We help IT Professionals succeed at work.

How can I restrict access to a .php page?

avsc
avsc asked
on
Medium Priority
342 Views
Last Modified: 2010-04-20
I have PHP5 running on Windows 2003/IIS6. I need to restrict access to a certain .php page to a single user.  How can I best accomplish this task?
Comment
Watch Question

Commented:
Dear Avsc.

There is a really simple work around to this problem.

Basically, if you only have one user, you can do this:

ADD THIS BEFORE ALL OF YOUR PAGE:
<?
      if ($_POST['action'] == "login"){
            
            if ($_POST['password'] == "PASSWORD"){
            setcookie("UserLoggedIn","235c7n8ob72n45v8n2mc8nc2p96by2cc025y8n75c0bnv3860c80");
            }else{
            $icp = true;
            }
            
      }
?>

Then at the top of your page body (Just below <BODY> tag), add this:

<? if($_COOKIE['UserLoggedIn'] != "235c7n8ob72n45v8n2mc8nc2p96by2cc025y8n75c0bnv3860c80"){ ?>
<center>
<form id="login" name="login" method="post" action="">
        <input name="action" type="hidden" id="action" value="submit" />
      Login to access this page:
      <input name="password" type="password" class="text" id="password" />
         <input name="Submit" type="submit" class="text" value="Login" />
</form>
        <? if ($icp == true){ ?>
        INCORRECT PASSWORD
        <? } ?>
</center>
<? }else{ ?>


Then you put your body here, then lastly, end the page with <? } ?> to end the if fucntion started earlier on.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
Another solution without cookie

include this php code at the beginning of your php file. Just change the the password to whatever you want!!

//============================================================================//
// Authenticate                                                            //
//============================================================================//

$PHP_AUTH_USER=$_SERVER["PHP_AUTH_USER"];
$PHP_AUTH_PW=$_SERVER["PHP_AUTH_PW"];

if (!isset($PHP_AUTH_USER) && !isset($PHP_AUTH_PW)) {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";  
   exit;
   }
   
if ($PHP_AUTH_USER == '') {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";
   exit;
   }
                    
if ($PHP_AUTH_USER != 'yourUserid' || $PHP_AUTH_PW != 'yourPassword') {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";    
   exit;
   }
AFAIK $_SERVER["PHP_AUTH_PW"] is not guarateed to be set by the server, depends on the web server
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.