Friday, November 30th, 2007 by papa_face
Have you ever wanted to protect a PHP page to prevent people from viewing sensitive information?
Well I haven't but that doesn't stop me showing you how to do it if you ever need to 
.
The code below is extremely simple indeed. Anyone with a basic PHP understanding will see how simple it is.
All you have to do is paste the code below to the top of your PHP page and change these values:
$pass = "YOUR PASSWORD HERE";
$user = "YOUR USERNAME HERE";
$user = "YOUR USERNAME HERE";
Here is the code that I wrote, enjoy.
<?php
session_start(); //initiates the sessions
if ($_POST['submit'])//checks to make sure the login form has been submitted
{
$pass = "YOUR PASSWORD HERE";
$user = "YOUR USERNAME HERE";
if ($_POST['pass'] == $pass && $_POST['user'] == $user)//checks if the password submitted by the user matches the password stored in the $pass variable
{
$_SESSION['access'] = 1;//if login is successful create a session that can be authenticated
header("Location: " . $_SERVER['PHP_SELF']);//reload the page. The page will now not load the login form (see the first if condition)
}
else// if password is incorrect reload the login form
{
header("Location: " . $_SERVER['PHP_SELF']);
}
}
else if (!$_SESSION['access'])//if the "access" session is not accessible show the form (not logged in)
{?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" cellpadding="3" cellspacing="3">
<tr>
<td bgcolor="#F7F7F7">Username:</td>
<td bgcolor="#F7F7F7"> <input name="user" type="text" /></td>
</tr>
<tr>
<td bgcolor="#F7F7F7">Password</td>
<td bgcolor="#F7F7F7"><input name="pass" type="text" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#F7F7F7"><div align="center">
<input name="submit" type="submit" value="Login">
</div></td>
</tr>
</table>
</form>
<?php
exit;
}
?>
session_start(); //initiates the sessions
if ($_POST['submit'])//checks to make sure the login form has been submitted
{
$pass = "YOUR PASSWORD HERE";
$user = "YOUR USERNAME HERE";
if ($_POST['pass'] == $pass && $_POST['user'] == $user)//checks if the password submitted by the user matches the password stored in the $pass variable
{
$_SESSION['access'] = 1;//if login is successful create a session that can be authenticated
header("Location: " . $_SERVER['PHP_SELF']);//reload the page. The page will now not load the login form (see the first if condition)
}
else// if password is incorrect reload the login form
{
header("Location: " . $_SERVER['PHP_SELF']);
}
}
else if (!$_SESSION['access'])//if the "access" session is not accessible show the form (not logged in)
{?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table align="center" cellpadding="3" cellspacing="3">
<tr>
<td bgcolor="#F7F7F7">Username:</td>
<td bgcolor="#F7F7F7"> <input name="user" type="text" /></td>
</tr>
<tr>
<td bgcolor="#F7F7F7">Password</td>
<td bgcolor="#F7F7F7"><input name="pass" type="text" /></td>
</tr>
<tr>
<td colspan="2" bgcolor="#F7F7F7"><div align="center">
<input name="submit" type="submit" value="Login">
</div></td>
</tr>
</table>
</form>
<?php
exit;
}
?>
What is interesting about this code is that you don't need to keep logging in everytime you return to the PHP page. It stores your valid login session 
.
Feel free to post a comment about the simple script, or indeed ways to improve it.
You may test the script here
Username: username
Password: pass
12-26-2007 19:32:09
You should comment on the lines and specify which line takes you to the auth page and which takes you to a pass incorrect page.
Nice simple script though
12-26-2007 19:38:43
Thanks. I have heavily commented the code
1-7-2008 00:48:04
How do you have a logout ?? and make the sessions timeout in X amount of time or days ?
Thanks,
1-7-2008 01:19:38
As this is a simple script, to add the functionality to logout would ruin its simplicity. As a result you will be logged out when your servers sessions are set to timeout. When they timeout, you will have to login again.
2-7-2008 21:25:56
Hello! Good article and very Informative blog, I russian webmaster, my name Pol, and i have many websites.. If you want to sell your blog or exchange links, write in my email.
Thanks…
2-23-2008 10:55:25
Hi, nice post. I couldn’t understand some parts of the article but it sounds interesting..
Continue writing…
2-25-2008 15:15:13
Wow great site! Some really helpful information there.
I’m sorry for little off-topic, but I want to ask you about design of this site.
Did you make this template yourself or got from any templates website?
Looks pretty cool for me. Wonderful well this reading.
2-25-2008 19:07:55
Hi, thanks for your interest. The template of this site is custom. I am due a new template actually lol as it is waaaay past xmas.
I haven’t written anything for a while because I am busy lately. Expect more quality posts soon
4-14-2008 22:04:13
I would like to thank you for the great article. It is good to read such interesting article, thanks for sharing it.
Have a nice day and continue working in the same way!