1. ****** RESTRICTED.PHP ****
  2. <?php
  3. // Use this code at the VERY TOP of all pages with restricted content
  4. require_once("./verify.php"); // Make sure the filesystem path is correct!
  5.  
  6. // Anything below here will only be seen if user is logged in
  7. echo "This message will only be seen by users that are successfully logged in!";
  8. echo "<a href=\"./login.php?logout=1\">Logout</a>"; // Also, make sure this path is correct
  9. ?>
  10.  
  11. ****** VERIFY.PHP ********
  12. <?php
  13. session_start();
  14. if  (!($_SESSION['username'] && $_SESSION['password'])) {$logged_in = FALSE;}
  15. elseif($_SESSION['username'] && $_SESSION['password'])  {$logged_in = TRUE;}
  16.  
  17. // Make sure the URL is correct for login.php on the next line
  18. if($logged_in == FALSE) {die("You're not logged in. Please do so <a href=\"./login.php?uri=".urlencode($_SERVER['REQUEST_URI'])."\">here</a>.");}
  19. ?>
  20.  
  21. ****** CONFIG.PHP ********
  22. <?php
  23. // credentials are caSe-sEnsItiVe !!!
  24. $username = array('Admin', 'User'); // List of usernames
  25. $password = array('adminpass', 'userpass'); // List of corresponding passwords
  26. // Default credentials are Admin:adminpass and User:userpass
  27. ?>
  28.  
  29. ****** LOGIN.PHP *********
  30. <?php
  31. session_start();
  32. require_once("./config.php");
  33.  
  34. if(!($_SESSION['username'] && $_SESSION['password'])) { // They're NOT logged in
  35.   if (! ($_REQUEST['user'] && $_REQUEST['pass'])) { // They've NOT just sent credentials to try to log in 
  36.     echo loginForm();
  37.   }
  38.   else { // They've sent credentials and are trying to log in
  39.     if(($password[array_search($_REQUEST['user'], $username)] == $_REQUEST['pass'])){ // Their credentials are verified  
  40.       session_register("username"); $_SESSION['username'] = $_POST['user'];
  41.       session_register("password"); $_SESSION['password'] = $_POST['pass'];
  42.       if($_REQUEST['uri_redirect']) {header("Location: " . urldecode($_REQUEST['uri_redirect']));}
  43.       echo "Congratulations $_SESSION[username], you have logged in!<br>\n".
  44.       "<a href=\"?logout=1\" >Logout</a>";
  45.     }
  46.     else { // They've sent invalid credentials
  47.       echo "Incorrect Password. Please <a href=\"{$_SERVER['PHP_SELF']}\">try again</a>.";    
  48.     }
  49.   }
  50. }
  51. else { // They're already logged in
  52.   if($_REQUEST[logout]) {
  53.     session_unregister("username");
  54.     session_unregister("password");
  55.     echo loginForm();
  56.   }
  57.   else {
  58.   echo "You're already logged in!<BR>\n<a href=\"?logout=1\" >Logout</a>";
  59.   }
  60. }
  61.  
  62. function loginForm(){
  63. $form =  "<form name=\"login\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\">";
  64. $form .= "    user:<input type=\"text\" name=\"user\"><br>";
  65. $form .= "    pass:<input type=\"text\" name=\"pass\"><br>";
  66. if ($_REQUEST['uri']) {$form .= "    <input type=\"hidden\" name=\"uri_redirect\" value=\"{$_REQUEST['uri']}\">";}
  67. $form .= "    <input type=\"submit\" value=\"Log in\">";
  68. $form .= "</form>";
  69. return $form;
  70. }
  71. ?>