Home/ Questions/Q 967443
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T02:19:03+00:00

Is it possible to password protect a page without db access? I may have

  • 0

Is it possible to password protect a page without db access? I may have only few pages. But I should be able to change password and also save sessions etc. And I want a secure way as it’s for production site!

How is it to store in a config.php after md5:

 <?php
 username="admin"; 
 password="1a1dc91c907325c69271ddf0c944bc72";
 ?>

If this is a good idea, is there a way to restrict access to this php from only one script
called check.php or something?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Sure, why not? You can use flat files in inaccessible directory (protected by .htaccess or out of the www root) and use that as a database.

    Here’s a simple login class I’ve whipped up:

    class SimpleLogin {

    private $users;
    private $db = './pass.txt';

    function __construct() {
        $data = file_get_contents($this->db);

        if (!$data) {
           die('Can\'t open db');
        } else {
            $this->users = unserialize($data);
        }
    }

    function save() {
        if (file_put_contents($this->db, serialize($this->users)) === false)
            die('Couldn\'t save data');
    }

    function authenticate($user, $password) {
        return $this->users[$user] == $this->hash($password);
    }

    function addUser($user, $password) {
        $this->users[$user] = $this->hash($password);
        $this->save();
    }

    function removeUser($user) {
        unset($this->users[$user]);
        $this->save();
    }

    function userExists($user) {
        return array_key_exists($user, $this->users);
    }

    function userList() {
        return array_keys($this->users);
    }

    // you can change the hash function and salt here
    function hash($password) {
        $salt = 'jafo2ijr02jfsau02!)U(jf';
        return sha1($password . $salt);
    }

}

    NOTE: You really should turn off error reporting if you are going to use this in an actual server. This can be done by calling error_reporting() or by adding ‘@’ in front of file_get_contents and file_put_contents (ie: so it turns into @file_get_contents)

    Usage example: http://left4churr.com/login/

    • 0