Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How can I restrict access to a .php page?

Posted on 2006-03-29
5
Medium Priority
?
326 Views
Last Modified: 2010-04-20
I have PHP5 running on Windows 2003/IIS6. I need to restrict access to a certain .php page to a single user.  How can I best accomplish this task?
0
Comment
Question by:avsc
3 Comments
 
LVL 3

Accepted Solution

by:
gileze33 earned 2000 total points
ID: 16322448
Dear Avsc.

There is a really simple work around to this problem.

Basically, if you only have one user, you can do this:

ADD THIS BEFORE ALL OF YOUR PAGE:
<?
      if ($_POST['action'] == "login"){
            
            if ($_POST['password'] == "PASSWORD"){
            setcookie("UserLoggedIn","235c7n8ob72n45v8n2mc8nc2p96by2cc025y8n75c0bnv3860c80");
            }else{
            $icp = true;
            }
            
      }
?>

Then at the top of your page body (Just below <BODY> tag), add this:

<? if($_COOKIE['UserLoggedIn'] != "235c7n8ob72n45v8n2mc8nc2p96by2cc025y8n75c0bnv3860c80"){ ?>
<center>
<form id="login" name="login" method="post" action="">
        <input name="action" type="hidden" id="action" value="submit" />
      Login to access this page:
      <input name="password" type="password" class="text" id="password" />
         <input name="Submit" type="submit" class="text" value="Login" />
</form>
        <? if ($icp == true){ ?>
        INCORRECT PASSWORD
        <? } ?>
</center>
<? }else{ ?>


Then you put your body here, then lastly, end the page with <? } ?> to end the if fucntion started earlier on.
0
 
LVL 16

Expert Comment

by:alain34
ID: 16331421
Another solution without cookie

include this php code at the beginning of your php file. Just change the the password to whatever you want!!

//============================================================================//
// Authenticate                                                            //
//============================================================================//

$PHP_AUTH_USER=$_SERVER["PHP_AUTH_USER"];
$PHP_AUTH_PW=$_SERVER["PHP_AUTH_PW"];

if (!isset($PHP_AUTH_USER) && !isset($PHP_AUTH_PW)) {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";  
   exit;
   }
   
if ($PHP_AUTH_USER == '') {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";
   exit;
   }
                    
if ($PHP_AUTH_USER != 'yourUserid' || $PHP_AUTH_PW != 'yourPassword') {
   Header("WWW-Authenticate: Basic realm=Authenticate");
   echo "Authentication required!";    
   exit;
   }
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 16331800
AFAIK $_SERVER["PHP_AUTH_PW"] is not guarateed to be set by the server, depends on the web server
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
A web service (http://en.wikipedia.org/wiki/Web_service) is a software related technology that facilitates machine-to-machine interaction over a network. This article helps beginners in creating and consuming a web service using the ColdFusion Ma…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question