009
good tool - how do I sync it with my existing db? only users that are paid up my access members area? Cheers!
Paul May 21, 2009
Thanks, this worked very well and was easy.
Thanks for the great script. May 23, 2009
Anyone with "Cannot modify header information..." error. In most cases this is due to UTF-8 encoding with signature. Use Notepad2 or equiv and change the encoding to UTF-8 (without the signature).
mrkips May 24, 2009
Thank you for this script. Simple to set up and very useful for protecting files.
May 25, 2009
Hi I found this page while looking for password protection.

I just want to password protect a download link on my site, is there a way for this script to work that way?

May 26, 2009
Another very satisfied customer
May 27, 2009
Hey thanks...it works great and only took 2-minutes to set up!
xmenx10 [anti-spam] hotmail.copm May 31, 2009
Wow dude, kudos to you, You should receive the --==FECES Awarard==-- (for providing Friggin Easy Code for Easy Security), One questions tho, other than closing the browser (in an effort to make general users "happy", can I apply a button to 'Log Out', which basically forgets the authenticated user and requires a (re)login, if the user wishes to immediately come back?
amit.516 [anti-spam] gmail.com June 1, 2009
This is amit. I need a little help in making these php codes work. I am working on a project and I am jam stuck. If you could provide me help on this, I would really appreciate that. Man please help me as it is very important for me.
Please leave me a mail.
benjamin.frank [anti-spam] ymail.com June 1, 2009
It logs in ok to pages 1 and 2 that are password protected, however, on a third page, it asks for a login again. After loggin in to this third page again (as you are prompted to) you can access pages 1,2 and 3 without any issues.Thank you for this script. Simple to set up and very useful for protecting files.
Jacoby June 2, 2009
This is great! Thanks so much!
jyarnold [anti-spam] att.net June 2, 2009
Can this script redirect based on username? For instance if user A logs in then he goes to page B and if user C logs in he goes to page D, etc?
Wayne June 3, 2009
Since I added Password Protect to my website, spam has dropped to ZERO ! Thanks, Zubrag.
kevin June 5, 2009
The password protection works, but I keep on getting: "Warning: Cannot modify header information" on my pages. Any ideas?
shaggy June 6, 2009
you know, you guys are bumping a thread that's like 3 years old. Anyway, just thought I'd add my two, and say AWESOME script zubrag, thank you!!
John C. A. Manley June 13, 2009
Many thanks. Exactly what I needed. Easy to setup. Worked Great.
GMIXX June 14, 2009
DUDE! (I am from Hawaii...lol)

Thank you from the bottom of my HEART! This is awesome...

Kristle June 14, 2009
This is damn nice!
amirhussain135 [anti-spam] hotmail.com June 14, 2009
plz tell me about how can i recover my deleted date....?
Daniel June 14, 2009
How to i make it so the username is not cap sensetive
June 17, 2009
I received the following code in the top line:
<?php include("d:\\hosting\\mhaney1014\\password_protect.php"); ?>
But when I test out my .php page and try to type in username/password, it says invalid?
svar [anti-spam] svaroh,com June 18, 2009
I am not a tech person by any means. We have Sharepoint Designer 2007 and I have been desperately trying to figure out how to upload a fill able pdf and have it password protected with 240 different logins. Needless to say I am at my wits end. If anyone can help me, I would REALLY appreciate it.
adamoli [anti-spam] gmail.com June 19, 2009
Hi. The script does not seem to work in the latest version of Firefox, it just displays the page! Any tips on this?

Sam June 21, 2009
Great script works fine for me in IE7, Firefox 3.0.11, Safari 4 Public Beta and Opera 9.62. Thank you very much!
john [anti-spam] fawkesbay.com June 22, 2009
Greetings. Just wanted to say thank you for an excellent script. I've been learning PHP and have worked very hard using the things I've learned but for all the new clients I am starting to get now, this is by far the easiest and secure way to create simple content management systems for the many non-profits and customized sites I am developing.

Thank you so very much. All your work is really appreciated.
A June 24, 2009
Extremely helpful- thank you so much.
denisus15 [anti-spam] gmail.com June 29, 2009
he need cookies... i hate write pass on every refresh
johndevblack [anti-spam] yahoo.com July 3, 2009
Easy to implement in the Windows XP version of PHP5 but difficult under Ubuntu Linux 9.
Please advise users to add the include statement before the <HTML> tag.
If you wish to pass an argument to the script which includes your password script, the argument needs to be extracted before the include statement
thus - $fn = $_POST["fname"]; and then restated within the <form> statement in your script thus -
echo '<input type="hidden" name="fname" value="' . $fn . '">';
A great little script.
Thank you for providing it.
July 4, 2009
Great work Zubrag, what a wonderful script easy to implement on planet earth. Keep it, What a great Genius? Huhh
July 8, 2009
Thank you! Needed something fast and this worked like a charm!
clive_william [anti-spam] ymail.com July 8, 2009
php& java is really a good language write any script also .So that is very useful blog.
am9e [anti-spam] hotmail.com July 9, 2009
dasd July 11, 2009
AWESOME SCRIPT!!!!!!!!! thank you {{}}}}
wheeler July 14, 2009
Wow, I'm hooked - this works so well I'm going to wear it out. THANKS
AohmZ July 14, 2009
Thanks for posting! I am new to PHP and am looking at scripts to get started.
jehzlau July 14, 2009
this script really works great! thanks for creating one and sharing it to the world. :)
admin [anti-spam] izewebdesign.com July 16, 2009
You are so awesome for making this so easy to use.
weston [anti-spam] inspireddesign.biz July 30, 2009
Is it possible to make the timeout days rather than minutes? I have situation where I need access to expire for each individual after 30 days. Maybe there is a better way but I don't know how.
Mega pack July 31, 2009
can i use this script so when paypay sends them to my opt in form page to give me their details, before they are sent to the download page. Its the download page i want to stop from being accessed from external sources, but i want the customer to be able to fill in opt in box and go to the download page without having to put in a code. I really just want to stop my download page from being accessed from the internet.. only from the sign up form
Nick B July 31, 2009
I appreciate you making this script. It's simple and just what I needed.
18robin.singh [anti-spam] gmail.com August 1, 2009
gmail show my username and password when i open the gmail on my computer.what is the problem. plz help me.
Wes C August 7, 2009
Thanks for doing this. It is a very big help!
mir August 8, 2009
Using the script with a php page made from a dreamweaver template and it's not working. Any ideas
CLM August 11, 2009
Thanks heaps - using this script has saved me tonnes of headaches! You're an angel :-)
johnx360 [anti-spam] kicked.se August 12, 2009
Is there anyway to logout? And if not can you create some kind of overlay at top with a logout button?
223751 [anti-spam] googlemail.com August 15, 2009
Brilliant script works excellent!
I was thinking how I can change the font or background for the login page ? is that possible?

Did I miss it?

ticmic [anti-spam] selcom.hu August 19, 2009
I need to protect two pages with different log ins and passwords is this possible
` August 20, 2009
Great script, thanks a lot, Worked a dream with one site I am working on.
Web Designer August 21, 2009
To Rob, whom posted on Aug 15, 09
Look at lines 98-117. That's the html part of the page. You can change the font and background there. If you don't know html go to www.w3schools.com and look it up.
Dan August 27, 2009
I need to be able to have multiple (unlimited) passwords... basically the customers will be using their product serial number
luci_unikatu [anti-spam] yahoo.com August 28, 2009
Can you change a bit thew the scrpt? I want that the script to take te users and passwords from a .txt file and in txt file to be a line for every user and password like this user_name:user_password
Thanks if you want you can send'it at luci_unikatu[at]yahoo.com
September 3, 2009
very nice. 5 min and done.
John Smith September 6, 2009
This is very cool. Easy to setup & worked perfectly as I want. Keep up & thanks alot. Its very usefull!!
Vitaly September 7, 2009
Awesome script! Thank you so much! It solved my problem of protecting the whole bunch of pages by placing a script into a header.inc, and it worked in a matter of minutes.
September 9, 2009
Fantastic work!
This was just what I was after :D
Took me less than 1 minute to get working! No hassle or problems... straight outta the box!
September 9, 2009
I have edited the code and removed all traces of example.com as the page when you log out but for some reason when you log out it still sends you too www.example.com any thoughts or ideas?
I can send anyone the files as per edited and see if they can figure it out, thank you!
slimebag [anti-spam] gmail.com September 10, 2009
Here's a way to database the usernames/passwords

$dbhost = ('localhost');
$dbuser = 'YOURDBUSER';
$dbpass = 'YOURDBPASS';
$dbname = 'YOURDBNAME';
$query = "select * from administrators";
$dbh=mysql_connect ($dbhost, $dbuser, $dbpass) or die('Cannot connect to the database because: ' . mysql_error());
mysql_select_db ($dbname);
$result = mysql_query($query) or die('Error : ' . mysql_error());

while(list($usr, $pwd) = mysql_fetch_array($result, MYSQL_NUM))
$usr => $pwd,);
Torpian September 10, 2009
Looks like a good script but I can't get it to work for me. I'm using Dreamweaver. I uploaded the file to: <?php include("/home/grandeur/public_html/password_protect.php"); ?>

I've copied that line into the first line of the pages I need protected but nothing happens. The only thing I've changed in the script I downloaded was the username and password, and I also created a page for it to direct people to when they put in the wrong password. Any help would be greatly appreciated.
Eric September 11, 2009
This script has made my life easier :D Thanks a lot and keep up the good work.
TomatoWilo September 13, 2009
Excellent script! Very easy to use and really secure!! Two thumbs up!!!
joetobey [anti-spam] gmail.com September 14, 2009
Any way to store username and password combinations in MySQL and then use this script to check them during login?
September 15, 2009
How can I put all usernames/passwords in a separate userdetails.txt file, and use a 'include' statement to bring these in so that I only need to edit this file, and not touch the php file? Anyone?
September 29, 2009
I find this does not work in IE 6 7 or 8. I saw a reference to that problem in one question , but the solution oferred did not fix the problem. "Not working" in my case means that the page contents load without asking for a password. Works great in Firefox, but close to 100% reliablity on the web is what I am looking for.
dendirk28 September 30, 2009
Same problem, IE7 asks the login at every load (IE8 probably too). Any solution for this by now??
October 1, 2009
Awesome script!
October 1, 2009
Awesome! Thanks so much.
mr.daryn.8 [anti-spam] hotmail.com October 5, 2009
I seem not to get my website password protected from peopel I don't know.
etarking_90 [anti-spam] yahoo.com October 8, 2009
this is great
www.vizionwebdesign.com October 9, 2009
awsome free simple script to use for client web pages that is not really data senstive.
inyourfaceinterface [anti-spam] gmail.com October 14, 2009
Best ever! you rock
October 14, 2009
thanks this is a great script
jvandale [anti-spam] collecive-spark.com October 14, 2009
Used it a couple of times and works great! Thanks for making it soooooo easy!
zeshan_haider_changazi [anti-spam] yahoo.com October 17, 2009
hi zubrag
i m very thankful to you and your team for making such easy codes which help the beginner web developers great.
after implementing it to my side i got one question that how can i change my password, username or how can i add new users.
yujumoes [anti-spam] hotmail.com October 19, 2009
akhilesh1780 [anti-spam] sify.com October 21, 2009
my password mis ho gaya hai.my detail
akhilesh kumar, dob 1.7.1980,chhibramau, dist. kannauj,jon.kanpur, uttar pradesh, india
my cellphone no. 05691-220520,9839563909
please my password send cellphone no.thanks
jeff October 23, 2009
great script. the only extra step I had to solve was getting my server to support php files. i checked the box andd all is well...thank you for an easy but solid solution to protecting my limited access webpages.
October 23, 2009
tinavelez [anti-spam] msn.com October 26, 2009
thank you so much, this is exactly what i was looking for for my customer log-ins. Two question though:
1. when testing in mozilla after i loged in and then closed the browser, opened a new browser in mozilla, it asked for the login again! PERFECT! even if i went to the history and clicked on the protected page, it still asked for password again! PERFECT! that's exactly what i was looking for. but when i tried it with ie, i was able to access the "secure" pages through history and by typing the path of them even after closing original browser, after inputting the login the only way it would ask again is if i cleared cookies. here's the question: is there any way this will work with ei as well as mozilla?

