Home arrow PHP arrow Page 4 - Private Pages with PHP and Text Files

Encryption - PHP

You run a website that is simple enough it doesn't require a database. But your site features certain pages to which you'd like to limit access. Most of the time, that implies using a database to store passwords and usernames. There is an easier way, however. It's less secure, but it involves a lot less coding.

TABLE OF CONTENTS:
  1. Private Pages with PHP and Text Files
  2. Creating the main PHP page
  3. Using the Password
  4. Encryption
By: Dan Wellman
Rating: starstarstarstarstar / 15
February 27, 2006

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Now, somewhere on the first page I mentioned encryption.  PHP has some handy MD5 methods built into it, so we can very easily make use of those to convert the password entered by the visitor before itís compared with the stored password.

MD5 is a one-way hashing algorithm, which means that the password can be encrypted in only one way Ė from plain text to encrypted text.  It is impossible to go the other way.  This doesnít make it impossible to break. It's susceptible to brute force or dictionary attacks and substantial time periods, but itís still pretty secure.  Add the following line after the $password declaration:

$md5password = (md5($password));

This saves an encrypted version of what is entered into the text field in the variable $md5password.  Now you need to modify your if statement so that it compares the stored password to the new encrypted password:

if (empty ($password))
    {
      die ("No password entered");
    }
  elseif ($md5password != $storedpass)
    {
      die ("Password Incorrect");
    }
  else
    {
      header("Location: securepage.htm");
    }

As you can see, we have only changed the variable in the elseif part of the statement.  This is because even an empty input variable hashes to a 32 digit value, so the $md5variable is never going to be empty, even if the submit button is clicked before any text has been entered into the input field.

All you need to do now is find out the hash is of the password you intend to store in the pass.txt file.  To achieve this, you can comment out the entire if statement and add an echo statement that displays the encrypted password on screen.  You can then copy the encrypted string and save it in the password file.  You must remember to uncomment the if statement and remove the echo call before using the script, however.

 

As far as the bare-bones script goes, that is pretty much it.  As far as the test files go, its pretty basic, but the HTML page can easily be incorporated into an existing page; you could stick it in a box and style it to match the rest of your homepage to improve that aspect of it, and you could probably include a timing function that waits for a set period of time before redirecting the visitor to the secure page, while displaying a message that the password was correct.  You could also include a similar set of functions for reloading the initial page after displaying the appropriate error message for a brief period without too much difficulty.

You can use the script to restrict access to specific pages within your site's structure. It doesnít offer the security of the username/password authentication methods afforded by a database, and it means that you have to give the password to whoever you want to access the secure pages, but it offers a simple layer of security with a minimum amount of time and code.



 
 
>>> More PHP Articles          >>> More By Dan Wellman
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: