Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the best way to password protect folder/page using php without a db or username

Tags:

What is the best way to password protect folder using php without a database or user name but using. Basically I have a page that will list contacts for organization and need to password protect that folder without having account for every user . Just one password that gets changes every so often and distributed to the group. I understand that it is not very secure but never the less I would like to know how to do this. In the best way.

It would be nice if the password is remembered for a while once user entered it correctly.


I am doing approximately what David Heggie suggested, except without cookies. It does seem insecure as hell, but it is probably better having a bad password protection then none at all.

This is for internal site where people would have hell of a time remembering their login and password and would never go through sign up process... unless it is really easy they would not use the system at all.

I wanted to see other solutions to this problem.

With user base consisting of not very tech savvy people what are other ways to do this.

like image 405
Boris Smirnov Avatar asked Nov 13 '08 13:11

Boris Smirnov


People also ask

How do I password protect a folder without encryption?

You can password protect individual files, but most file formats, say text, jpg, etc (unlike MS Office files) cannot be password protected by the application hosting it. You can use compression applications like WinZip, 7Zip (free) to compress individual files and secure them with a password.

What is the purpose of PHP password control?

With this PHP/MySQL-based Password Protect Content script you can protect any type of content: text, images, videos. MySQL database is used to store all the content that you need to protect. For each block of content, you set a password.


1 Answers

Edit: SHA1 is no longer considered secure. Stored password hashes should also be salted. There are now much better solutions to this problem.


You could use something like this:

//access.php  <?php //put sha1() encrypted password here - example is 'hello' $password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';  session_start(); if (!isset($_SESSION['loggedIn'])) {     $_SESSION['loggedIn'] = false; }  if (isset($_POST['password'])) {     if (sha1($_POST['password']) == $password) {         $_SESSION['loggedIn'] = true;     } else {         die ('Incorrect password');     } }   if (!$_SESSION['loggedIn']): ?>  <html><head><title>Login</title></head>   <body>     <p>You need to login</p>     <form method="post">       Password: <input type="password" name="password"> <br />       <input type="submit" name="submit" value="Login">     </form>   </body> </html>  <?php exit(); endif; ?> 

Then on each file you want to protect, put at the top:

<?php require('access.php'); ?> secret text 

It isn't a very nice solution, but it might do what you want

Edit

You could add a logout.php page like:

<?php     session_start();     $_SESSION['loggedIn'] = false; ?> You have logged out    
like image 83
Tom Haigh Avatar answered Nov 08 '22 12:11

Tom Haigh