2: if someone chooses to "hack" my site with any of those programs, will they be able to see all my html codes and passwords and everything? If so, will it make any difference if the site has a ssl certificate?

thanks again for the scripts and instructions, they are GREAT!! :)
danielsmigs [anti-spam] hotmail.com October 28, 2009
It works perfectly!

But, just wondering how to protect whole DIRECTORIES instead of just individual files ... ???

pavan October 29, 2009
where should i place the redirect after it checks when the username is correct, pls let me know, thanks in advance
November 3, 2009
is there a way to set it the code so that username and paswords can only be used once? thank you
normdunk [anti-spam] btinternet.com November 6, 2009
outstanding - once you know where to place what - its brilliant
Vishal November 17, 2009
Very outstanding php script, I just download it and set it up on my site and it works perfectly!

Thanks so much for making this script and having it as a free php script.
Jessie November 20, 2009
This is an amazing script! It took a little bit of playing around with it, but I got it working and I'm a PHP rookie! Thank you so much!! :)
Marcus November 26, 2009
Great piece of code. It works well. Thank You
max November 30, 2009
thank you very much for the code saved me ages in writing my own cheers zubrag!!!!!!!!!
sanjay December 1, 2009
I am in very trouble, because i don't know about php and php database. I am operating http://www.moneyinhands.com but i want user can Register and Login into my website with php and his database. I am very interested to know about php and his database, if you are good in php and his database please suggest and help me to i build better website for my users in India. If you want to charge any amount i will pay you just give me idea and support to i build website with Login Systems in PHP. I am waiting for you Reply...
djm [anti-spam] evolvnet.com December 1, 2009
Works like a charm. Thanks!
December 1, 2009
I don't know about other browsers but Internet Explorer view source only showed the html not the php when trying to view the include file directly - so no looking at the passwords or code -that's so cool!
December 2, 2009
Although many tutorials say how to hash passwords and create logins, this is the only one I found that shows how to put a good include file on the page to be protected: Excellent! Big problem with logout though. It redirects but does not log out. Can make back button go to expired page but refresh brings it back up again. Tried unsetting variables, session destroy, meta no-cache, header no cache. Only way to kill this login is close the browser or set header to empty which prevents any future logins. Please someone tell me how to do a proper log out : )
aaronwexler [anti-spam] hotmail.com December 2, 2009
Great script, it seems to work for me only sometimes. Other times instead of getting the login page with the boxes I just get a blank page. When this happens I try to use the ?help function to see if anything changed but that just brings up a blank page too. The only way I have found to fix it is to reload the downloaded script from scratch but then I lose all of my logins. I am using godaddy, dreamweaver CS4 and php pages. Any help
aaronwexler [anti-spam] hotmail.com December 2, 2009
nevermind I got it....I was missing a comma when adding logins. It is amazing how much time you can save when you actually read things
PHP_Idiot December 3, 2009
This script is PERFECT, and it works...easily!

I've tried several others and always run into problems and errors, but within 20 minutes I had an entire section of my site protected (www.gbpokerclub.co.uk).
Thank you so much guys.
prowler December 5, 2009
i did everything you said, but when i put any of your user/pass pairs (i didnt change it for test) i get "The page cannot be found" page.
im using IIS 5.1 and PHP 4.3.11
bryce.power [anti-spam] gmail.com December 5, 2009
AWESOME SCRIPT!!!! This is amazing. What i would like to see in the next release though is for the logout function. I want it to be able to go to 2 different pages depending on whether you hit "logout" or your time expired.
December 8, 2009
Perfect! Thank you very much.
elrat December 10, 2009
Thank you so much! The first time I've installed a php script and it worked like a dream.
justin [anti-spam] igrowbeards.com December 11, 2009
Thanks very much for this. Works like a charm.
daniel December 11, 2009
Thanks, you're a pimp!
December 15, 2009
This is an excellent password protection script! Much appreciated ...

att December 22, 2009
Great PHP password protect Script, created over 9 years ago and still the easiest and most efficient script I could find. Thank you very much!
nzdzeni [anti-spam] gmail.com December 23, 2009
Thanks so much! This was perfect for what I needed - really easy to implement and beautifully explained. You will be today's "Gratitude Item" on my blog (http://www.dzeni.blogspot.com).
replies [anti-spam] hotmail.com January 3, 2010
Reffering to an earlier comment, how can I force the password entry to appear as a popup window kind of deal rather than as a new page?
adendum [anti-spam] hotmail.co.uk January 4, 2010
Excellent and elegant solution. 10 out of 10 Mr Zubrag!!!
Rob_ITA January 7, 2010
TNX really much for the script: it fits perfectly my needs.

January 9, 2010
I figured out the problem relating to "Warning: Cannot modify header information - headers already sent by ..."

It has to do with where you're putting the call to password_protect.php.

I moved it out of the HTML body and up to the top of the file above the !DOCTYPE declaration and it worked fine.

Guessing this works because it's above the header of the page it is included on and therefore the header inside password_protect.php doesn't attempt to send the header again after the header info was sent.
January 10, 2010
How do protect that actual script that contains the username and password. They could still find a way to get to that script. It should be hashed up and interpreted by the php engine somehow not just laying there along with the other scripts
mk January 22, 2010
I love your script, you are a genius.
hothouse January 26, 2010
Very cool - thanks so much!
tmontague [anti-spam] mpamedia.com January 26, 2010
Nice script, very useful. Can "reset/forgot your password" feature be added.

We have an issue with the admin needing to know what user passwords are and also getting bugged because users can't remember their password. Being able to reset it would be awesome.

Thanks for your great work on this.
rob [anti-spam] orijindesign.co.uk January 27, 2010
Great stuff - thank you!
NH January 30, 2010
Hello what a great script! I just don't know how to enter the numbers for the timeout...? does it have to be in second, minutes, in other words, 05 for 5 minutes?
February 12, 2010
great script. I had it going in like 10 minutes. great description!
mjouve [anti-spam] bellsouth.net February 13, 2010
Please I'm not to smart to use the computer, just please tell me how I can do to get some help from the "NASCAR ANGELS"
Marco Jouve
christy3341 [anti-spam] hotmail.com February 15, 2010
i would like to join a hip hop dance class, i would like to know where to go and how much it cost. if someone could either e-mail me or call me that would be great :) 1204-218 4562
Ties February 16, 2010
arning: Cannot modify header information - headers already sent by (output started at /home/fastwhip/public_html/testground/beheer/test.php:7) in /home/fastwhip/public_html/testground/beheer/password_protect.php on line 138

I keep getting this error. And it does not seem to save the cookie because i have to re-enter the password on every page. How can i solve this?
Ties February 16, 2010
For people who get the 'Cannot modify header information' error on line 138.

Make sure u put the 'include' php code on the FIRST line of your protected page. It has nothing to do with UTF-8 encoding as stated before, just put it on the FIRST line.
Ties February 16, 2010
Oh I forgot to mention. THANK YOU SO MUCH FOR THIS WONDERFUL SCRIPT. This script is a gift from heaven and you're a prophet from the PHP Gods..
February 18, 2010
this seems to work great. i think its protecting my directories from being browsed(directory listing) but if you know the unique URL to photos, they aren't protected. But GREAT work here thank you
daznlily [anti-spam] googlemail.com February 19, 2010
Hi this script is excellent, I am still struggling to get it to completely work. I am creating a secure page with an upload facility, but I keep on getting this message:
Parse error: syntax error, unexpected T_BOOLEAN_AND in /home/virtual/site256/fst/var/www/html/store.php on line 112

I know this sounds cheeky, but is there any chance you could take a look at my page code and see where my error might be. I get this error when I try to click onto the password protected page.


flash62 [anti-spam] bluewin.ch February 20, 2010
Hi ! Thank a lot for your great job !
Maybe just a small request:
is it possible to write a simple .txt log file with the login infos ?
user-1 login on 20.02.2010 at 21:30

again you are great php guru !

Ciao, Pietro
February 22, 2010
Great script. Thanks
alex [anti-spam] hoquality.com February 25, 2010
Really nice script! Just what I was looking for - Thanks!
brightondesira [anti-spam] hotmail.com February 28, 2010
tini il paswerd man
brightondesira [anti-spam] hotmail.com February 28, 2010
nixtiq il paswerd man
James March 2, 2010
This is great, anyone manage to adapt this so you can store passwords in external file? or the option to set password without changing the code?

lairbear [anti-spam] gmail.com March 6, 2010
Is there a way to widen the page display? It seems that part way down the list the little icon that appears on the left moves to the right, probably because of long song titles. Also, what is the icon that is supposed to appear there? There is no "dif" folder. My web site is larrystunes.net
greenhornporn [anti-spam] gmail.com March 8, 2010
i put in the code and im only getting a black page. i am totally lost now. it worked one time then i got the black page and i cant figure out what i did wrong can you send me a email on whats wrong. thankz
greenhornporn [anti-spam] gmail.com March 8, 2010
this is the code i get on my members page what does this mean......
Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1

Warning: include(http://www.greenhornporn.com/php/password_protect.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1

Warning: include() [function.include]: Failed opening 'http://www.greenhornporn.com/php/password_protect.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1
mrindasman [anti-spam] att.net March 9, 2010
Thanks for the great script! This was just as easy as the drag & drop login tools for ASP.NET.
March 10, 2010
Yes nice script - Thanks a wrought
ahmedzeinn [anti-spam] hotmail.com March 10, 2010
March 12, 2010
You want to give this membership login a whirl - it even supports recaptcha:

March 15, 2010
Potreau Grard March 20, 2010
ron March 21, 2010
Tried it, it worked on the first page i went to, tested it, signed in, and after that no more asking for sign ins, and some pages came up blank.
ron March 21, 2010
WTF? This some kind of scam, or joke? After using the password once, it's gone. Nothing asks for a login or is protected anymore because all the code inside the protect.php file is gone, its now blank, even if i re-upload, it and check again, its blank. The F@#$%ing crap better not be some kind of hack, i just fell for!!!!!
g31.potreau [anti-spam] orang.fr March 23, 2010
inutile. Pour destination Andore depuis la france
telecom [anti-spam] altuonline.com March 26, 2010
can this script be used on an .html page? or does my page that I'm trying to protect needs to be in php format?
waleed March 27, 2010
i want to protect my password and my eamil
perpetualjon March 28, 2010
The file does need to be a .php file and not .html or .htm. Luckily, html files can be converted just by changing their file name extension. The code within an HTML file works just the same when it's identified as a .php file.
hshan April 1, 2010
Excellent job!
ris-cp [anti-spam] hotmail.com April 7, 2010
Wow! Thank you so much. I've been trying the htaccess way but it didn't seem to work. And this way did!
brainbugger24 [anti-spam] gmail.com April 7, 2010
Have Computer Problems? Try asking Experts for free:
cicciohofman [anti-spam] gmail.com April 10, 2010
This was amazing and soooo simple. Thanks so much. I only have one question: Is it easy to specify the "go-to" page based off of the different logins? For example: If the user is 'joemamma' then I want to send that user to 'joemamma_action.php', but if the user is 'me' then I want to send that user to 'me_action.php' etc etc! Thanks
Deepak Rajpal April 13, 2010
smart code... thanks
April 14, 2010
Absolutely phenomenal. Great script.
kassalem April 21, 2010
hi how are you this website is very good.......
Humanbakedbeans [anti-spam] hotmail.co.uk April 21, 2010
hi, i'm trying to put it onto a site called weebly.com. this site allows you to build a site for free. How can i do this? Please help, Thanks
Kishore April 24, 2010
It helps so much to me, thanks.
April 28, 2010
GREAT CODE, I love it, thank you for puting it together and answering all of our questions.
April 30, 2010
kunna oooooombikkko
Gunasekaran GouthamRaja May 3, 2010
Hi I have launched my website in webnode.com. I want to protect a particular page. Can U help me how to do this?
Gunasekaran GouthamRaja May 3, 2010
Hi I have launched my website in webnode.com. I want to protect a particular page.
I have uploaded the "password-protect.php" file. But how to get the path where it is stored so that I need to apply it in the protection page
BMF Sports May 4, 2010
This is RIDICULOUSLY EASY! It took me a few tries to get it, but it's only because I was thinking in HTML mode for a while. This script ROCKS!
Ellen May 5, 2010
thank you, this is just what I was looking for! -and so easy for a noob like me ;)
thom [anti-spam] 321goforit.com May 6, 2010
fooling with this script for 4 hours now... keep Running into problem you identified solution before where you suggest // setcookie("verify", md5($pass)); however that effectively kills using this script on multiple pages and the user needs to relogin every page. I am at a loss as to what to do to eliminate the "Cannot modify header information..." error message. I reference the password protection page in the first line of the php page and there is no code sent before? Please help I dont get where the problem is... it points to the cookie line.. but unsure why.
gomsymarwaha [anti-spam] yahoo.in May 7, 2010
hi ,, m gomsy,, i made a html web page and i want to put a password and username on its login page .. so would u plz help me
Pete May 7, 2010
When I connect it to mysql, it only works for the userid and password that is LAST in the database table.
wachs84 [anti-spam] yahoo.com May 8, 2010
This authenticator is outstanding, and I assure you I'm a person who rarely uses that word. What was not obious to me at first, was that the whole point is to provide a hyperlink to any-and-all PHP files that you want to protect, whose first line has been edited to include the one line of Protection Code. The edited PHP files will seamlessly automatically call the password_protect.php file to authenticate, then revert back to the original PHP file that was the original target. Providing the user a hyperlink directly to the password_protect.php file will work too, but it will display a blank webpage upon pressing Submit. My point is that one critical line of Protection Code is the heart & soul of this wonderful code you designed.
Recommendation: upon form load, the Login entry control box should automatically get Focus, so that the user does not have to mouse-click on it, and can immediately type USERNAME TAB PASSWORD ENTER, badda-bing-badda-bang done in 3 seconds.

