****** RESTRICTED.PHP ****
<?php
// Use this code at the VERY TOP of all pages with restricted content
require_once("./verify.php"); // Make sure the filesystem path is correct!
// Anything below here will only be seen if user is logged in
echo "This message will only be seen by users that are successfully logged in!";
echo "<a href=\"./login.php?logout=1\">Logout</a>";
// Also, make sure this path is correct ?>
****** VERIFY.PHP ********
<?php
if (!($_SESSION['username'] && $_SESSION['password'])) {$logged_in = FALSE;}
elseif($_SESSION['username'] && $_SESSION['password']) {$logged_in = TRUE;}
// Make sure the URL is correct for login.php on the next line
if($logged_in ==
FALSE) {die("You're not logged in. Please do so <a href=\"./login.php?uri=".
urlencode($_SERVER['REQUEST_URI']).
"\">here</a>.");
} ?>
****** CONFIG.PHP ********
<?php
// credentials are caSe-sEnsItiVe !!!
$username =
array('Admin',
'User');
// List of usernames $password =
array('adminpass',
'userpass');
// List of corresponding passwords // Default credentials are Admin:adminpass and User:userpass
?>
****** LOGIN.PHP *********
<?php
require_once("./config.php");
if(!($_SESSION['username'] && $_SESSION['password'])) { // They're NOT logged in
if (! ($_REQUEST['user'] && $_REQUEST['pass'])) { // They've NOT just sent credentials to try to log in
}
else { // They've sent credentials and are trying to log in
if(($password[array_search($_REQUEST['user'],
$username)] ==
$_REQUEST['pass'])){ // Their credentials are verified if($_REQUEST['uri_redirect']) {header("Location: " .
urldecode($_REQUEST['uri_redirect']));
} echo "Congratulations $_SESSION[username], you have logged in!<br>\n".
"<a href=\"?logout=1\" >Logout</a>";
}
else { // They've sent invalid credentials
echo "Incorrect Password. Please <a href=\"{$_SERVER['PHP_SELF']}\">try again</a>.";
}
}
}
else { // They're already logged in
if($_REQUEST[logout]) {
}
else {
echo "You're already logged in!<BR>\n<a href=\"?logout=1\" >Logout</a>";
}
}
function loginForm(){
$form = "<form name=\"login\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\">";
$form .= " user:<input type=\"text\" name=\"user\"><br>";
$form .= " pass:<input type=\"text\" name=\"pass\"><br>";
if ($_REQUEST['uri']) {$form .= " <input type=\"hidden\" name=\"uri_redirect\" value=\"{$_REQUEST['uri']}\">";}
$form .= " <input type=\"submit\" value=\"Log in\">";
$form .= "</form>";
return $form;
}
?>