php pass protection script

attackle98

<?php

session_start();
$admin_user_name = "admin";
$admin_password = "pass";
//you can change the username and password by changing the above two strings

if (!isset($HTTP_SESSION_VARS['user'])) {

if(isset($HTTP_POST_VARS['u_name'])) 
	$u_name = $HTTP_POST_VARS['u_name'];

if(isset($HTTP_POST_VARS['u_password'])) 
	$u_password = $HTTP_POST_VARS['u_password'];

if(!isset($u_name)) {
	?>
	<HTML>
	<HEAD>
	<TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
	</HEAD>
	<BODY bgcolor=#ffffff>
	<table border=0 cellspacing=0 cellpadding=0 width=100%>
		 <TR><TD>
		 <font face=verdana size=2><B><center>(Access Restricted to Authorized Personnel)</center></b> </font></td>
		 </tr></table>
	<P></P>
	<font face=verdana size=2>
	<center>
	<?php
	$form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";

	if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
	$form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

	?>
	<form method=post action=<?php echo $form_to; ?>>
	<table border=0 width=350>
	<TR>
	<TD><font face=verdana size=2><B>User Name</B></font></TD>
	<TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
	<TR>
	<TD><font face=verdana size=2><B>Password</B></font></TD>
	<TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
	</TR>
	</table>
	<input type=submit value=Login></form>
	</center>
	</font>
	</BODY>
	</HTML>

	<?php
	exit;
}
else {

	function login_error($host,$php_self) {
		echo "<HTML><HEAD>
		<TITLE>$host :  Administration</TITLE>
		</HEAD><BODY bgcolor=#ffffff>
		<table border=0 cellspacing=0 cellpadding=0 width=100%>
			 <TR><TD align=left>
			 <font face=verdana size=2><B>  You Need to log on to access this part of the site! </b> </font></td>
			 </tr></table>
		<P></P>
		<font face=verdana size=2>
		<center>";

		echo "Error: You are not authorized to access this part of the site!
		<B><a href=$php_self>Click here</a></b> to login again.<P>
		</center>
		</font>
		</BODY>
		</HTML>";
		session_unregister("adb_password");
		session_unregister("user");
		exit;
	}

	$user_checked_passed = false;


	if(isset($HTTP_SESSION_VARS['adb_password'])) {

		$adb_session_password = $HTTP_SESSION_VARS['adb_password'];
		$adb_session_user = $HTTP_SESSION_VARS['user'];


		if($admin_password != $adb_session_password) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		else {
			$user_checked_passed = true;
		}
	}


	if($user_checked_passed == false) {

		if(strlen($u_name)< 2) 
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);

                     if($admin_user_name != $u_name) //if username not correct
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);	

		if(isset($admin_password)) {

			if($admin_password == $u_password) {

				session_register("adb_password");
				session_register("user");

				$adb_password = $admin_password;
				$user = $u_name;
			}
			else { //password in-correct
				login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
			}
		}
		else {
			login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
		}

		$page_location = $HTTP_SERVER_VARS['PHP_SELF'];
		if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
		$page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];

		header ("Location: ". $page_location);
	}
}

}
?>

here was my code i want to be able to use more than one user

attackle98

anyone?

uberbeast

You can tie it to a database or read the usernames from a file.

If you dont plan on changing users a lot, you could put them in an array and walk through the array looking for a username to match. And if you do find a match, check to see if that usernames password matches.

You can find array functions at
PHP Array Functions

attackle98

reading the usernames and password would be nice to read from a file

attackle98

how do i do it