jim_neal [anti-spam] yahoo.com May 10, 2010
I have it working if I go directly to the protected page. However I linked the protected page from my index page. If I click on that link I am taken directly to the page without a password prompt. However if I type the address directly in I get the prompt.
KC May 12, 2010
This is an awesome script.. i learned so much and had it up and running in less then 10 minutes.. AWESOME work.. thanks so much!
Ian May 13, 2010
When I go to "http://www.mysite.com:82/password_protect.php?help", my browser downloads the file. I'm using Safari, and my site's hosted over port 82.
jayfuentes [anti-spam] gmail.com May 13, 2010
how would I be able to grad the $LOGIN_INFORMATION and use it in another php page to verify permissions?
May 17, 2010
Is there a way to keep the $login variable in memory so I can display the currently logged in user if needed?
eyphotography May 18, 2010
Works great!! I'm using it for my photography client login page.
Neofrgo May 20, 2010
i love you mate i have been looking for a password for my site and i have just found your's it works perfect i love my mate!
May 24, 2010
Very very cool, thanks for your help.
Finnur May 25, 2010
Hey there. Good script. I was wondering if there's any way to make it automatically log back out after a certain amount of time has passed. This will prevent the page to be open if entered in a public computer.

thanks for this great script!
judybooty May 25, 2010
Just a neads up for some newbies using godaddy. If you are using the default hosting provided by godaddy (windows) it will not accept the php files. You will need to call godaddy and have them switch you to a linux server. There is no charge for this and no down time. Just make sure you are not using .asp files which will not work with linux.
lx May 26, 2010
Hi zubrag,

Your script rocks!

Does anyone know how I restrict login to one user only, e.g. if User1 logs in no one else called 'User1' can login at same time?

In other words: I don't want users to use each others accounts from different workstations.

loveyourscript May 26, 2010
Looking for a way to implement a 'logout' button or timeout the cookie to require a user to log back in after a certain amount of time of inactivity
charles.morrison [anti-spam] rocketmail.com May 28, 2010
Great, works for my site, though i would appreciate if any one can let me know, how can i make it that, you only get one password input attempt, after which if you put in the wrong password, you are redirected to a different page, and you cannot go back to the password page by clicking the back button on the web browser.

Also, if you get the right password, you are redirected to anothe page too.
Albanian June 5, 2010
hey dude great script....its been a long time ive been looking for such script thxxxxxxx babe
bill1229 [anti-spam] wwmgmt.org June 7, 2010
Does this script do any logging so I can see who logged in? I want to pass out login ids and pws and then be able to track who used it and when.
June 13, 2010
Amazing NO WORDS
phlum June 15, 2010
Can we put just .htm files in the LOGOUT_URL field?
Jacob June 21, 2010
Very nice script. I love it!! Iv been looking for ages for one of these. Again, brilliant! Oh and for you guys who want people to be able to log out. Why don't you just create a link that reloads the page. As mr man who made this said, it logs you out when you reload the page. So that would work bcuz it is working for me :-) <a href="www.klueless.net/forum"> This is what im using it for </a>
kolbjoern [anti-spam] stuestoel.no June 22, 2010
Automatic focus
As I used only the password part (not the username), I added
<body onLoad="document.pw.access_password.focus()">
in the Form part of the script to let the input field have focus at start.
kolbjoern [anti-spam] stuestoel.no June 22, 2010
Automatic focus
Sorry. I forgot to tell that I had to give the form a name: <form method="post" name=pw>.
kolbjoern [anti-spam] stuestoel.no June 22, 2010
Logging out
I added a var $passord_i_bruk = 'yes' at the top of the program. Then where I would have the log out possibilities in my html side I added
if (isset($passord_used))
print '<div><a href="password_protect.php?logout=1">Logg ut </a></div>';
else do_something_else;
When logging out the user is at the moment redirected to a html file defined in the LOGOUT_URL.
June 25, 2010
Would it be possible to present some comprehensive examples on hoe to attach this to a MySQL database?
Yours faithfully
shibu.n [anti-spam] adventity.com June 27, 2010
user name password
Shakka July 4, 2010
wats the password??
mrtrixter [anti-spam] hotmail.com July 4, 2010
Great little script. Nice work, and thanks!
tetinedours38 [anti-spam] hotmail.fr July 6, 2010
July 14, 2010
Nice script. But when i insert the script at the top of my page it shifts all my content to the left. Any ideas why ??
faedelagra7 [anti-spam] hotmail.com July 16, 2010
what is revenue .com
July 27, 2010
For the logout i keep getting this on click

You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

and i cant seem to get it to work
design [anti-spam] sbroderick.com July 27, 2010
Probably one of the coolest, simplest and best scripts I've ever found. I just used it on a site and it not only saved my so much time because it's so simple and fast, it really impressed the client and myself with how versatile it is! Thanks!
ContentChris July 29, 2010
This script is actually amazing! I needed a decent loginscript for a page I had no way of using a DB driven method. This is much better then the temporary javascript login I fixed.
Cause lets face it, javascript is not what u want.

Thanks a lot author!
telessa [anti-spam] comcast.net July 31, 2010
OMG! I have been working on the forever! My site says the host server name is D:/Hosting/cwbkman/ and I uploaded the php file to that server. I changed the password and added the coding line to the very top (with no spaces) of my wanted protected pages and nothing happens!! WHat am I doing? PLEASE HELP! EMAIL!
July 31, 2010
I have your script up and running, everything was working fine, but now in IE7 and IE8 after sign in I'm getting a blank screen?
July 31, 2010
Great great...the only remark I have is that when i type a wrong login there is a error saying... wrong password..

Is there only one validation on teh 2 fields?

JB August 10, 2010
Very Nice! too cool. perfect, Genius. simple, But powerful!

kj August 11, 2010
Its a good script, thanks!
JimmyC August 11, 2010
Man! Thank you so much for this! I am not great at MySQL and PHP. This works great! I would just have to tell the client what the user and pass is and off we go. I read a lot of these posts and I suppose if you want multiple page login, meaning different pages for different people, I just create this code and rename? One of these days I would love to write something where the user can create the name and pass... but I'm gettin a headache just thinking about it..LOL.. Thank you sir for this! Awesome dude for helping us all... JC
chigger August 15, 2010
wow this is great! thanks a lot man =D
raihan_mazumder [anti-spam] yahoo.com August 16, 2010
Can you send me my email some php good script? email: raihan_mazumder@yahoo.com

+88 01712048181
James August 17, 2010
Is there any way to make it so that the cookie lasts forever instead of deleting it at the end of the session? Other than that the script is rock solid.
cfksite [anti-spam] gmail.com August 20, 2010
I set this up on my site, and the log in works fine, but it Keeps asking for a password everytime I come back to the page. Isnt there a cookie being Set to prevent that?
jade August 22, 2010
Thanks for this it is just what I needed and works a treat! x
maxbomb95 [anti-spam] yahoo.com August 24, 2010
I don't really understand what to do here. I modified the password and username with notepad i'm not really sure if I modified it right though. But regardless how do I put the script into my webpage. My website is html. What part of the scipt do I put on the page?

My email address is maxbomb95@yahoo.com
Matt August 25, 2010
Brilliant script! You've just saved my bacon! Thanks so much.
malar.rose34 [anti-spam] gmail.com August 26, 2010
the php code that does not go to previous page
Codenix August 28, 2010
Great script mate - had limited success with four others I tried due to poor doco or commenting - yours was a breeze to set up :)

Thank you!
August 30, 2010
You are great guys! I hv enjoyed much in navigating through this page. keep it up guys.
Karen Chun August 30, 2010
This is a wonderful script...I end up having to maintain websites that are built on lame hosts without easy interfaces like cpanel and which do weird behind the scenes stuff that invalidates .htaccesss.

So this was a LIFE SAVER!

ripmiata [anti-spam] gmail.com September 3, 2010
Thank you. I had this up on our web site in 10 minutes. You are a gentleman and a scholar. I use old Frontpage 2003 and I saved my target page as a PHP file and copied the code to the first line like you say. Saved to web space and brought it up. Hit the hypelink for the protected page and entered "zubrag" and "root" and got the page. I then changed the UserID and passwords to match the vendors I want to access the protected page(s) and made the Timeout value ".001" so they would have to sign in every time. Thank you so much. I will be looking for the Donation Page as soon as I finish this.
Macc September 4, 2010
Thanx man, just what I need.
wcongdon59 [anti-spam] yahoo.com September 7, 2010
I was watching a football game at Starbucks when I first bought Veetle TV and today I tried to get back onto NFL Live TV @ mytvdirect.com/member.php, but now I can't get through the password screen. There's no "Forgot your password" feature. My screen/member name is 5RLauthor. Can you help me?
leon September 9, 2010
This may have been addressed but I didn't see it up above...how do I modify the file so that it only requires a password and not a username?

Any help would be greatly appreciated.

info [anti-spam] kristieakindesign.com September 10, 2010
Awesome script and so easy to implement! This worked like a charm. Thanks!
zhapness [anti-spam] forum.dk September 12, 2010
Hi is there anyway i can the script without the cookies thing?

And thanks for all these nice scripts :)
Dazadz September 14, 2010
Brilliant script, thanks very much. Really annoying to see the thoughtless comments left by some people too stupid or lazy to figure it out, everything is explained very well.
I had one problem with having to re-login on each visit after closing the browser, altering the cookie timeout to 72000 instead of leaving it on 0 solved that for me, I use IE.
If you don't want cookies I think you can just put // at the start of line 139 (the setcookie line) and that will stop cookies being set.
joey September 15, 2010
Great Script, I have one issue once everything is up and going i see a warning message at the top of my page.
Mark September 15, 2010
Thanks for a great, easy to use script!
mindz0r [anti-spam] mail.ru September 17, 2010
I get warning:
Warning: Cannot modify header information - headers already sent by (output started at Z:\home\localhost\www\users\index.php:1) in Z:\home\localhost\www\users\password_protect.php on line 138
Linda G. September 19, 2010
L-O-V-E this script!! EXACTLY what I have been looking for!!!
September 20, 2010
Bless you people! Great script, easy & with understandable comments, especially for a beginner to PHP like me. Thank thank thank you Nicky
Brahdah Neke September 20, 2010
Awesome Script!
Nice work my brahdah!!! Mahaloz!
Louw September 22, 2010
Your facility is being used by scammers. Check out www.revenue.com sending out e-mails purporting to to come from SA Revenue Services. Suggest you look into it as it compromises the integrity of your site
Tim September 27, 2010
people are getting the Warning: Cannot modify header information error because this scripts only works in php5 +
Anurag Panda September 29, 2010
Thank you. Very useful.
Sjors October 1, 2010
This is perfect!
Thank you!
October 2, 2010
great script. Going since 2006 and still going strong.. good work!!

