A simple PHP script that offers easy to install, secure website password protection for any kind of server. Offers quite a few optional features, like logging incorrect login attempts, brute force protection etc, but still remains very simple to implement.
PHP Password Features:
- Session based password – no need to re-enter
- Can protect multiple files
- Can use multiple passwords
- Optionally emails on incorrect password
- Optionally writes to log file on incorrect password
- User definable hammering protection
- Optional session timeout
To use the demos, go to demo2, you’ll be asked for a password, now close that window, go to demo1, enter the password ‘default’, you’ll see the protected file, now close it and go back to demo2 – because you entered the password, demo2 now lets you in.
If you like this script, please vote for it on hotscripts.net
#1 by Alex on July 30th, 2009
How do you set the session length in the program? As entering 30 in this varailble did not seem to have any effect
$_SESSION['mpass_session_expires'] = “”;
#2 by speedy18us on July 31st, 2009
sorry to inform you but this script is not protected against hammering. if i disable cookie, there will be no session and i could try some hammering all day. i just did :)
#3 by user24 on August 3rd, 2009
You are correct, but there’s nothing anybody can do about that. Every password script in the world will suffer the same problem. People can connect via 100,000 proxies, what can I do to stop that?
#4 by Craig on December 4th, 2009
Cookieless sessions?
http://myles.eftos.id.au/blog/2005/11/26/cookie-less-sessions-in-php/
Or check force user to have cookies enabled, otherwise no login attempts allowed.
If quote “there will be no session” unquote, can you even login? Therefore just hammering at “nothing” lol
Just a thought…
#5 by danoli3 on August 31st, 2009
hey man, I can’t get this to work on my local domain,
apache 2.2 and php 5.3.0.
:(