Solved

Creating a php session script with password required

Posted on 2009-07-14
8
375 Views
Last Modified: 2013-12-13
I have a site on which I want to limit access to the three of the pages to users who have the correct username and password. I would like a php script so that as soon as the user clicks on the navbar button for any one of those pages, he gets a prompt  that requires username and password. (In this case they will be the same for all authorized users, no database interaction required).

I would also like the php script to create a session so that the user will not have to re-enter the login when he goes to one of the other protected pages or returns to them.

Let's say that the 3 protected pages are: page2.html, page3.html, and page4.html.

I'll continue researching this online, but please give me as much as  you can, up to and including the whole script. I'm really not one of those people looking for you to do my coding. I always learn best when I have a working example in front of me to start with.

Thanks!

John


0
Comment
Question by:gabrielPennyback
  • 4
  • 4
8 Comments
 
LVL 6

Accepted Solution

by:
ou_dober earned 500 total points
Comment Utility
I found this online.  Are you wanting to integrate authentication?  And if so, what type?

http://www.zubrag.com/scripts/password-protect.php

ou_dober
0
 
LVL 6

Assisted Solution

by:ou_dober
ou_dober earned 500 total points
Comment Utility
Here is when you extend out to multiple users.

http://www.zubrag.com/scripts/password-protect-advanced.php

ou_dober
0
 
LVL 1

Author Comment

by:gabrielPennyback
Comment Utility
Thanks ou_dober, I downloaded the first script. It says to set the username and password somewhere in the attached snippet, but I can't figure out where? Could you re-post the appropriate section of the code stting the username as "green" and thepassword as "blue"?

My best guess is that I set them here, and that the username is 'root' and the password is "adminpass'
'zubrag' => 'root',
 'admin' => 'adminpass'

But if that's correct why doesn't say this:
'username' => 'root',
 'password' => 'adminpass'

???


Thanks, John

##################################################################

#  SETTINGS START

##################################################################
 

// Add login/password pairs below, like described above

// NOTE: all rows except last must have comma "," at the end of line

$LOGIN_INFORMATION = array(

  'zubrag' => 'root',

  'admin' => 'adminpass'

);
 

// request login? true - show login and password boxes, false - password box only

define('USE_USERNAME', true);
 

// User will be redirected to this page after logout

define('LOGOUT_URL', 'http://www.example.com/');
 

// time out after NN minutes of inactivity. Set to 0 to not timeout

define('TIMEOUT_MINUTES', 0);
 

// This parameter is only useful when TIMEOUT_MINUTES is not zero

// true - timeout time from last activity, false - timeout time from login

define('TIMEOUT_CHECK_ACTIVITY', true);
 

##################################################################

#  SETTINGS END

##################################################################

Open in new window

0
 
LVL 6

Expert Comment

by:ou_dober
Comment Utility
gabrielPennyback,

Did the information I provide help you find a solution?

ou_dober
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:gabrielPennyback
Comment Utility
The only thing I need to know is where I set the username and password. Right now all I need is one username and password for everyone using the site.

John
0
 
LVL 6

Assisted Solution

by:ou_dober
ou_dober earned 500 total points
Comment Utility
'zubrag' => 'root',

'zubrag' is the userid

'root' is the password for the zubrag account

Change them to what ever you wish and you should be good to go. Remove line 9 where the admin account is to reduce access to one account.  When ready to add accounts, just copy the line below and replace the username and password.  Also, if you only use on line, make sure to remove the comma or it will error out.  When adding accounts make sure to read the comma.  As for why,  That is just the way they wrote it.

Hope this helps.

ou_dober

 'zubrag' => 'root',

Open in new window

0
 
LVL 1

Author Comment

by:gabrielPennyback
Comment Utility
That clears it up and now I can see the logic of it. Thanks!


0
 
LVL 1

Author Closing Comment

by:gabrielPennyback
Comment Utility
Thanks again.

- John
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now