Jump to content
Screech

Simple Password Protect with Cookies

By Screech, in Tutoriale in engleza

Recommended Posts

Screech Newbie

Screech

Posted
Posted

What's different this time?

Well this script is alot more flexible, its more secure, and its much easier to add it to multiple pages.

What doesn't it have?

Well just so you don't get confused this is really designed for Admin panels. It doesn't include anyway of registering, there isn't support for multiple users and it isn't run from any kind of database it is just a plain and simple password protection script purely for admin panels.

config.php

Lets get started. First we're going to write the config file. I wont explain this because it is simply defining variables but if you read the comments and the variables in it you should get the idea of it. Save the below as config.php:

<?php

//Admin Username and password

$adminuser = "demo";

$adminpass = "demo";



//Error message variables

$not_logged_in_message_error_message = "Error... Error... You Are not logged in. Go back and try again!
";

$incorrect_error_message = "You have entered the incorrect Username and/or Password, please go back and try again!
";

$no_pass_or_user_error_message = "You have either not entered a password or a username, please go back and try again!
";



//The first page you want the script to go to after creating those cookies (this page must include the validating code as seen in admin1.php)

$first_page = "admin1.php";

?>

All you need to change above is the $adminuser and $adminpass (Admin Username and Password respectively) and if you want you can change the error messages.

index.php

We need a form for the user to enter the username and password details. There is no PHP in this but I have saved it as a .php file to keep all my file extensions uniform. If you change the extension to .html remember to edit the logout file (below) accordingly because that forwards to this page. Save the below as index.php:

<html>

<head>

<title>Login Page</title>

</head>

<body>



<table width="400" border="0" align="center" cellpadding="3" cellspacing="00">

  <tr>

    <td>[b]Login Form [/b]</td>

  </tr>

  <tr>

    <td><form id="form1" name="form1" method="post" action="login.php"><table width="100%" border="0" cellspacing="00" cellpadding="3">

      <tr>

        <td width="49%"><div align="right">Username:</div></td>

        <td width="51%"><input name="formuser" type="text" id="formuser" /></td>

      </tr>

      <tr>

        <td><div align="right">Password:</div></td>

        <td><input name="formpass" type="password" id="formpass" /></td>

      </tr>

      <tr>

        <td> </td>

        <td>

          <input type="submit" name="Submit" value="Login!" />        </td>

      </tr>

    </table>

    </form></td>

  </tr>

</table>

</body>

</html>

login.php

This is the page which the above login form sends the information to. This form takes that information, stores it in some cookies and forwards to the main admin page (admin1.php, see below). Save the below as login.php:

<?php

$formuser = $_POST["formuser"];

$formpass = $_POST["formpass"];

$formpass = md5($formpass);

if($formuser && $formpass) {

    setcookie ("cookuser");  

    setcookie ("cookpass");

    

    setcookie ("cookuser", $formuser);

    setcookie ("cookpass", $formpass);

    header("Location: admin1.php");

    }

    else {

        include("config.php");

    echo($no_pass_or_user_error_message);

    }

?>

Ok, now to explain all that.

$formuser = $_POST["formuser"];

$formpass = $_POST["formpass"];

$formpass = md5($formpass);

The first 2 lines put the username and password entered on the login form into their own variables. The 3rd line takes the password and converts it to an md5 hash for added security.

if($formuser && $formpass) {

    setcookie ("cookuser");  

    setcookie ("cookpass");

    

    setcookie ("cookuser", $formuser);

    setcookie ("cookpass", $formpass);

    header("Location: admin1.php");

    }

First Line: If $formuser and $formpass are in existance with a value then do the following:

Next 2 lines: these make sure that there is no cookie in existance on the users computer with the names cookuser and cookpass by deleting them.

Lines 5 & 6: These make a cookie for the username and a cookie for the password and store the information from the form in them.

Line 7: This forwards the page to the main admin page (admin1.php, see below).

Line 8: Closes the if statement created on the first line of this section.

    else {

        include("config.php");

    echo($no_pass_or_user_error_message);

    }

This "else" statement will echo an error message if either a username or password has not been entered (that is what the previous if statement was checking for).

admin1.php

This is the file where the validation is done. You will probably want more than one protected page so to create them simply copy this code into different files and change the content in the area where I have the PHP comment: //Any protected stuff you want goes in here!. Save the below as admin1.php

<?php

include("config.php");

$cookuser = $_COOKIE["cookuser"];

$cookpass = $_COOKIE["cookpass"];

$adminpass = md5($adminpass);

if($cookuser && $cookpass) {

    if(($cookuser == $adminuser) && ($cookpass == $adminpass)){

    echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>");

    //Any protected stuff you want goes in here!

    }

    else{

    echo($incorrect_error_message);

    }

}

else{

echo($not_logged_in_message_error_message);

}

?>

Now for an explanation...

include("config.php");

Includes the config file.

$cookuser = $_COOKIE["cookuser"];

$cookpass = $_COOKIE["cookpass"];

$adminpass = md5($adminpass);

The first 2 lines set 2 variables, 1 each for the username and password which it retrieves from the cookies set in login.php (see above). The third line converts the admin password set in the config file (config.php, see above) into an md5 hash for added security.

if($cookuser && $cookpass) {

    if(($cookuser == $adminuser) && ($cookpass == $adminpass)){

The first if statement (line 1) checks to make sure there is actually some value to the variables $cookuser and $cookpass set above. The second if statement (line 2) checks to see if the username and password from the cookies match the username and password which are stored in the config file. If both the username and password match then the protected code/script will be executed:

echo("You have succesfully logged in! Please feel free to browse this secure admin page! To loggout go to <a href=logout.php>logout.php</a>");

    //Any protected stuff you want goes in here!

}

This ends the first if statement.

else{

    echo($incorrect_error_message);

    }

If either the username or password are incorrect this will display the error message set in the config file (see config.php above).

}

else{

echo($not_logged_in_message_error_message);

}

First line ends the 1st if statement set at the top of this whole file and then the other 3 lines is the else statement related to the if statement and it echos an error message.

logout.php

This is the last file, all it does is deletes the cookies and forwards to the login form so Im not even going to explain it. Save the below as logout.php

<?php

setcookie ("cookuser");  

setcookie ("cookpass");

header("Location: index.php");

?>

Thanks to Adrian

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...