Log in

View Full Version : code to prevent access to a page


prince0
09-04-2007, 07:09 AM
I have a page i dont want people to have access to, so i have a login on my home page so that the people that i want them to have access to that page will only have the predefined username and password to gain access to the page.
Pls i dont want to use db, i just need a php code to achieve this.
tech_support
09-04-2007, 07:34 AM
A thing I wrote quite a while ago...



<?php
session_start();

if (isset($_GET['login'])) {
//User List.
$users = array(
'myuser'=>'mypass',
'myuser2'=>'mypass2'
);

$default = 'index.php'; //Default Location to Redirect
foreach ($users as $user=>$pass) {
$selecteduser = $_POST['user']; //Selected user...
$selectedpass = $_POST['pass']; //Selected password...
if ($user === $selecteduser && $pass === $selectedpass) { //Checks if the user and password is correct
$_SESSION['isLogin'] = true; //Sets the isLogin variable in session to true
$_SESSION['logged'] = $selecteduser; //Sets the user logged in
$_SESSION['pass'] = md5(md5(md5($selectedpass)));
$_SESSION['auth'] = md5($_SERVER['REMOTE_ADDR'].$_SESSION['logged'].$_SESSION['pass']); //Sets the unique computer ID
header('location:'.$default); //Redirects it
}
}
if (!isset($_SESSION['isLogin'],$_SESSION['logged'],$_SESSION['auth'])) { //Checks if the user has been logged in yet
$_SESSION['errMsg'] = 'Incorrect username/password'; //Sets the error
}
}
if (isset($_GET['logout'])) {
session_destroy(); //Destroys the session, aka. all data in the $_SESSION array, eg. username, password etc.
setcookie($_COOKIE['PHPSESSID'],'begone'); //Deletes the session cookie
$_SESSION['errMsg'] = 'You have been logged out.';
}
//Sets the user
$user = isset($_SESSION['logged']) ? $_SESSION['logged'] : '';
//Sets the pass
$user = isset($_SESSION['pass']) ? $_SESSION['pass'] : '';
//Checks if the user is logged in and on the same computer...
if (!isset($_SESSION['isLogin']) || md5($_SERVER['REMOTE_ADDR'].$user.$pass) != $_SESSION['auth']) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Login</title>
</head>

<body>
<?php echo isset($_SESSION['errMsg']) ? $_SESSION['errMsg'] : 'Please login to access this page.'; // Echoes the error message. ?>
<form name="login" method="POST" action="?login=true">
<p>
<label>Username: <input type="text" name="user"></label>
</p>
<p>
<label>Password: <input type="password" name="pass"></label>
</p>
<p>
<label><input type="submit" name="Submit" value="Login"></label>
</p>
</form>
</body>
</html>
<?php
die(); //Stops outputting anything else.
}
?>