Protect a PHP page the easy way…

Updated code: http://www.papaface.com/blog/2010/03/07/simple-php-page-protector/
Have you ever wanted to protect a PHP page to prevent people from viewing sensitive information?
Well I haven't but that doesn't stop me showing you how to do it if you ever need to ๐Ÿ˜€ .
The code below is extremely simple indeed. Anyone with a basic PHP understanding will see how simple it is.

All you have to do is paste the code below to the top of your PHP page and change these values:

$pass = "YOUR PASSWORD HERE";
$user = "YOUR USERNAME HERE";

Here is the code that I wrote, enjoy.

<?php
        session_start(); //initiates the sessions
        if      ($_POST['submit'])//checks to make sure the login form has been submitted
        {
        $pass = "YOUR PASSWORD HERE";
        $user = "YOUR USERNAME HERE";
        if      ($_POST['pass'] == $pass && $_POST['user'] == $user)//checks if the password submitted by the user matches the password stored in the $pass variable
        {
        $_SESSION['access']     = 1;//if login is successful create a session that can be authenticated
        header("Location: " . $_SERVER['PHP_SELF']);//reload the page. The page will now not load the login form (see the first if condition)
        }
        else// if password is incorrect reload the login form
        {
        header("Location: " . $_SERVER['PHP_SELF']);
        }
        }
        else if (!$_SESSION['access'])//if the "access" session is not accessible show the form (not logged in)
        {?>
        <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
        <table align="center" cellpadding="3" cellspacing="3">
        <tr>
        <td bgcolor="#F7F7F7">Username:</td>
        <td bgcolor="#F7F7F7"> <input name="user" type="text" /></td>
        </tr>
        <tr>
        <td bgcolor="#F7F7F7">Password</td>
        <td bgcolor="#F7F7F7"><input name="pass" type="text" /></td>
        </tr>
        <tr>
        <td colspan="2" bgcolor="#F7F7F7"><div align="center">
        <input name="submit" type="submit" value="Login">
        </div></td>
        </tr>
        </table>
        </form>
        <?php
        exit;
        }
        ?>
 

What is interesting about this code is that you don't need to keep logging in everytime you return to the PHP page. It stores your valid login session :) .

Feel free to post a comment about the simple script, or indeed ways to improve it.

You may test the script here
Username: username
Password: pass

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

11 thoughts on “Protect a PHP page the easy way…

  1. Chris

    You should comment on the lines and specify which line takes you to the auth page and which takes you to a pass incorrect page.

    Nice simple script though

  2. papa_face Post author

    As this is a simple script, to add the functionality to logout would ruin its simplicity. As a result you will be logged out when your servers sessions are set to timeout. When they timeout, you will have to login again.

  3. Pol Mahov

    Hello! Good article and very Informative blog, I russian webmaster, my name Pol, and i have many websites.. If you want to sell your blog or exchange links, write in my email.
    Thanks…

  4. John Svid

    Wow great site! Some really helpful information there.
    Iรขโ‚ฌโ„ขm sorry for little off-topic, but I want to ask you about design of this site.
    Did you make this template yourself or got from any templates website?
    Looks pretty cool for me. Wonderful well this reading.

  5. papa_face Post author

    Hi, thanks for your interest. The template of this site is custom. I am due a new template actually lol as it is waaaay past xmas.
    I haven’t written anything for a while because I am busy lately. Expect more quality posts soon ๐Ÿ˜€

  6. Online Casino

    I would like to thank you for the great article. It is good to read such interesting article, thanks for sharing it.
    Have a nice day and continue working in the same way! ๐Ÿ˜‰

  7. Pingback: URL

  8. Pingback: Homepage

Leave a Reply