PHP implements encryption of text files and limits access to specific pages _ php instance

Source: Internet
Author: User
This article mainly introduces PHP to encrypt text files and restrict access to specific pages, which can restrict access to some pages. if you need it, you can understand it. The file encryption program has been widely used on the site, which means that a database is used to store passwords and usernames. The details are as follows:

I. INTRODUCTION

Although in general, your website is quite simple and does not require a database at all, in some cases, your website may want to restrict access to some pages. Generally, this means that a database is used to store passwords and user names. However, you have another easier method-although it is less secure, it only contains a very small amount of encoding.

If you use a database in your Web application, you can store passwords and usernames somewhere, and there is a way to authenticate visitors. However, what should I do if the database cannot be guaranteed because of the security or complexity of your site? Sometimes you only want some special people to access some pages or areas of your site. Therefore, a simple method is to use a text file that stores the password and create a page to prompt the visitor to enter the password. if the password matches the content stored in the text file, this allows the user to access restricted pages. Otherwise, an appropriate message is displayed before the page is refreshed to prohibit access.

For further security, you can also use the hash method to encrypt passwords stored in text files, so that if the content is found to some extent, it will also be difficult to find out. All of these can be built using the PHP method, and requires a very small amount of encoding.

Before the official start, you need to establish an environment to test and use PHP. Therefore, you must first install and configure a Web server for PHP. This solution is recommended because Apache works well with PHP and is easy to install and configure.

Next, you need to create a page (similar to)-It has a text box to receive the password from the visitor, and a submit button to send it to your php file. This can be either a new page or a part of an existing page on your website. The following simple code block should be enough:

<form name="passwordForm" method="post" action="restricted.php"><p>Password:<input type="password" name="password"><input type="submit" name="Submit" value="Login"></p></form>

2. create a PHP homepage

Next, you need to create a PHP homepage to complete the actual work. Open a blank page in a text editor and open a PHP block in the standard way:

As I mentioned earlier, PHP has a set of standard functions and methods for file operations. The most important functions are fopen (), fread (), and fclose. To perform a file operation, we need to open it first, and obviously, this is implemented using the fopen () function. Moreover, we must specify how to operate the file; read the file, reading a file is the most common task, but some additional symbols can be used to tell the program whether to put the file pointer at the beginning or the end of the file, and whether to create the file if the file does not exist. However, in this example, we need to open a text file containing the password and read it.

Then, create a variable to the path of the specified text file:

$fileloc = "/apachesite/docs/pass.txt"

Next, create a variable to store the file pointer:

$filetoread = fopen($fileloc, "r") or die("Could not open password file");

You can also use the die method to end the script and print an appropriate message on the screen if the operation fails for some reason. Once a file is opened, you need to read its content to compare it with the content entered in the form of a password:

$storedpass = fread($filetoread, filesize($fileloc)) or die ("Could not read stored password");

You should set a variable to store the data in the file and call the fread () method (which has two parameters: file pointer and file length ). You may or may not know the length of your password. To make future programming easier (when the password needs to be changed), you can use the filesize () method to get the file length. Once the file is no longer needed, close it immediately:

fclose($filetoread);

3. Use a password

To use the password entered in the HTML form, you need to get it and store it in a variable. When we use the POST method to send user input content to the PHP script, we can use $ _ POST to obtain the input password:

$password = $_POST["password"];

Then, we can simply compare the entered password with the stored password and take corresponding measures:

if (empty ($password)){die ("No password entered");}elseif ($password != $storedpass){die ("Password Incorrect");}else{Header("Location: securepage.htm")}

The first if statement processes an empty $ password variable to prevent the submit button from being clicked when the input box is empty. If the password entered by the user does not match the one stored, the second statement executes the code in parentheses and outputs a message indicating that the password is incorrect. Finally, if the first two conditions are not met, the script considers the password correct and sends a redirect header to the browser to open the HTML page in the example.

Before you can work, you need to create a text file and put it in the same directory as the php file. It must contain the password you want to store in plain text, and the PHP file name should be referenced. Save all these files, open the HTML page in a browser, and experiment with the form. The page should work as imagined.

When you enter the correct password, if you get an error message, the content is:

"Warning: Cannot modify header information-headers already sent by (thepathtoyourphpfile )"

This means that you need to set output-buffering in the php. ini file located in your Windows directory to "on ".

IV. Encryption

Now, let's analyze the encryption problems mentioned above. PHP has some built-in MD5 methods. In this way, before comparing the password entered by the visitor with the password stored, we can easily use these functions to convert it.

MD5 is a one-way hash algorithm, which means that the password can be encrypted in only one direction-from common text to encrypted text, but in another direction is impossible. However, this does not prevent it from being cracked. This type of encryption is prone to brute force attacks or dictionary attacks, but it is still relatively safe. You can add the following line to the declaration statement of the $ password variable:

$md5password = (md5($password));

In this way, you can save an encrypted version of the content entered in the text box to the variable $ md5password. Now, you need to modify your if statement so that it can compare the stored password with the new encrypted password:

if (empty ($password)){ die ("No password entered");}elseif ($md5password != $storedpass){ die ("Password Incorrect");}else{ header("Location: securepage.htm");}

As you can see, we only changed the variables in the elseif part of the statement. This is because even an empty input variable is hashed to a 32-bit value, so $ md5variable can never be empty-even if you click the submit button before entering any text into the input field.

Now, you can find the hash value of the password you want to store in your file pass.txt. Therefore, you can comment out the entire if statement and add an echo statement to display the encrypted password on the screen. Then, you can copy the encrypted string and save it to the password file. However, you must remember to uncomment the if statement and delete the echo call before using the script.

As far as the method discussed in this article is concerned, the above script framework provides enough. In addition, although the test files discussed in this article are very basic, the HTML page can be easily added to an existing page; you can paste it into a window and arrange its style to match the rest of your home page, and you may include a scheduled function that waits for a fixed period of time before redirecting visitors to a secure page, and displays a message indicating that the password is correct. You can also include a similar function set to reload the initial page.

In short, you can use the scripts provided in this article to restrict access to specific pages in your website structure. Although this method does not provide a secure user name/password authentication method provided by the database, and it means that you must send the password to anyone who wants to access the security page, however, it does take a lot of time and coding to provide a simple security layer.

Thank you for reading this article. I hope it will help you. thank you for your support for this site!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.