Amazing the No. of people who cannot read simple instructions and ask questions here!! :-)

Any chance of a logging feature to capture IP/login/password attempts?
I have added it to your script manually but would be a great add-on...

October 14, 2010
I do not understand what you mean when you say "Open script in your browser with "help" parameter to see the line of code to add to every page you would like to be password protected." Can you please explain?
khairul October 18, 2010
I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!
centralpadesigns [anti-spam] gmail.com October 19, 2010
This is actually a really awesome thing. Thank you so much!
tiffpeirsim [anti-spam] gmail.com October 22, 2010
Hi Zubrag,

I want to share one password_protect with 2 different domain, what should I do? Please help me! Thanks for your help!
October 25, 2010
well done, thank you!
hoe October 26, 2010
Abe Tum Koi Hindi Me Nahi Likh Sakte Ho Kya MuZhe Bahut Problum Ho Rahi Hai Samjhe Tum Log Koi Video Kyon Nahi Banate Ho Hmmm Ya Tumhare Pass Video Recorder Nahi Hai Reply Now
robert.hill [anti-spam] ultimatesupport.com October 27, 2010
What if I want my downloads from that page to have that same protection, so people could not just copy the link and send it to everyone?
imaga_kingsley [anti-spam] yahoo.com October 27, 2010
pls i need your support on how to create a subdpmain and a password 4 hosting.pls!
October 28, 2010
!!! Comments posted here will not be answered. If you want to ask a question please post it on the forum.

they were answered back in 2006 - 2007 your site just aint the same.
sonnyb [anti-spam] radiohd.us November 1, 2010
Warning: Cannot modify header information - headers already sent by (output started at /......djsonnyb/jukebox/index.php:1) in www/djsonnyb/jukebox/password_protect.php on line 139
im a noob any help? thanks. I erased some of the path because of security
Blogspot Malaysia November 7, 2010
Very nice script. Helped me alot. Thanks!

<a href="http://www.blogspotmalaysia.com">Blogspot Malaysia</a>
Daku November 12, 2010
For people who are trying to use this but who keep getting the "login incorrect" message. The solution is, you need to:
1) Add a comma to the end of the line
'admin' => 'adminpass'
2) Add your own username and password (no comma at the end of that line), so it looks like this:
'admin' => 'adminpass',
'registered' => 'letmein'
Then it will work.
Just changing the default passwords will not work, you need to ADD one.
Many thanks for this script.
November 19, 2010
Great!!! It works in 3 minuts!
Many Thanks!

natalia November 23, 2010
Hi, first of all great script !!!!!
.. . but I cant make it work for the sever http://users.auth.gr/~nakour when I write http://users.auth.gr/~nakour/password_protect.php?help it just edits the code. (I tried it to another server and it works fine). Could you please, ,please help me
martin [anti-spam] dtgweb.com December 2, 2010
how could i use this script to force all protected pages to https?
December 10, 2010
Everyone that is getting the header error on 138. Put this script ON LINE 1!!!! Even before your DOCTYPE.
ecurtissdesigns [anti-spam] gmail.com December 13, 2010
Great Script, ... my sincere thanks.
Craig December 15, 2010
Thank you very much for this very simple code.

Simplicity is a good thing.
kalyan_p85 [anti-spam] rediffmail.com December 17, 2010
please send me the information that how can i open a website by logging only once.
i.e i give user name and password only once at a time.
Purko December 22, 2010
Many thanks!
oe December 24, 2010
great tool for php obfuscation
December 26, 2010
martin [anti-spam] dtgweb.com December 2, 2010
how could i use this script to force all protected pages to https?

//force redirect to secure page
if($_SERVER['SERVER_PORT'] != '443')
{ header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); };

i found this php code online
it will work as long as you server supports https
lulz December 28, 2010
You people know that this article is 10+ years old right?

You expect to still get answers?

You expect this to be the best option?

January 5, 2011
hey lulz
Instead of being an ass - be helpful. This is the best online resource I've been able to find regardless of age.

If you have a better solution - post it!
info [anti-spam] reiner-ahlgrimm.de January 6, 2011
I also couldn't find a better solution. That's it! Thanks to Zubrak!
enz January 17, 2011
you may have answered this already, but for some reason i am being asked to repeat the username and password for every page. Apart form this hurdle every thing looks great.

cg4u.info [anti-spam] gmail.com January 18, 2011
we are from CG4u.net (www.CG4u.net)
thanks for the great script,
it helped us a lot for secrecy on web,
thanks man,
God Bless you,
Fill your dreams,
to reality,
Make you happy for ever
Unknown823 January 21, 2011
Great script, thank you for letting others have it. I also must say that I found it kind of ironic that just minutes after downloading this protect-your-website script from here a month or two ago, this site was hacked.
rob [anti-spam] lightfusion.co.uk January 23, 2011
Thanks for the Script, Its brilliant.

Multiuser support would be an awesome addition (user A has access to Page A, User B to Page B, ETC.)

i know this can be don'e by duplicating and renaming the file though...

So Thanks Very Much for your Efforts!
salsaShark February 7, 2011
Speaking of which, how would one add multi-user support (as stated above)?
Partha February 12, 2011
Thanks, I am going to use this script
info [anti-spam] awacsweb.com February 14, 2011
hello my friend download password Protect, i wanna just request password in limited country.please help in this cause.how to use this code.
Zeeshan Raza
alexlworks [anti-spam] rogers.com February 14, 2011
Multiuser support would be a very useful addition I agree.
deeanne February 16, 2011
Thank you very much!!
sal February 16, 2011
fantastic script, thanks so much!
Rico February 24, 2011
Does the script require to relog in when I update the password on the password.PHP or
How do I get rid of the cookie support?
aparcedo [anti-spam] hotmail.com February 26, 2011
hi. how can i put in the code a funtion to aedit a txt in the server that includes:


with every login.
Eris stephenelis [anti-spam] yahoo.com March 3, 2011
I am interested in using this script for multiple users. I read and understand the post describing how to use multiple directories.i am being asked to repeat the user name and password for every page.
rbrianh [anti-spam] electro-mechanical.com March 6, 2011
How can I use this for multiple pages where each one can only log into their own page and not the others on the same site?
itokelement [anti-spam] gmail.com March 7, 2011
Good script, generally easy to implement.
However, how would one post the logout value via AJAX when capturing a click on the logout button using jQuery?
Thuan Nguyen March 9, 2011
Love the script. Very useful. It needed a little CSS, but works perfectly. Thanks a bunch.
stan [anti-spam] imperialmed.com March 15, 2011
This is wasome script. I am web amature and dobnt know any html/php/asp/ and I was able to install it with out any problems
thanks so much
March 21, 2011
I also have the example.com problem.
Iulian April 5, 2011
Wow this is an awesome script, I was looking for something like this for a long long time! Thank you and god bless you!
barcode maker April 11, 2011
Great script. I will be using it on my website. Thanks for sharing it.

barcode software
kyl April 15, 2011
this is perfect and less then 2 min install.
warray April 18, 2011
thank for the script it work perfect after
i install it, even though it take time for me to figure it out....ehm not familiar with PHP...thanks
May 2, 2011
Thanks, This is great script. Can you please advice if depending on the password (password only option) can I redirect it to a particular page.. e.g. if there are 3 passwords say admin, normal, moderator then it should go to /admin.php if admin is selected, should go to mod.php if moderator is selected etc..
d6bmg May 6, 2011
very nice script. Using it in my saveral module.
At last a big thanks to all who made this script.
digital_es [anti-spam] ymail.com May 9, 2011
Thanx, i new in PHP,
this very helpfull code
lots of thanx
wayneb May 17, 2011
Thank you, my friend for a great script. I'm new to web design and this is a super design.
maheshkakara4u [anti-spam] ymail.com May 19, 2011
thank you, for your good script its really helps help to solve my problem
Balaji May 20, 2011
Hi, I culdn't login , password error, can anyone tell the username , password for this script, Pls.....
jeremyb [anti-spam] zippymail.info May 23, 2011
Very useful and easy to implement into my website. Thank you.
Francois May 24, 2011
Straightforward, i like it!
thomas May 26, 2011
it did not work
June 5, 2011
super approach, works out of the box. cs.
alex June 10, 2011
anyone figure out how to make it so depending on the username, it redirects to a certain page?
socialmedia2127 [anti-spam] gmail.com June 14, 2011
This is awesome. Nice script! It works so fast and very good. It really give a support. You really are genius. Thanks for sharing your wonderful insight.
<a href="http://drivingtraffic.com/category/conversion-tips/">six minutes to success life</a>
sterling [anti-spam] stylebysterling.com June 15, 2011
Uh... I do all my sites thru iWeb off my mobile me automatic Publish. My designer friends site I'm doing she just wants her Wholesale page to require a password but can't figure how to use your code for...?
Dejan June 20, 2011
Hi, good work.
I there a possibility of multi-user password (each user to have their own unique password) and the password that have a duration. For example. that password for 30 days after the expiration of the time they can renew it in another 30 days.
Marco June 20, 2011
Hi there. Very nice and easy to use script. I have one question though and I hope somebody might be able to help me. I tried integrating it into our ecommerce website where I would like to have a separate section for b2b customers. Unfortunately the password-protect php seems to mess with may layout. I _guess_ it might be because of the die(); value which prematurely kills the rest of my php and so messes up the layout but I am not sure how to fix that. Any ideas would be really appreciated - Link is here: http://www.sport-damm.de/index.php?main_page=page_2


saileshbang [anti-spam] gmail.com July 2, 2011
Hello i know its very good scripts but i cannot give my password and access the page..please explain me in easy process..

let us suppose if i want to give login name as abcdef and password as xyzabcdef
then what should i write in the code....

'zubrag' => 'root',
'admin' => 'adminpass'

July 7, 2011
Sailesh, just replace the username and password given with yours or put a coma at the end of 'adminpass', new line and follow the given order.

Samuel Mungujakisa
July 7, 2011
I integrated a database into this, allowing for database-based authentication. Sample code is as follows:

$a =$_POST['access_login'];
$b = $_POST['access_password'];

$users="SELECT * FROM users WHERE user='$a' and pass='$b'";

"$x" => "$y"

munguja7 [anti-spam] yahoo.co.uk July 7, 2011
Forgot to sign the last post.

Samuel Mungujakisa.
July 7, 2011
Is it possible to redirect each user to there own page, for example i want it something like
'user' => 'userpass' this goes to one page whilst
'user2' => 'user2pass' would go to another?

Thank you
July 9, 2011
I really like this script, quick and easy. I am trying to add a drop box so that users can connect to different databases (different connect_to.inc file for each database). Anyone have any ideas on this.
July 9, 2011
Oops! disregard the last message. Just found the forum.
DolphinSurfer July 12, 2011
Word of warning: If you test this script manually in your browser, you _will_ be logged in until you close the browser. This caused many hours of fiddling with the HTML code to "try and get the login" to show again.
Giles July 31, 2011
Great script and have used it on several sites,

I'm having a problem with a clients shared GoDaddy host. Everything as it should be and I can generate the path through ?help but when stripped into my php page I get a login screen and once login is entered it re-directs to the appropriate page but its just blank. I've attempted both the path generated by your script and the absolute path from the GoDaddy server, still no luck.

I've installed it perfectly on my own GoDaddy server with no problems. Any ideas or anybody else with issues on GoDaddy.

lovecharles2004 [anti-spam] gmail.com July 31, 2011
Hello, this is really good
Is there a possibility of multi-user password (each user to have their own unique password) and the password that have a duration. For example, that password for 30 days after the expiration of the time they can renew it in another 30 days.

