Although in general, your site is often fairly simple and does not require a database at all, in some cases your site may want to restrict access to certain pages. Generally, this means using a database to store passwords and user names. However, you have a much easier way-although its security is a bit poor, it only contains a very small number of encodings.
If you use a database in your own Web application, you already have the ability to store passwords and user names somewhere, and there is a way to authenticate visitors. But what if you can't guarantee the use of a database because of the security or complexity of your site? There may be times when you just want someone special to access some pages or areas of your site. A simple way to do this is to use a text file that stores passwords, and create a page to prompt the visitor for a password, and if the password matches what is stored in the text file, allow the user to access the Restricted page, or display an appropriate message to prevent access before the page is refreshed.
For further security, you can use Hashifalai to encrypt passwords stored in text files so that if their content is found to some extent, it will be difficult to pinpoint. All of this can be built with a PHP method and only a very small amount of coding.
Before you start, you need to build an environment to test and use PHP, so you first need to install and configure a Web server for PHP. Since Apache works well with PHP and is easy to install and configure, I recommend using this option.
Next, you need to create a page (similar to the following figure)-It has a text box to receive the password from the visitor, and a submit button to send it to your PHP file. This can be either a new page or a part of an existing page on your site. A simple block of code like the following should suffice:
Next, you need to create a PHP home page that completes the actual work. Open a blank page in a text editor, and then open a PHP block in a standard way:
?
As I mentioned earlier, PHP has a set of standard functions and methods to implement file operations. Among them, the most important are fopen (), Fread () and fclose () functions. In order to do some sort of file operation, we need to open it first, and obviously, this is done using the fopen () function, and we have to specify how to manipulate the file, read the file, read the file is the most common task, but other additional flags can be used to tell the program is to put the file pointer to the beginning or the end of the file, and whether to create the file if it does not yet exist. In this case, however, all we need to do is open the text file that contains the password and read it.
Then, first create a variable to the path to the specified text file:
$fileloc = "/apachesite/docs/pass.txt"
Next, create a variable to hold the file pointer:
$filetoread = fopen ($fileloc, "R") or Die ("could not open password file");
You can also use the die method to end the script and print an appropriate message on the screen if the operation fails for some reason. Once you open the file, you need to read its contents to compare it to what you entered in password form:
$storedpass = Fread ($filetoread, FileSize ($fileloc)) or die ("could not read stored password");
You should set a variable to hold the data in the file and call the Fread () method (it has two parameters: file pointer and file length). You may know (or may not know) the length of your password. To make future programming easier (when passwords need to be changed), you can use the FileSize () method to get the file length. Once the file is no longer needed, close it immediately:
Fclose ($filetoread);
iii. Use of passwords
In order to use the password entered into an HTML form, you need to get it and store it in a variable. When we use the Post method to send user input to the PHP script, we can use $_post to get the password entered:
$password = $_post["password"];
We can then simply compare the password words entered with the stored password and take the appropriate measures:
if (empty ($password)) {
Die ("No password entered");
}
ElseIf ($password!= $storedpass) {
Die ("Password incorrect");
}
else{
Header ("Location:securepage.htm")
}
? >
The first if statement handles an empty $password variable to prevent the submit button from being clicked when the input box is empty. If the user enters a password that does not match the stored one, then the second statement executes the code in parentheses and prints a message indicating that the password is incorrect. Finally, if the first two conditions are not satisfied, the script thinks the password must be correct and sends a redirect header (header) to the browser to open the HTML page in the example.
Before you can work here, you need to create a text file and put it in the same directory as the PHP file. It needs to contain the password you currently want to use as plain text, and you should refer to the PHP file name. Save all of these files, and then open the HTML page in a browser and experiment with the form. The page should work as intended.
When you enter the correct password, if you get an error message, the content is:
"Warning:cannot Modify header Information-headers already sent by (Thepathtoyourphpfile)"
This means that you need to set the output-buffering in the php.ini file located in your Windows directory to "on".
Four, encryption
Now we're starting to analyze the encryption issues mentioned earlier. PHP has some built-in MD5 methods. In this way, we can easily use these functions to convert a password that is entered by a visitor before comparing it to a stored password.
MD5 is a one-way hashing algorithm, which means that passwords can be encrypted in just one Direction-from plain text to encrypted text, and in another direction. However, this is not going to make it unbreakable. This encryption is easily cracked by brute force or by a dictionary attack, but it is still relatively secure. You can add the following line to the $PASSWORD variable's declaration statement:
$MD 5password = (MD5 ($password));
This allows you to save an encrypted version of the content entered into the text box into the variable $md5password. Now, you need to modify your if statement so that it compares the stored password with the new encrypted password:
if (empty ($password))
{
Die ("No password entered");
}
ElseIf ($md 5password!= $storedpass)
{
Die ("Password incorrect");
}
Else
{
Header ("Location:securepage.htm");
}
As you can see, we only change the variables in the ElseIf part of the statement. This is because even an empty input variable is hashed into a 32-bit value, so $md5variable can never be empty-even if you click the Submit button before entering any text into the input field.
Now all you have to do is find the hash value of the password that you want to store in the text file pass.txt. To do this, you can comment out the entire if statement and add an echo statement to display the encrypted password on the screen. You can then copy the encrypted string and save it to the password file. However, you must remember to uncomment the IF statement and delete the echo call before using the script.
The above scripting Framework provides enough for the methods discussed in this article. In addition, the test files discussed in this article, although very basic, can be easily added to an existing page; You can paste it into a window and sort it out to match the rest of your home page, And you might include a timer function-it waits a fixed amount of time before redirecting the visitor to a secure page, and displays a message indicating that the password is correct. You can also include a similar set of functions to overload the initial page.
In short, you can use the scripts provided in this article to restrict access to specific pages in your site structure. Although this method does not provide a secure username/password authentication method for a database, it means that you must send the password to anyone who wants to access the Security page, but it does take a very small amount of time and coding to provide a simple security layer.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.