It often happens that it is necessary to divide visitors into desirable and undesirable, and to give the opportunity to see some pages of the site only to those who have a login and password. How to do this, for example, in the server-side scripting language PHP?
Instructions
Step 1
Let's organize the easiest way to protect your pages from unauthorized visitors. The bearer of information about whether the visitor is authorized will be the session. A session is an analogue of cookies in a browser, with the only difference that they are created not on our computer, but on the server. And they are used for the same purpose as cookies - to store different information about us while we go from page to page of one site. When we close the browser, the server destroys this session, and the next time we log in, it creates a new one. We use this server mechanism to record whether the user is already logged into the session or not. Reading this information, when a visitor asks for a page, the php script will either open access to password-protected pages, or offer to enter a username and password.
Step 1: Create a page for entering login and password. The HTML code of the authorization form in its simplest form may look like this:
Login:
Password:
Here (at the very beginning of the file) we will add php-code that will check the correctness of the username and password entered by the visitor. At the beginning we will write:
session_start ();
This command starts a new session if one has not already been created for this visitor.
Then let's check if the session has a variable named 'userName' - it will store the name if the visitor has already been logged in. If there is such a variable, redirect the visitor to the main page (index.php) and finish executing this php script:
if ($ _ SESSION ['userName']) {
header ("Location: index.php");
exit;
}
The rest of the code will be executed only if the user has not yet entered the correct username and password. Let's indicate which login and password should be considered correct:
$ validName = 'I'm mine!';
$ validPass = 'secret password';
Then we check if the values submitted from the form match the correct ones. Since we have specified the POST data transfer method in the form, they should be read from the $ _POST superglobal variable:
if ($ _ POST ['userName'] == $ validName && $ _POST ['userPass'] == $ validPass) {
$ _SESSION ['userName'] = $ validName;
header ("Location: index.php");
exit;
}
Here the code in curly braces {} will be executed with the correct login and password values. On the line $ _SESSION ['userName'] = $ validName; ma we write to the session a variable named 'userName' containing the login of the now authorized user. This will be the mark that access is open to him everywhere as long as his current session is valid.
And in case incorrect data is entered into the form, add the appropriate message:
else echo"
Login or password is incorrect!
;
All the code that needs to be saved to a file named login.php will look like this:
<? php
session_start ();
if ($ _ SESSION ['userName']) {
header ("Location: index.php");
exit;
}
$ validName = 'I'm mine!';
$ validPass = 'secret password';
if ($ _ POST ['userName'] == $ validName && $ _POST ['userPass'] == $ validPass) {
$ _SESSION ['userName'] = $ validName;
header ("Location: index.php");
exit;
}
else echo"
Login or password is incorrect!
;
?>
Login:
Password:
Step 2
Step 2: Create an authorization block - a separate file that will be connected to each page that needs password protection. This file will contain only php-code, so its extension will be "php", and we will give it a name according to tradition for such files - "auth", that is, "auth.php". And here, too, immediately after the opening <? Php tag, there should be an instruction to start a session:
session_start ();
We can read all the variables that are stored in the session from the $ _SESSION superglobal array. We need to check the value of the "userName" variable - if the visitor has not logged in yet, then it will not be in the array, and we will redirect him to the page for entering the username and password:
if (! $ _ SESSION ['authorized']) {
header ("Location: login.php");
exit;
}
All the code that needs to be saved to the auth.php file will look like this:
<? php
session_start ();
if (! $ _ SESSION ['admin']) {
header ("Location: enter.php");
exit;
}
?>
Step 3
Step 3: after we save these files on the server, it will remain in all php-pages that need to be protected from unauthorized users to connect the authorization block. That is, at the very beginning of each php file, you will need to insert this code:
<? php
require "auth.php";
?>
And to change the access password, you will need to change the values of these variables in the login.php file:
$ validName = 'I'm mine!';
$ validPass = 'secret password';
$ validName - login, $ validPass - password.