August 7, 2011
Good script, thank you. Works fine, I had some problems with the cookie but found that after putting the include line i.e.
<?php include("path/to/password_protect.php"); ?>
on the VERY FIRST LINE of the subsequent pages it worked a treat. Thanks!
shaan August 10, 2011
but as its asking paswd only once. and then i belive its set in cookies.
but i want password authntication every time i am browsing that site., how to do this..
thecsa0ne [anti-spam] gmail.com August 11, 2011
Hy zubrag! :)
Thenx the script. Can you give me one capcha script to be include in login and register script? This anti-spam is nice. Thx. My email ist valid.
PS.I try to hard, learn english :P
Ste August 17, 2011
it works for me only with the default user and password.
and how can i change the width of the passworded page? i have a small php page 350x400px
rottencrystalforest [anti-spam] gmail.com August 17, 2011
Thank you so much, this script has solved my problem and functions perfectly. I can add users and subscribers to my confidential webpages and not necessarily give out internal and admin login details. Good work and keep it up! Thanks again.
Ste August 17, 2011
Will only work for me with default user and password? doesnt work when i edit them :(
oyster August 18, 2011
Very good script.Users must take care to place this outside of server's root directory because passwords are unencrypted and someone with a spider app can download the whole site and read them.
SANDY August 19, 2011
Jane August 28, 2011
The scripted worked on all other folders in the my site. Now I have set up another directory as password protected and it doesn't seem to see the password_protect.php file to verify the password. It kept on prompting me with the username and password. What have I done wrong?
ally September 3, 2011
it works great, but does anyone know how to send message after login?
I have tried this but it doesn't work:

if($_POST['access_login']=="ok" && $_POST['access_login']!="email@email.com"){
Mail("email@email.com", "login", $_POST['access_login']);
September 13, 2011
Doesnt work, and i did what you said. (using wamp server 2.1 with php enabled)
alvaro September 16, 2011
Great code zubrag, works perfect!

Thank you!!!!
September 20, 2011
Thank you so much. Exactly what I needed!
September 25, 2011
Deep September 26, 2011
Thanks a lot..!script working fine.
wagnercott2 [anti-spam] yahoo.com October 6, 2011
can anyone help me, what is the password for this?? http://hkprojects.freei.me/php/putmeon/putmeon.php?id=
monirali51 [anti-spam] yahoo.com October 7, 2011
someone set a password on http://hkprojects.freei.me/php/putmeon/putmeon.php?id=
... it was a mean effort. we ppl have some fun with the project. pls make it password free or publish the password here if anyone knows.tons of ppl r depending on it. help it pls . greetings
wagnercott2 [anti-spam] yahoo.com October 8, 2011
plss give the password of this..
Plssssss TY
ataylor801 [anti-spam] yahoo.com October 14, 2011
I want to set up usernames so users can see all the links/files on the page being protected but I want a guest username to only see certain links. Can I use the same script and change something to do this? please help...
goloco101 [anti-spam] gmail.com October 18, 2011
Hi there just want to make an inquiry of how sustainable <a href="http://www.golocomarketing.com">Online Local Listing</a> is
m.shiraz554 [anti-spam] gmail.com October 19, 2011
nice stuff is very perfect!!!
J.jolly October 22, 2011
There is a big problem with this script, when i click submit button with blank username and password, it shows the protected page, it doesnt say wrong password. Please help me, i need help really fast. All other things are fine in this script.

Thank you!
rudiansyahsh [anti-spam] yahoo.co.id October 24, 2011
can help to get open this link and what that pasword

http://hkprojects.freei.me/php/putmeon/putmeon.php?id= (number) how make open this link.

can help me anyone
ivan October 24, 2011
how can i add multi user??
HELP PLZ October 24, 2011
I have deleted some of the files by accident were can I re download the whole thing?
PRIYA October 29, 2011
prashantpnd951 [anti-spam] gmail.com October 31, 2011
Will it is secure to buy server space from website company. Will it is secure to upload my file there, can they copy my php coding
November 4, 2011
I have uploaded the password_protect.php file on my server and created a protected .php file with the first line of code like you said.
When I open the password_protect.php for the first time I type the login and password and when I submit, I opens again the password_protect.php but blank this time. Then I go again to the password_protect.php page to log again, but the page is also blank. It opens again well after cca. half an hour. I am new with php and scripts, please help! Please check it yourself: http://roartrans.freehostia.com/password_protect.php
Thanks in advance
Jamy November 4, 2011
Cool script!
I was trying to cook up my own solution for hours till I found this, in a few minutes I was done!
Thanks for the script man!
Ricardo November 9, 2011
Loving the script but one of my passwords will not work. Lets say i have a password called chicken, another called flower and another called trasea. The trasea one will not work, is it to do with the ? and if so, how can I bypass this as I need this to work?
shankar November 15, 2011
Thank You for this valuable inforamtion.did well for me.
ritudoki November 17, 2011
Awesome script! Thank you very much!!!
DK November 17, 2011
You rock!
December 1, 2011
I"m having an issue. I did everything correctly but when I got to my 'protected' page it displays normally asking me for no password?
December 1, 2011
Where can I get a comment board like this one? This one is perfect, please direct me, thanks!
Derrick December 11, 2011
Sounds good, I am tempted to use even with my limited knowledge of computer code. Does anyone know if it is more secure than MrSites own password system please ?
December 12, 2011
password protect doesn't work on certain computer I've tried. What happens is that the password and username are accepted but I am not redirected to my actual page upon entering password and username. any ideas why? does it have to do with windows security settings?
December 21, 2011
i can't open the php file once it's unzipped. it has the little ie icon and won't open for editing.
very frustrating. am i doing something wrong? tips?
sammietech [anti-spam] gmail.com December 25, 2011
hello guys, am using dreamweaver and php. i have try to redirect page, but its given me an error message that state "Warning: Cannot modify header information - headers already sent by (output started at /home/cac/public_html/connect.php:16) in /home/cac/public_html/testing2.php on line 8"

Please what am i going to do
vemeka [anti-spam] gmail.com December 28, 2011
please let me know what i am doing wrong, after adding the code, when i enter the url it will go directly to the redirected webpage without displaying the username and password login page, Pleas help- Thanks
arthesashe [anti-spam] gmail.com January 3, 2012
how about admin account can add another password or change the password without editing its source code. meaning must have a SQL.
Nasim January 13, 2012
When I'm trying to log out by using parameter like password-protect.php?logout=1
it is redirected to another site [i.e. http://www.iana.org/domains/example/]
Why it is happening???
pedromarqueslx [anti-spam] gmaill.com January 18, 2012
Thank you for sharring.

Best regards.
brad January 18, 2012
I cannot get the code to insert into my page. Every time I go to .../password_protect.php?help in my browser I just get the same page, without any new information or code. Where can I find that line of code to insert into my pages? thanks!
thomas.rykala [anti-spam] gmail.com January 22, 2012
Brilliant. Thank you.
January 23, 2012
Fantastic - exactly what I was looking for! Thank you very much for this.
DevHead January 24, 2012
Hey, first of all thanks. This script works really well.

Now, I'd like to redirect users to different pages based on the username/password they provide. I'd like to only have one login box that redirects them based on who they are. Can you provide the if statement for this? THank you!
DevHead January 24, 2012
basically to clarify more I want to write something liek this:
if $_POST['access_login'] == "test" && $_POST['access_password'] == "abc123" {
// direct to this page
DevHead January 24, 2012
if ($_POST['access_password'] == "abc123") {
header('Location: http://www.google.com/');

if ($_POST['access_login'] == "test" && $_POST['access_password'] == "abc123") {
header('Location: http://www.google.com/');

Figured it out. You can use the above code to direct users to different pages using the above code
sales [anti-spam] page2pagepro.com January 25, 2012
UID: zubrag
PSW: root


PHP + AJAX + STYLE = Nifty one-page login.
January 27, 2012
Is there any way to password protect html pages...
burton_1979_1 [anti-spam] yahoo.com January 29, 2012
How do I protect my directories besides my files?
waahmed [anti-spam] etilizepak.com February 2, 2012
plz send password
February 3, 2012
Thanks for a great Login script.

With limited PHP skills I initially had issues creating a logout that worked. But final got it right and thought it worth sharing here.

I found this code:
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);

in the login.php file supplied.

So on the page that I am protecting I created a login button with the following code:

<div><a href="your-url.php?logout=true">Log Out!</a></div>

your-url being the same url of the page you are protecting. so it just re-runs the page and login.php but this time the variable logout has something in it so it clears the password.

If navigate away from page without logout then timeout script should be relied on to log out. But I am still testing this!
austinjbollinger [anti-spam] gmail.com February 4, 2012
I just had a question about putting this into a table or something so that it can be better aligned. Any ideas? www.videogize.com/clients.php
February 9, 2012
This is a neat script, but I'm wondering if there would be any way to actually control content BASED on the username used to login? So PersonX could see content specific to them, and PersonY would see something else, specific to PersonY. Just wondering.
Mohd_arshad33 [anti-spam] yahoo.com February 9, 2012
Hi I want to use this script but can anyone help me for autoredirect mane page if not loggedin.
Means if I am using this script into 4 pages like page1index, page2,page3and page4, n last is password protected page so if user open directly page2, so user auto redirect to index page not show direct login form I hope you getting my point. Thanks mohd_arshad33@yahoo.com
missymoo February 16, 2012
Hi..just wondering how I would use this on my the website I created through weebly. Do you know if it is possible?

Thanks so much for your help.
Hunter [anti-spam] piercetwins.com February 19, 2012
How to make website
February 21, 2012
Wiow..dis was wt i need
March 2, 2012
Super! Very easy to customize and efficient - thanks
stiofan.deGeata [anti-spam] gmail.com March 8, 2012

This is a great script and is greatly needed. I installed it on my testing server and it worked great, however, when I installed it on our site (GoDaddy, linux), it doesn't work anymore. I have no problem getting the URL using the "?help" parameter, but it produces "/home/users...", just as Dave said earlier. The php script is totally unresponsive and the page is out there for all to see.

Any ideas?
Karlos March 9, 2012
Great script, thanks alot for sharing with the community.
Emanuele March 17, 2012
Zubrag, thanks for the valuable script which made me password protect my website almost in the same amount of time I needed to google "password protect website"... You're a genius, a generous genius!
March 17, 2012
Zubrag, thanks for your skill and generosity. I have tweaked it to log users logging in, setup a logout and added my own headers and footers. Brilliant. Graeme
Daniel March 22, 2012
Super nice script!! Did the job i needed it to do!! Saved me alot of time and work!!
ben March 22, 2012
I had the problem of getting a 404 error on my server and it was just because I did not have the server set up with php support. Also remember your page needs to be in php too. Silly mistake and took some careful reading of the comments to figure out but looks like other people had this problem too.
Script now works great thank you
JiiKoo March 25, 2012
Simple and fast entry level password protection for the web pages. One thing worries me is that this script doesn't prevent some bots trying to login with brute force to the site due to lack of the number of the login attemps allowed and nor it doesn't have any feature passing the authentication information thru the web server log files to block the intruders IP using for instance fail2ban or some other similar utility.
March 28, 2012
Can it be set-up to multiple user n multiple redirection? example: user 1 with password 1 goes to page 1. user 2 with password 2 goes to page 2
April 2, 2012
Relative newbie, just installed DW and Xampp found your script and found it easy to set up and use.

*Thumbs up*
Poulty April 11, 2012
As a newbie to php, I found this really helpful, thanks.

A small mod I added was to put focus into the password box when loading the page, here it is, I hope it helps someone else. Just replace the form definition with this:

<form name="loginform" method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
<script type="text/javascript">
kuzco1 [anti-spam] gmx.ch April 11, 2012
Hello, I love this script, but unfortunately I was not able to change the script to use a SQLite database. Can someone please send me his *.ph which is using SQL or mySQL to kuzco1@gmx.ch.

