[TUT] PHP Password Protected Page

[PurpleHaze]

This login does not use a database so the password is in the code which is "lol". Since it is server sided no one can right-click to view password.

I'll explain how the code works below.

In Section 1 the code uses sessions to determine whether a user is logged in. Our session variable is "$_SESSION['auth']" and we assign to a value of false or 0 which means that the user is not authorized to view the page.

Section 2 checks to see if the form was submited and then if the password is equal to "lol". If the password is equal to "lol" then our variable changes to true or 1.

Section 3 checks to see the variable is equal to 0. If it is equal to 0 then that means that the user has not logged in and so we need to login screen to be shown.

Section 4 checks to see if the variable is equal to 1. If it is then that means that the user is logged in and then is allowed to see the other content and so it is shown.

Remember that this script is basic and many more features could be added including security. This is just so you understand how it works.

Code:

<?php
//Section 1
session_start();

$_SESSION['auth'] = 0;

//Section 2
if (isset($_POST['submit']))
{
    if ($_POST['password'] == "lol")
    {
        $_SESSION['auth'] = 1;
    }
}

//Section 3
if ($_SESSION['auth'] == 0)
{
    echo
    ('
<form method="post">
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
    ');    
}

//Section 4
if ($_SESSION['auth'] == 1)
{
    echo
    ('
<b>This is our secret content. You can use HTML codes here also.</b>
    ');
}
?>

[-BoodyE-]

Thanks for this . Will be useful

[Яichie]

This login does not use a database so the password is in the code which is "lol". Since it is server sided no one can right-click to view password.

I'll explain how the code works below.

In Section 1 the code uses sessions to determine whether a user is logged in. Our session variable is "$_SESSION['auth']" and we assign to a value of false or 0 which means that the user is not authorized to view the page.

Section 2 checks to see if the form was submited and then if the password is equal to "lol". If the password is equal to "lol" then our variable changes to true or 1.

Section 3 checks to see the variable is equal to 0. If it is equal to 0 then that means that the user has not logged in and so we need to login screen to be shown.

Section 4 checks to see if the variable is equal to 1. If it is then that means that the user is logged in and then is allowed to see the other content and so it is shown.

Remember that this script is basic and many more features could be added including security. This is just so you understand how it works.

Code:

<?php
//Section 1
session_start();

$_SESSION['auth'] = 0;

//Section 2
if (isset($_POST['submit']))
{
    if ($_POST['password'] == "lol")
    {
        $_SESSION['auth'] = 1;
    }
}

//Section 3
if ($_SESSION['auth'] == 0)
{
    echo
    ('
<form method="post">
<input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>
    ');    
}

//Section 4
if ($_SESSION['auth'] == 1)
{
    echo
    ('
<b>This is our secret content. You can use HTML codes here also.</b>
    ');
}
?>

This will come in handy once I edit a CMS Im editing. Thank you.

[【 ¶ÑÇƦ€Ƿ¦ßŁΞ 】]

Handy script , Try to add some more useful tricks to keep this thread alive

[`P R O D I G Y™]

By any chance, is this possible to trick/break?

[Yang-]

There are tons of security authentication systems in php avalable free on interbet

[Iarkey]

By any chance, is this possible to trick/break?

you could probably hijack the session.

[Proof]

It's better to set a cookie

PHP Code:

setcookie("auth", 1,  time()+3600); 


Close browser=destroy session. Use a cookie keeps them logged in that one up there lasts an hour.

[DeMeR]

Thanks for the find, this will be used.

[echo.phyber]

Yeah dude good tut, but its easy to crack tho...