What is the best way to password protect folder/page using php without a db or username

php passwords password-protection
Boris Smirnov picture Boris Smirnov · Nov 13, 2008 · Viewed 66.3k times · Source

What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way.

It would be nice if the password is remembered for a while once user entered it correctly.

I am doing approximately what David Heggie suggested, except without cookies. It does seem insecure as hell, but it is probably better having a bad password protection then none at all.

This is for internal site where people would have hell of a time remembering their login and password and would never go through sign up process... unless it is really easy they would not use the system at all.

I wanted to see other solutions to this problem.

With user base consisting of not very tech savvy people what are other ways to do this.

Answer

Tom Haigh picture Tom Haigh · Nov 13, 2008

You could use something like this:

//access.php

<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';

session_start();
if (!isset($_SESSION['loggedIn'])) {
    $_SESSION['loggedIn'] = false;
}

if (isset($_POST['password'])) {
    if (sha1($_POST['password']) == $password) {
        $_SESSION['loggedIn'] = true;
    } else {
        die ('Incorrect password');
    }
} 

if (!$_SESSION['loggedIn']): ?>

<html><head><title>Login</title></head>
  <body>
    <p>You need to login</p>
    <form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
  </body>
</html>

<?php
exit();
endif;
?>

Then on each file you want to protect, put at the top:

<?php
require('access.php');
?>
secret text

It isn't a very nice solution, but it might do what you want

Edit

You could add a logout.php page like:

<?php
    session_start();
    $_SESSION['loggedIn'] = false;
?>
You have logged out

Related questions

How do you use bcrypt for hashing passwords in PHP?

Every now and then I hear the advice "Use bcrypt for storing passwords in PHP, bcrypt rules". But what is bcrypt? PHP doesn't offer any such functions, Wikipedia babbles about a file-encryption utility and Web searches just reveal a few …

Read More
What is a good way to produce a random "site salt" to be used in creating password retrieval tokens?

I would like to create a site-wide hash to be used as salt in creating password retrieval tokens. I have been bouncing around stackoverflow trying to get a sense of the best way to do this. Here's the reset process: …

Read More
How to log in to phpMyAdmin with WAMP, what is the username and password?

What does the word "root" mean in phpMyAdmin? Whenever I write localhost/phpmyadmin on the address bar, I am asked to enter a username and a password, but I don't know what they are. I don't remember when and where …

Read More