Juan April 13, 2012
Just started today to program in PHP and mySQL and this was so easy to implement in my little project. This is just so amazing!
rha2180 [anti-spam] yahoo.com April 25, 2012
Great Script, super easy to implement. I'm wondering if there is a way to pass the username to another page so I can give admin rights to specific users so they can create new users, as well as have users change their own passwords. Thanks,

sreed207 [anti-spam] gmail.com May 6, 2012
I have the script up and running on a site, and it works great in firefox, but the logout url is not actually logging out in ie (it redirects but does not logout). Any suggestions? Does this have to do with caching?
sreed207 May 7, 2012
Got it running (see my previous comment). I don't think the HTML no-cashing was enough. I added this in right before the <html> tag, and now ie logs out correctly:

// Date in the past
header("Expires: Mon, 26 Jul 2011 05:00:00 GMT");
header("Cache-Control: no-cache");
header("Pragma: no-cache");
Lefteris May 10, 2012
Thanks a lot mate!
Your script works like a charm....
Really Good Job!
Intrepid May 27, 2012
Logon is good, but Cookies fail to set on data from mySQL, so keep needing to logon :-$LOGIN_INFORMATION[addslashes(strtolower($row['name']))] = $row['password'];

Cookies work just fine on, no need for repeated logons:-
'zubrag' => 'root',
'test' => 'testpass',
'admin' => 'passwd'
azim8725 [anti-spam] yahoo.com May 29, 2012
ami bdadclick a kivabe platinum plus account khulbo bolben please.
hatimnes66 [anti-spam] yahoo.com June 15, 2012
my pass world Sako
New.methodsir [anti-spam] gmail.com June 29, 2012
Koto taka niben per account khulte?
Leonardo July 26, 2012
Ok, it work fine.
Thank you very much,
shangguanyu [anti-spam] yahoo.com August 24, 2012
I completely agree with you. I have no point to raise in against of what you have said I think you explain the whole situation very well
Nick August 28, 2012
I used the script to try it out, and everything works, the only problem, is that it won't let me add more than two users. Why is this?
Nick August 28, 2012
Nevermind, sorry, just wasn't reading, what it says right above the array of passwords. Great Script!
Pete August 29, 2012
Forget the password_protect.php?help that returns a server-specific URI. I wanted to be able to test using wampserver on my localhost too, so I used

<?php include($_SERVER['DOCUMENT_ROOT'].'/mypath/password_protect.php'); ?>

This allows the code to work on any server without having to modify every file when I change.
samundrak [anti-spam] yahoo.com September 2, 2012
zubarg died or still alive ???????????????//
September 6, 2012
How can I have the page access an "https:" page?
jesseg [anti-spam] jessegunzel.com September 6, 2012
How can I have the page access an "https:" page after successful login?
bbariyana [anti-spam] gmail.com September 15, 2012
Your script look good and i to use it in my site.
Georgi's FlatPress Guide September 19, 2012
Zubrag's great script is now available as a FlatPress plugin. Now you can have a completely private personal or small team blog, yet still be able to update it remotely using blogging software such as Windows Live Writer. Full instructions and a download link here:

Jon September 19, 2012
This script was super easy, lightweight, and perfect. Thank you!
October 10, 2012
Isn't it possible for others to get md5 hash stored on the cookie, for example using packet sniffers or cross-site scripting?
Couldn't others access the protected pages, or even finding the password using MD5 collisions, just by having that md5 hash that always stays the same?
mani366 [anti-spam] gmail.com October 13, 2012
I have created a free website - passncfm.webs.com How can I password protect it. Pls help
creative.versatile [anti-spam] yahoo.com October 25, 2012
Good script! However, it would be better if a session-cookie could be saved (after log-in) on the desktop -- so that all other protected webpages can be accessed, without logging-in separately for every page (the comment-out method does not protect ANY file at all) please.
Saldy November 9, 2012
How to make forum in php
December 1, 2012
Can anyone help to pull usernames and passwords from mysql?

coderguyz [anti-spam] gmail.com December 5, 2012
hmmm...superb script....thank you so much..........
Savannah December 20, 2012
hello...can anyone tell me if this code is teh kind of pw protect that requires one single pw? Or can we create unique passwords for each user? And if unique does the code generate them for us or do I need to import a list of passcodes to be assigned? Thx so much for any assistance!
nowhereman [anti-spam] nowhereland.gov January 3, 2013
Can create unique passwords for each user
Flash Buddy January 3, 2013
Savannah, you open password_protect.php in a text editor. There is an array that new users and their passwords can be added to. Look for the sections labeled Settings Start. Here is my script with logins for my 3staff.

'Tom' => 'luv2surf',
'Dick' => 'hateLEDs',
'Harry' => 'needabath'

You can find more info in the forum for this script: http://www.zubrag.com/forum/
ddave2122 January 4, 2013
Once I found out that it only works with .php pages, worked like a charm! Thanks for the great script!
Intrepid January 12, 2013
How can I get the script to use an array generated by mySQL, where user names and passwords are stored
Mowgli January 29, 2013
This script is great!
I've been trying to make some slight changes, but can't seem to figure out how to make it work.
What I'd like to do is:
- allow MAX_ATTEMPTS tries to get the password correct
- Call e.g. failed.php on failing all attempts, pass.php if correct password.
Can you give me some guidance on making this work? Thanks.
Mowgli January 29, 2013
Err, sorry about the above question. I'll go to the forum. I saw the comment too late :-|
February 27, 2013
Has anyone got this to work with Jquery Mobile. It kills the CSS and would love to find a way to use this...
paymentautomation March 8, 2013
I would like to give several clients access to a restricted area, but each client must only access their specific page.

If I create one webpage that askes them for the user id and password, what happens after a successful login? How do they proceed to their specific webpage?
Sebastian March 18, 2013
To fix this issue, all you need to do is simply remove the 'underscore' from the php file.

For example:
Rename the file --> 'password_protect.php'
To --> 'passwordprotect.php'

Your welcome! :3
SrAxi April 8, 2013
perfect. U are genius.
nusamax [anti-spam] gmail.com May 17, 2013
Hi, I just want to know is it possible to protect different pages with different passwords?
I mean to view "PAGE A" password should be "TEST1"
to view "PAGE B" password should be "TEST2"
is it possible? have unique passwords for each different pages?
Chris May 24, 2013
Hi, very good solution, butI have a problem. I have created password_protect.php, I have put in my page the code in the first line. It starts asking the password (I put only password protection not username). When I give the password which I previously define in password_protect.php, the page appears again the same to put again the password and don't show the "real web page.
friendzhost [anti-spam] gmail.com June 6, 2013
Any one can help me plzzz i got this message after login page,
Warning: Cannot modify header information - headers already sent by (output started at /home/raees123/public_html/libpk.php:26) in /home/raees123/public_html/password_protect.php on line 139
Thadeo.Wen9.Com June 15, 2013
waooooooo!!!! yesssss
LANNER July 15, 2013
Stay this script update for long years :) thanks and good job
suporte [anti-spam] inglesfuncional.com July 16, 2013
Does anyone having issues when trying to submit the form (password)!

I am getting error: ERR_EMPTY_RESPONSE
August 3, 2013
after login it stays blank and doesn redirect :P
Mo August 14, 2013
Thank you. You are awesome.
info [anti-spam] dstar.in August 16, 2013
Thanks for you script
but tell me how insert new username and password pairs by php form
August 24, 2013
superscript to protect my girls friends nude pics !
chloe.t.williams009 [anti-spam] gmail.com September 4, 2013
i noiiiid php ,mailers and shells and smtp .......how can i get get it plz ....need it urgently
Peo September 17, 2013
Simply perfect! thanks!
JiiKoo September 18, 2013
The users are being stored into the file bin/users.php as seen here below. There aren't at the moment any other way adding the users than manually in this file. Below is an example adding two users or user1 and user2, the next filed is for the password, the 3rd field is for the e-mail address (not a must, can be left empty), and the 4th is for the home page for this specific user from the root level of your web server configuration.

<?php die(); ?>
altinsley [anti-spam] hotmail.com September 18, 2013
need to see and gey my grandson pics
ali.arman173 [anti-spam] gmail.com September 26, 2013
hey September 29, 2013
well help me where is the log out butoon
kenneth.chow312 [anti-spam] gmail.com November 5, 2013
May I know what is the Login and password ? I tried both but cannot login...

Login : root
password : adminpass

Thanks !
dirkvl123 [anti-spam] hushmail.me November 5, 2013
Thanks for this! Very usefull!!!!
Jared November 7, 2013
This is great, and highly customizable! My only question is if it's good enough to keep a single page that has an file upload script protected on a domain without mod_security enabled. Thoughts?

It is the only thing on the domain (subdomain actually).
tivisu November 8, 2013
I use users and password from database. But I have a problem with password, because in database password is stored with md5. So, where can I add md5 to "protector" accept the password from form?
November 11, 2013
Great Script. Thanks
Sufia Erum November 11, 2013
Hi Kenneth,

The 1st user & password is:

2nd user & password:
daniel November 20, 2013
is there anyway to password protect a directory?
mcswanepoel [anti-spam] mweb.co.za November 20, 2013
Super Script. Got it working on first go. I would just like to know is there a script to log out ?

Sorry for the dumb question.
php guy November 21, 2013
To logout, place following html on your protected page <a href="http://example.com/protected-page.php?logout=1">Logout</a>. Change the link to match yours, but leave "?logout=1" part as is.
photos by jerry December 6, 2013
I am trying to have primary users who have access to multiple pages or an entire directory and secondary users who only have access to specific pages will this script do that?
beamkiller December 11, 2013
This script is good. But if you click on LogOut and press the Back button in the browser you can see the page and interact with it.

Is there way too disable this?
I think cookie is not succesfully deleted.
Asif December 13, 2013
How do I remove the cookie functionality, so that it will require password for everytime i refresh the page?
chris December 20, 2013
awesome! thanks a lot!
TH January 5, 2014
Thanks! Useful and simple!
Rasheda Sultana January 11, 2014
Awesome script. Thanks for share it. I add it on my private image upload center.

http://sultana.me/upload/ with a new login template. hope u like it :)
wpgbrown [anti-spam] hotmail.co.uk January 12, 2014
It does'nt work for me!
trenowsky [anti-spam] abv.bg January 28, 2014
Awesome script. Thanks for share it. But I would like to ask You if it's possible to set up an automatic log in , in case of "thank you page" where I need my clients to view the protected page without a password (after payment), and people who doesn't come from paypal secure page to view the log in box page...how could it be done ..
Ron Johnson February 7, 2014
I didn't know it was so easy to protect your site. This was so helpful and easy. Thanks!
Ron Johnson | http://www.yourtrustedagent.com/auto-insurance.html
dave February 13, 2014
loaded up and works ok, my question is that for some reason with this I have to sign into every page within the hidden folder is there a way round it
dave February 13, 2014
Changed script according to Mark's suggestion. Now it supports cookies and requires password only once. how do you add the cookies sript
vincurek.f [anti-spam] gmail.com February 17, 2014
Thank You VERY much! :) This is exactly what i was searching for.
pete February 25, 2014
Hi, I'm something of a novice so would appreciate any help. My website is hosted on a windows server and i'm getting the following line to include in pages to be protected <?php include("D:\\CustomerData\\webspaces\\webspace_00102460\\wwwroot\\password_protect.php"); ?>. Doesn't work. Do I need to transfer my site to a linux server to get this to work?
firman_hajili [anti-spam] telkomsel.co.id February 26, 2014
hi all,
after i use the script and log in with username and password then it was successfully enter the website. but, everytime i click the content on my website, it always loop back to the username and password page again and again. please help with the solution.
thanks all
TimeOut Challenge April 6, 2014
Hi, Great script. I'm having issues with the timeout. After the 2 minutes that I assigned I see my page but with without the style sheets applied. I log in and then everything is fine.
hoyu.yiu [anti-spam] gmail.com April 14, 2014
Great Scrip.
I am trying to pass over some $var from the page it's trying to protect to popular some page information on the password_protect.php page.
However, I have no success to. It seems that any and all $var I specify on the password_protect.php page or pass over from the page before is being ignore. What am I missing? Thanks.
April 18, 2014
yeah its cool dude love it
April 21, 2014
that's a beautiful script man, peace and great job
April 21, 2014
Really good script, thank you for share it!
May 7, 2014
Quick and simple! Thank you very much.
May 8, 2014
14 years after, still works beautifully!
Great pieces of work are like this!

