Hi,
It must to protect 2 .php files with username and password. Which is the best way?
Thank you

Hi Bimbas, do you need to be able to change your username and password when you want by 'editing' your profile once logged in? - Also, do you require the function to have users 'register'?

I suggest a mysql database with username and passwords of your users. They then have to log in using these details to see your pages.

You need to use sessions and cookies.

These links will help.

http://www.websitepublisher.net/article/php_cookies/

http://phpbuilder.com/board/showthread.php?p=10680965

The php page which i want to protect will have just 1 user(the owner of website). Tha page is with a form for administration

Hi, I will knock something together and post it here for you.

Have a form post the name and pass to this script.

PHP Code:

<?php

$name = $_POST['name'];
$pass = $_POST['pass'];

if($name == "yourname") && if($pass == "yourpass")
{
echo "woohoo correct";
}
else
{
echo "Wrong username and password";
}
?>

I wrote that off the top of my head, so don't assume it works, i didn't test it.

Just to warn you that code will only protect the one page, the protection will not be carried over subsequent pages linked from that page. If you just want to protect one page, then thats no problem!

I would recommend using a .htaccess and .htpasswd file for this (assuming you run apache as the webserver). You can set this up to protect an entire folder of your webspace and all the child folders. It can be set up from the command line, or most CPanels have to option to password a folder.

Here you go:

change.php

PHP Code:

<?php
session_start(); 
header("Cache-control: private");
// use this file to let users' change their data that is stored in 'data.txt'
// use your own html to integrate the script into your site
?>
<html>
<head>
<title>Change/Update Details</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<FORM action="login.php?action=change" method="post"> 
<p>Username: 
<?php echo $_SESSION['name']; ?>
</p>
<p>Name:
<INPUT name="name" type="text" value="<?php echo $_SESSION['realname']; ?>"> 
</p>
<p>Email: 
<INPUT name="email" type="text" value="<?php echo $_SESSION['email']; ?>">
</p>
<p>Url: 
<INPUT name="url" type="text" value="<?php echo $_SESSION['url']; ?>">
</p>
<p>Password:
<INPUT name="newpass" type="text" value="<?php echo $_SESSION['pass']; ?>">
<INPUT type="submit" value="Change"> 
</span> 
</p>
</FORM> 
</body>
</html>

login.php

PHP Code:

<?php
session_start(); 
header("Cache-control: private");
?> 
<html> 
<head> 
<title>Logged-in</title> 
</head> 
<body> 
<?php
$datafile="data.txt"; //name of the data file
if($_GET['action'] == "login") { 
 
if(!isset($_POST['username']) || !isset($_POST['password'])){ //this checks that all the fields are filled in
 
error_message("One or more required fields were left blank!", $username, $password); 
} 
 
$file = file($datafile); 
while(list(,$value) = each($file)) { 
list($fname,$femail,$furl,$fuser,$fpass,$blank) = explode('|', $value); 
if($_POST['username'] == $fuser && $_POST['password'] == $fpass){ 
 
$_SESSION['name'] = $fuser;
$_SESSION['realname'] = $fname;
$_SESSION['url'] = $furl;
$_SESSION['email'] = $femail; //adds the users data to the php session
$_SESSION['pass'] = $fpass;
 
//insert html for sucessfull log on here
//you can use . $_SESSION['name'] . for username
//replace name with realname, url, or email to display different name/field
?> 
you are logged in.<br />
view you profile <a href="profile.php">here</a><br />
or logout <a href="logout.php">here</a>.
</body>
</html>
 
<?php
$logink = true; 
} 
} 
if($logink !== true) { 
?>
Login failed, bad username/password
<?
} 
} elseif($_GET['action'] == 'change') { 
 
if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['url']) || !isset($_POST['newpass'])) { 
 
//this checks that all the fields are filled in
?>
all fields were not filled in
<?
} 
 
$file = file($datafile); 
while(list(,$value) = each($file)){ 
list($fname,$femail,$furl,$fuser,$fpass) = explode('|', $value); 
if($_SESSION['name'] == $fuser){ 
//opens data file to change it
$oldword = "$fname|$femail|$furl|$fuser|$fpass|"; 
$newword = $_POST['name'] . '|' . $_POST['email'] . '|' . $_POST['url'] . '|' . $_SESSION['name'] . '|' . $_POST['newpass'] . '|'; 
$fp = fopen($datafile, 'r'); 
$data = fread($fp, filesize($datafile)); 
fclose($fp); 
$newdata = str_replace($oldword, $newword, $data); 
$fp = fopen($datafile, 'w'); 
fwrite($fp,$newdata) or die ('error writing'); 
fclose($fp); 
$succ = true; //data changed sucessfully
?> 
Everything was changed successfully please <a href="user.php">login</a>
<?
$_SESSION['name'] = FALSE; 
$_SESSION['pass'] = FALSE; 
$_SESSION['url'] = FALSE; 
$_SESSION['realname'] = FALSE; 
$_SESSION['email'] = FALSE; 
} 
} 
if($succ !== true) { 
?>
Login failed, bad username/password
<?
} 
} else { 
exit; 
} 
?>

logout.php

PHP Code:

<?php
session_start(); 
header("Cache-control: private");
// html for logging out
?>
<html> 
<head>
<title>Logout</title>
</head>
<body>
 
