As you all know, it is very easy to password protect a folder in UNIX server by adding a simple .htaccess code. But, how to password protect a single page? Is it really difficult? The answer is 'NO'. Here is some information to password protect a SINGLE FILE. Follow the below given steps to password protect a single file:
<?php
###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.daily3tips.com/
###############################################################
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected.
# Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.daily3tips.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################
/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.
$LOGIN_INFORMATION = array(
'testing' => 'testing',
'test' => 'testpass',
'admin' => 'adminpass'
);
--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed
$LOGIN_INFORMATION = array(
'testing',
'testpass',
'adminpass'
);
--------------------------------------------------------------------
*/
##################################################################
# SETTINGS START
##################################################################
// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
'testing' => 'testing',
'admin' => 'adminpass'
);
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
##################################################################
# SETTINGS END
##################################################################
///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////
// show usage example
if(isset($_GET['help'])) {
die('Include following code into every page you would like to protect, at the very beginning (first line):<br><?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?>');
}
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
<style>
input { border: 1px solid black; }
</style>
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
<br />
<a style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="http://www.daily3ips.com/passprotectscript/password-protect.php" title="Download Password Protector">Click here tog get the Password Protect Script</a>
</div>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
# setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
2. Edit the lines(username and password) which are highlighted in the following image and save the file as 'password_protect.php'.
In the above image(script), 'testing' is the username and 'testing' is its password. Also, 'admin' is the username and 'adminpass' its password.
3. Upload the 'password_protect.php' file to the root folder.
4. Create a .htaccess file and add the code 'AddType application/x-httpd-php .php .htm .html' (without single quotes) to .htaccess file. Then, upload the .htaccess file to the root folder. Note: In .htaccess code, you need to add the extension of the files in you are using/calling the 'password_protect.php' file.
5. Now, call the script 'password_protect.php' in your file which you wish to password protect. To do so, you need to add the php include code '<?php include("password_protect.php"); ?>' to your file (use the correct path of the file).
4. Create a .htaccess file and add the code 'AddType application/x-httpd-php .php .htm .html' (without single quotes) to .htaccess file. Then, upload the .htaccess file to the root folder. Note: In .htaccess code, you need to add the extension of the files in you are using/calling the 'password_protect.php' file.
5. Now, call the script 'password_protect.php' in your file which you wish to password protect. To do so, you need to add the php include code '<?php include("password_protect.php"); ?>' to your file (use the correct path of the file).
Now, it is not possible to access the password protected file without entering the username and password.
No comments:
Post a Comment