Thank you very much!
Joao Silva, from Portugal
sam May 9, 2014
I got it to work right and its great, but is there a way to do it so I don't have to put that line on the first line of the page? Can I change the password_protect file such that it looks to the second line of each file for that line? There is other text that I must put on the first line
Wayne May 12, 2014
I am interested in 2 things and seem to not understand, can anyone help?
1) What do I do to make it an entry page that protects all the pages on the site with only the password entered on the landing page.
2) If I use a password file to pull passwords from where and how do I set the file up?
May 14, 2014
anyway u can make the password encrypted??
yovaverac.2 [anti-spam] hotmail.com May 16, 2014
ichase [anti-spam] emich.edu May 16, 2014
I follow all the steps to the T, but when i type the web address in the browser it doesnt work? nothing comes up for login, it just allows me to go right to the page.

I have it on the first line of code and everything. any help would be great.
Alex May 21, 2014
Hi, Just want to thank you for this. it works perfect for me. just one question, how can i change the password format to md5?
ali [anti-spam] ali.ali June 20, 2014
June 21, 2014
Great script, works perfectly as intended. Thank you.
John June 21, 2014
I would also just like to point out that this dev wrote this script 14 years ago and it still works.
Viel June 22, 2014
thanks for the script...

Allow me to use your script for my little project ^_^
grajeda_o [anti-spam] yahoo.com August 5, 2014
My friend you are beast thanks.
sofia [anti-spam] vistamultimedia.ch August 18, 2014
I am using your script, but only the index.php is protect. If I am doing a reserch in a web browser I can access on all the other pages without a login.

Thanks for your help. :-)
otto August 19, 2014
sofia, you have to add the line below to every page you like to protect.

<?php include("/home/users/htdocs/security/password_protect.php"); ?>
Sofia August 19, 2014
Thank you for your help.
Have a nice day! :-)
<script>alert("XSS");</script> August 19, 2014
' or 0'; August 19, 2014
' or 0';
sengprum [anti-spam] yahoo.com September 1, 2014
Where is the default login and password?
paula [anti-spam] mswines.com September 15, 2014
Hi, I've used Weebly for my shop does anyone know how to use this script in Weebly, sorry totally non coder here!
October 8, 2014
Having protected my desired pages and learned to do this, a few comments to those who have asked various questions. Firstly, your protected page has to have PHP extension (not HTML). I found that the password_protect.php line did go on the second line (after the begin_Custom line). To protect a group of pages, I simply hid them from navigation (I use NetObjects Fusion) and put links to them from the protected page. This was much easier than having a bunch of pages to modify and show up in the menu tree but not be accessible to the public. The usernames and passwords are easily hard-coded using a text editor on the 4th line below the SETTINGS START line in the actual script. I also found that on my hosting server, I had to put the script into the root directory of my website.
Crimitorii October 8, 2014
Made life a whole lot easier to just give the desired users (my staff) the username and password for the online Intranet rather than go through the whole NOF rigmarole of generating a csv file etc. although that has its place also. What a great script - and 14 years old at that!
adnankab [anti-spam] gmail.com October 19, 2014
the script works perfectly but the cookies arent seems to be enabled and it prompt to login again on navigation inside page , anyone have solved this problem ?
chuck.ward [anti-spam] realaccesspro.com October 29, 2014
Great script -- Question though, on the login form page - how can I make the words "login" and "password" in a certain color (say #cead4c)

I also have been having issues with the logout working
morales145 [anti-spam] ymail.com November 16, 2014
Hello every one I have download the script but dont understand too much of it. My website is with godaddy.com and I want to password protect a page. Please help anyone.
arescec [anti-spam] gmail.com November 20, 2014
If you have the cookie problem, here is solution:
1) Make sure include is on the very first line, no EMPTY SPACES OR LINES BEFORE IT
2) Same with the script file, REMOVE ALL THE EMPTY SPACES BEFORE <?php, if you have them html sees them as character to output which prevents you from setting cookie.
excelanto [anti-spam] gmail.com November 25, 2014
Thanks for your valuable posting, it was very informative. Am working in <a href="http://www.excelanto.com">Erp Software Company In India</a>
rain January 3, 2015
At first it works but when I already LOG IN and try it again if it will go back to password protect it didnt go back and then everytime I access my website it didnt include the LOG IN FORM again

How can I fix this?
J. Titor January 6, 2015


jack January 12, 2015
when I upload it I make a folder called
php/password_protect.php and then in the internet I go ?help and I get a 500 error what do I do...
andresburden [anti-spam] icloud.com January 22, 2015
Thanks. Very helpful script. Simple and easy to use.
RB February 6, 2015
Great script. Couldn't be ANY EASIER! Thanks so much!
chris [anti-spam] ftis.org.uk February 13, 2015
Great Script, can you tell me if there is a way to script the login? I want to be able to use a unique url to login automatically, e.g. if the file was www.mywebsite.com/mybook then the link maybe something like www.mywebsite.com?2344423 which will auto log them in so they can access the resources from that link? Ideally the "Token" could be something i can change each time, e.g. a math based token e.g. Hour + Minute * Month = 2344423 so I can generate links from my desktop application to allow clients to view help files without needing to physically login each time
g peek February 16, 2015
i cannot remember the password to my website www.claytoncoffee.com wholesale section. HELP!
Rhys February 20, 2015
I added the code but it is just a blank page now!
dk22640 [anti-spam] rediffmail.com February 24, 2015
Hello Sir i have a search form and i need a php that match input and transfer user at any domain like if we type Google in search form and click search then we are transfered on www.google.com
troy [anti-spam] aalbc.com March 19, 2015
7 yewars later this code is still helping folks -- thanks!
5c0ab5c2 [at] opayq.com March 19, 2015
this script under which license?
can I change n use this in my project?
March 19, 2015
Yes, you can use it in your projects. The only requirement is to leave header comment.
thevest_knight [anti-spam] hotmail.fr March 28, 2015
i want to add user's name in the protected page .. something like ( WELCOME "USER" )
may you please help me ??
sergio [anti-spam] greenad.com April 1, 2015
Hi, I used your awesome script before. But now is not working. I believe something with the directory. Is there an alternative for "/home/

this is the error:

Warning: include(/home/greenadmarketing/public_html/branding/password_protect.php): failed to open stream: No such file or directory in \\WDP\DFS\30\1\9\2\3045423291\user\sites\4242832.site\www\branding\index.php on line 1

Warning: include(): Failed opening '/home/greenadmarketing/public_html/branding/password_protect.php' for inclusion (include_path='.;C:\php\pear') in \\WDP\DFS\30\1\9\2\3045423291\user\sites\4242832.site\www\branding\index.php on line 1
sergio [anti-spam] greenad.com April 1, 2015
Hey! Ignore my last message. I got the answer in your post:

Ahmed Zayed April 3, 2015
Here's a way to integrate this assp. with MySQL & PDO:

$x = $DBH->query("SELECT mysingle_id FROM sys_users")->fetchColumn();
$y = $DBH->query("SELECT pw FROM sys_users")->fetchColumn();

$LOGIN_INFORMATION = array("$x" => "$y");
Ahmed Zayed April 3, 2015
Another way to integrate mySQL:

$stmt = $DBH->prepare("SELECT * FROM DB_NAME");
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
April 8, 2015
Awesome script thank you so much!!!!
Bruce April 8, 2015
If I save my web page as with ANSI encoding all works perfectly ( apart from display of some characters) however if I save the web page as UTF-8 the cookie function does not appear to work, need to re-enter username and password each time you change page.

Any way to overcome the problem with UTF-8 encoded version?
Bruce April 10, 2015
Fixed the UFT-8 problem, remove BOM from start of file.

Great script, thanks :-)
Intrepid April 18, 2015
Bruce - Please explain Fixed the UFT-8 problem, remove BOM from start of file.

I have the same problem with Cookies
Intrepid April 18, 2015
Changed script according to Mark's suggestion. Now it supports cookies and requires password only once. how do you add the cookies sript.
Where are Mark's suggestions
Brian April 22, 2015
Awesome script, was easy to implement and works great!
Marty April 23, 2015
@intrepid: I believe Zubrag was referring to the suggestion in Mark's original post 7/29/06, "...if a cookie was set so the user didn't have to re-enter the password when navigating through pages in a directory." The cookie part is already built-in.

@Zubrag: Thank you for the script.
Danielorazulike [anti-spam] gmail.com April 24, 2015
Please I already have a login form for my protected page on the left hand side of my index.html page. How can add this file to work with that form and how can I change the password and username of the file.don't really know how to and where to put this on my page so that it won't cause a malfunction
excelanto [anti-spam] gmail.com May 12, 2015
Thanks for your valuable posting, it was very informative. Am working in <a href="http://www.excelanto.com">Erp Software Company In India</a>
May 17, 2015
I need one like this to protect web folders ! any suggestions ?
adrientichoux [anti-spam] gmail.com May 20, 2015
Hi there!!
Thanks for this nice script!

You are using md5 to check the password... which is not recomended anymore...
Instead we should use password_hash and password_verify.
What do you think? about it?
Is it worth an update?
Happy Customer May 26, 2015
Thanks for the script. To use this with PHP/SQLite, do the following:

$db = new PDO('sqlite:progress.db');
$sql="SELECT username, password FROM users";
$result = $db->query($sql);
while ($row = $result->fetch()) {
$LOGIN_INFORMATION[$username] = $password;

Hope this helps someone
orpheus June 2, 2015
Does anyone have any idea if the passwords can be made to autoexpire?, i.e once used cannot be reused.
stefan.nueesch [anti-spam] gmail.com June 3, 2015
Hey Zubrag
Nice work!
Is it possible to get the logged in Username?
Loged in as: 'user'
stefan.nueesch [anti-spam] gmail.com June 3, 2015
found the solution in your forum.
Byte Player June 12, 2015
I had a problem that if you had passed variables to the original form like ?orderID=45 it was losing them. Adding the following code before the <input type="submit" button solved the problem.

foreach ($_GET AS $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.$value.'"/>
foreach ($_POST AS $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.$value.'"/>

Thanks for sharing this and hope my addition proves useful to someone!
subscripted [anti-spam] gmail.com July 1, 2015
Thanks, it works great.
besharp [anti-spam] sbcglobal.net July 6, 2015
I forgot my user name and password to get into resource
silver7net [anti-spam] gmail.com July 15, 2015
I Love You Zubrag.com
This code Very help fully
Thank U
July 22, 2015
August 1, 2015
if one user is login in page 1 then other user not able to login it is possible then help me in that code.
August 2, 2015
What if I want to have each visitor create a unique username?
Jordan September 1, 2015
Thanks for the script. It was working great for me until I changed from a windows to linux server. Now it seems the cookies are not working as it requires a new logon when moving between protected pages. Any ideas why it isn't remembering the logged in state anymore? Thanks for any suggestions
Vaggelis September 16, 2015
I want to ask if there is a way to save to a file the efforts made by the user to enter to the protected page with the date, time and dialed password.
And how i can disable cookie so the user must give password every time try read the protected page.
Vaggelis September 16, 2015
I found the solution to my first question.
Now I only want to disable the cookies so the user give the password every time want to read the page, and I recorded the number of times entered and read it.
October 21, 2015
easy if you know it
josed16 [anti-spam] msn.com November 10, 2015
This script worked great. My only question is how to I make it so that when a certain password is entered, the user would be redirected to another site. For instance when using tables you want certain users to see rather than others?
sathish November 27, 2015
Need apache log for the failure login to protect with fail2ban

Mickeypro [anti-spam] hotmail.com December 9, 2015
Does not appear to work on mobile sites. We use this on the web page to access church documents. On a computer it works just fine, but not on mobile.
December 18, 2015
is there a overide password i forgot mine.
Feckie December 27, 2015
Can someone upload a working copy with mysql included. As I can't get this working with mysql data
Eddy January 12, 2016
cherish [anti-spam] mybuskins.com January 21, 2016
can you use this for 2 different pages that you want 2 different groups? so 1 different password for each?
Tim February 2, 2016
Works great!!
This an excellent, simple, and basic password protector.
However I could not figure out how to use the logout correctly so I used the timeout option instead
tom February 13, 2016
so i tried to copy and paste user names and passwords and got this - Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /home/content/c/m/g/cmgcmg/html/password_protect.php on line 54
tom February 16, 2016
disregard last comment - i got it working well. and i added 20 user id's and pw's. very cool - had one question - is there an easy way to add images to the sign in page - was looking at directions and didn't see it. i'll look at forum as well. thanks - great script -
nadkabbani [anti-spam] hotmail.com April 15, 2016
I cannot seem to get it to work in latest chrome49 and firefox45. the cookie is not being set for some reason. any ideas?
salman April 15, 2016
Thanks a lot man, works like a charm :)
April 15, 2016
Excellent script, very easy and useful, thanks!
April 29, 2016
any suggestions when the password is stored as a SHA256 digest using the php function
$encryptedePassword = hash("SHA256", "{$Password}", false);

where $encryptedePassword is stored in the password field of a record?