<?php 
if(!$_SESSION['name']){ 
echo "you are not logged in"; // This is what will be displayed of no session data is found
} else { 
$_SESSION['name'] = FALSE; 
$_SESSION['pass'] = FALSE; //this deletes the session data from php
$_SESSION['url'] = FALSE; 
$_SESSION['realname'] = FALSE; 
$_SESSION['email'] = FALSE; 
echo "you have been logged out"; 
} 
?> 
</body>
</html>

profile.php

PHP Code:

<?php
session_start(); 
header("Cache-control: private");
// use your own html to integrate the script into your site
?>
<html>
<head>
<title>Users Profile</title>
</head>
<body>
<?php
if(!$_SESSION['name']){
 
echo "you are not logged in"; // This is what will be displayed of no session data is found
} else { 
echo "Username: " . $_SESSION['name'] . "<br />"; //this displays the information in the php session
echo "Name: " . $_SESSION['realname'] . "<br />"; //like a profile
echo "Url: <a href='" . $_SESSION['url'] . "'>" . $_SESSION['url'] . "</a><br />";
echo "Email: " . $_SESSION['email'] . "<br />";
echo "Pass: " . $_SESSION['pass'] . "<br />";
?>
<a href="change.php">Edit you profile </a>
<?php
} 
?>
</body>
</html>

signup.php

PHP Code:

<html> 
<head> 
<title>Register</title> 
</head> 
<body> 
<?php 
$datafile = 'data.txt'; 
if($_GET['action'] == 'signup') { 
 
if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['url']) || !isset($_POST['username']) || !isset($_POST['password'])){ 
 
error_message('One or more required fields were left blank!', $_POST['name'], $_POST['email'], $_POST['url'], $_POST['username'], $_POST['password']); 
} 
 
$file = file($datafile); 
while(list(,$value)=each($file)){ //check if user exists
list($fname,$femail,$furl,$fuser,$fpass,$blank)=split( "\|", $value); 
if($username==$fuser){ 
 
error_message('Username is allready in use.', $_POST['name'], $_POST['email'], $_POST['url'], $_POST['username'], $_POST['password']); 
} 
} 
 
$fp = fopen($datafile, 'a'); 
fwrite($fp, $_POST['name'] . '|' . $_POST['email'] . '|' . $_POST['url'] . '|' . $_POST['username'] . '|' . $_POST['password'] . "|\n"); 
fclose($fp); 
//html for sucessfull signup
?> 
You have been sucessfulle registered.<br />
You may now <a href="user.php">login</a> using the followin details<br /> 
username: <?echo $username;?><br /> 
password: <?echo $password;?> 
</body>
</html>
<?php 
} else { 
//html for sign up
?> 
<html>
<head>
<title>Register</title>
</head>
<body>
 
<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>?action=signup" method="post"> 
<p>Name: 
<INPUT type="text" name="name"></p> 
<p>E-mail Address: 
<INPUT type="text" name="email"></p>
<p>Website Address: 
<INPUT type="text" name="url"></p>
<p>Desired Username: 
<INPUT type="text" name="username"></p>
<p>Password: 
<INPUT type="password" name="password"></p>
<INPUT type="submit" value="Sign-up"> 
</FORM> 
</body>
</html>
 
<?php 
} 
function error_message($message, $name, $email, $url, $username, $password) { 
?> 
<html>
<head> //html for signing up error
<title>Error</title>
</head>
<body>
<?php echo $message;?> //error message
<FORM action="<?php echo $_SERVER['PHP_SELF']; ?>?action=signup" method="post">
 
<P>Name: <INPUT type="text" name="name" value="<?php echo $name;?>"> 
<P>E-mail Address: <INPUT type="text" name="email" value="<?php echo $email;?>"> 
<P>Website Address: <INPUT type="text" name="url" value="<?php echo $url;?>"> 
<P>Desired Username: <INPUT type="text" name="username" value="<?php echo $username;?>">
 
<P>Password: <INPUT type="password" name="password" value="<?php echo $password;?>"> 
<P><INPUT type="submit" value="Sign-up"> 
</FORM> 
</body>
</html>
 
<?php 
exit; 
} 
?> 
</body> 
</html>

user.php

PHP Code:

<html>
<head>
<title>User</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="login" method="post" action="login.php?action=login">
<p>
Username: <input type="text" name="username">
</p>
<p>
Password: 
<input type="password" name="password">
</p>
<p>
<input type="submit" name="Submit" value="Login">
</p>
<p>havent got a username register <a href="signup.php">here</a></p>
</form>
</body>
</html> 


Also create a blank .txt file called data.txt

Edit all the above HTML found within each file to your liking to integrate the script into your site.

NOTE:
You must chmod data.txt to 777
Files Included:
logout.php - Script to alow users to logout
signup.php - Script for users to register
profile.php - Displays users data
change.php - Alows users to change their data
login.php - Main php file
data.txt - File containing users data
users.php - Allows users to login

Simply run user.php to test the script out. Hope this does what you want.

Bri

I'm looking for something like stOx's script, but it don't works

Hugely comprehensive post and yet unappreciated post Bri. I have added to your talkputation.

I will come to you if I have any problems!

Sorry my script was not what you had in mind Bimbas At least someone found it of use though eh

Thanks uktvindex

P.S.
Anyone wanting a demo of what the above code actually does can have a look here.

Hi to all, It seems that the problem is on my hosting provider, i'll talk with them now.
Bri, your script is very very useful, and I'll use it in some other site. Thank you.

I am glad you liked it even though it is a little rough around the edges

Hope you get things sorted out