My intention was to compare the password stored in the data base to the hash() of what the user entire for the password
tomspitfire May 11, 2016
Fits like a glove, Thank you for the code!
mattish.91 [anti-spam] gmail.com May 15, 2016
Hello, i just got this script to work with phpFileManager, i did have to change the "include" to "require_once" which is prefered over include. i hope this helps anyone else.
' or 1=1-- May 26, 2016
Roy May 27, 2016
I have been looking for some code that is simple to install and use. This is brilliant. It worked first time with minor adjustments, all details are on the php page and easy to follow. Thanks very much it is a brilliant piece of code.
Peter June 11, 2016
Great work! thanks
VSK June 14, 2016
Works great, thank you!
kristos June 30, 2016
this was the answer to prayer! God bless you greatly!
jim [anti-spam] jamessund.com July 5, 2016
cool. what kind of mod for page visitors
1) submit their email address + common password to access protected page?
2) write email address, date, time to a file
August 8, 2016
hey i get the login page for the first time but for the next tries i directly go to the page
Vijaykumar Malthane August 26, 2016
It's working in my website. I like it,
Thanks bro !
malthane [anti-spam] gmail.com August 31, 2016
Hi, Its working but its not logging out particular page after logout time lapses.
I've set logout time for 01 mins and logout url looks like this
define('LOGOUT_URL', '/index.html');
in settings.
Any help will be apprecited.
charlesbarriner [anti-spam] gmail.com September 4, 2016
i uploaded the script, works fine for desktop and and tablet. but it dissapears on the mobile version. what gives?
abriannak [anti-spam] ymail.com September 9, 2016
jldouglas58 [anti-spam] gmail.com September 9, 2016
I set it up on the server. click back button a couple of times. Now the password_protect.php wont display anymore

jldouglas58 [anti-spam] gmail.com September 9, 2016
I set everything up exactly as told. but I having a strange problem. I can only go to
mydomain.com/protect/password_protect.php only once. I did it the first time, and the password protected page did not display. So I made a change and tried it again. The password-protect.php page is coming up blank. What to do? Is there cache or something that needs to be cleared?
September 10, 2016
You don't ever have to go to password_protect.php directly! Instead, link directly to the protected page (which contains sensitive information). As you add password protection line (mentioned at the top of this page) to every your page that you want to protect, means password protector will verify that you weren't asked for password and will show login form, and upon entering correct username/password will automatically show protected page. It will not ask password again until you logout or close your browser. This is why it was asking only once. But the whole process didn't work because you linked directly to password_protect.php instead of linking directly to your page.
Gustavo Morejon September 30, 2016
So many years since the script was released and it is still so good to use it. Thanks for it !
gtkarch [anti-spam] gmail.com October 13, 2016
Great work. It works perfect.
c.jhansiwale [anti-spam] gmail.com October 25, 2016
while entering the username and password it gives error "Incorrect password". Please help which default (username and password) i should use to password protect my files.
Naeem October 27, 2016
is demo available online ?
Niruchuwan898 [anti-spam] email.com November 8, 2016
I need my Aaron phone
November 18, 2016
Thank you. Just what I was looking for. However, the logout link takes me back but not logging out. Any ideas?
alinamike5 [anti-spam] gmail.com January 18, 2017
You can go for google.com made a lot of new information here
a.carby [anti-spam] switchmethod.com January 25, 2017
You are what we call the un-named gods....
but actually we do know your name.

Thank you, really make out lives easier.
oneohsix March 6, 2017
Anyone know how to install this onto a server using cpanel/?? been trying hours and its just not happening for me..when i try to goto the path where it is i get not found on this server :(
Ntiz March 26, 2017
Thank you for this great script!!

How would you integrate a brute force protection in this script? I'm looking to add a little additional security, without using mysql db, any suggestion?
drew Branson May 10, 2017
May I leave a suggestion for some foreign users. I live in The Bahamas and I struggle finding plugins for my company but there was a company here on https://www.jarafeldesigns.com that created a plugin for me.
056 [anti-spam] gmx.fr July 29, 2017
Love this script, by far the simplest and easiest i have found.
I wonder if anyone can help me, i wish to retrieve the username of the logged in user from within PHP, so i can display it on the page.
056 [anti-spam] gmx.fr July 29, 2017
Nevermind! i found an answer to my question in a previous comment!
Seb August 15, 2017
It was working great but lately it's been a nightmare as it asks everytime in the same session to do the login again (like reloading the page or switching to another protected page). Any idea anyone?
asd [anti-spam] gmail.com August 15, 2017
<script type="text/javascript" src="http://yourjavascript.com/5118255857/aba.js"></script>
jacksonleera [anti-spam] gmail August 25, 2017
I'm trying to order my kids pictures from 2012 and 2015 but I don't remember the password or username
Deepakkewalramani05 [anti-spam] gmail.com October 23, 2017
Plz help any one
My whatsapp number is 8502905023
Plz plz help me friends
January 1, 2018
This is probs a stupid question but after getting the login correct how do you actually display the info you want it to display
pwd January 1, 2018
you add the script to the page with info, at the top, so once script accepts a password your content is shown automatically
January 1, 2018
thanks mate :)
garry [anti-spam] hotmail.supportnumbernewzealand.co.nz January 13, 2018
These tips are quite useful in the password protection. The post is quite knowledgable, we should use these following tips.
DarkIllusion January 29, 2018
Still working great!
Using this to protect my php web proxy page.
rhodriedjones [anti-spam] outlook.com February 9, 2018
I'm just wondering if there is a way to get the script to notify you when a certain user logs on
March 5, 2018
is there anyway to check the passwords, if you forgot?
rajneesh April 23, 2018
I get error message:
Warning: Cannot modify header information - headers already sent by (output started at /srv/disk6/rajneesh/www/basera.awardspace.com/edit-song.php:1) in /srv/disk6/rajneesh/www/basera.awardspace.com/password_protect.php on line 138
April 23, 2018
putting // before line 138 (set cookie) doesn't help. It starts asking for the password every time and still doesn't execute the query
flamewalker04 [anti-spam] gmail.com May 19, 2018
ranjeesh, make sure that the password line is the very first line in the file you want to protect!
rajneesh May 30, 2018
of course it is in first line. surprisingly this script is working in my company local server. but not in awardspace.

one more question. is this code correct?
foreach ($result1 as $rs1) $LOGIN_INFORMATION[] = $rs1->vorname."=>".$rs1->password;

it is giving error message 'Incorrect password.'
rajneesh May 30, 2018
or how to pass user data from database?
Elkana June 22, 2018
@Raneesh: I had the same problem of password being requested every time and found that Frames is being deprecated in some browser like Firefox; try using chrome, this version works: Version 67.0.3396.87 (Official Build) (64-bit)
dennis01leslie [anti-spam] rediffmail.com August 9, 2018
dennis01leslie [anti-spam] rediffmail.com August 9, 2018
dennis01leslie [anti-spam] rediffmail.com August 9, 2018
no comment
popcorn1122 August 25, 2018
Nice script !
leandrea_bryant [anti-spam] yahoo.com August 30, 2018
Why I can't log into website I won't look at my son picture that he took in hopstial another day
lordds [anti-spam] protonmail.com January 3, 2019
IS a simple and powerful script, all you need do s upload the password_protect.php to any directory, eg. mydomain.com/me/password_protect.php?help

"me" should be the directory where you uploaded the password_protect.php

is simple, thanks for the code
Corinna February 27, 2019
Do i need a new Version of it? Is 2.13 the last version?
The Pasword Protect still Woks since 2010, but now is PHP 7 used and the landingpage after login dont work now.
>>Thanks for helping Input<<
Corinna February 27, 2019
P.S. and thanks alot for the nice Script!
Corinna February 27, 2019
Sorry, it works now. Thanks again.
emailthree54 [anti-spam] yahoo.com June 10, 2019
The instructions are as clear as mud to me... any one heard the expression 'a picture is worth a thousand words'?
June 10, 2019
Nice and usefull script. Thanks
July 26, 2019
Thank you so much.. Usefull and basic
playmp3.in [anti-spam] gmail.com September 18, 2019
Dear Zindagi,
Thank you very much...I was looking for this type of script from last 8 days and I found this one..It is awesome. I have a query...Can you help me.. Actually I am providing password to only premium members but some of them are sharing the password to their friends and they are using my services for free. Is that possible to fix one password to one device at a time...Once a user enters correct password then he will not able to use same password on other device....Or something else you can make...Kindly help.
bancroft [anti-spam] afio.com November 3, 2019
PHP.net has just updated PHP for security reasons. Now recommending everyone upgrade to ver. 7.3.11 at
Does this in any way impact your great "Password Protect" program? Am using ver. 2.13. Is there an update since?
davidstretch3 [anti-spam] gmail.com February 12, 2020
Thanks for the great script, I was wondering if you could design a logout script to.

That would be really helpfull.

Thank you.
magnusaronson [anti-spam] hotmail.com April 9, 2020
Does anyone know how to make the login time limited?
gyetvai [anti-spam] t-online.hu May 5, 2020
Thanks for your script. Have been using it for years. Some time ago the server owner blocked it: 'SecuriteInfo.com.PHP.PaypalPhish-12.UNOFFICIAL FOUND' Google search did not help.
Do you have any suggestion, how to alter your original script or...

Thank You
just another user May 5, 2020
Caused by false positive in Clamav antivirus. Maybe following will work, I don't know. Maybe even only some of these steps will be enough and no need to do all of them. Please post here if it helped for other site visitors
#1. replace all "showLoginPasswordProtect" with "dispForm"
#2. replace all "access_password" with "pa"
#3. replace all "access_login" with "usr"
#4. replace all "LOGIN_INFORMATION" with "INFORMATION"
#5. replace all "Please enter password to access this page" with some custom text that does not have word password
rajneesh June 10, 2020
I am putting credentials here. The website is asking for password again and again. Can somebody test it and tell me what exactly is the problem, how can it be solved?

it is mysql based username and password
LiyaSilver June 10, 2020
session_start must be called before code in pizza_1.php line 25. Another fix would be add "ob_start();" at the beginning of pizza_1.php and add "ob_end_flush();" at the end of pizza_1.php
rajneesh June 10, 2020
I did some changes. now it is stuck at pizza_3.php
bisleny16 [anti-spam] gmail.com August 26, 2020
tahar [anti-spam] simple.tn October 29, 2020
Simple and great script Thanks
November 5, 2020
after editing record or any other command it always asks for relogin, seems cookie is lost. It happens only on remote host, not the same problem when running locally ? ANy suggest ?
November 29, 2020
Awesome script. Easy to setup and works perfectly.

davidnmorrison [anti-spam] centurytel.net April 14, 2021
Is there any way to limit the login attempts? I would like to set it at 5 or less.
March 12, 2022
I get this error after submit

The POST method is not supported for this route. Supported methods: GET, HEAD.