A simple PHP script that offers easy to install, secure website password protection for any kind of server. Offers quite a few optional features, like logging incorrect login attempts, brute force protection etc, but still remains very simple to implement.
PHP Password Features:
- Session based password – no need to re-enter
- Can protect multiple files
- Can use multiple passwords
- Optionally emails on incorrect password
- Optionally writes to log file on incorrect password
- User definable hammering protection
- Optional session timeout
To use the demos, go to demo2, you’ll be asked for a password, now close that window, go to demo1, enter the password ‘default’, you’ll see the protected file, now close it and go back to demo2 – because you entered the password, demo2 now lets you in.
If you like this script, please vote for it on hotscripts.net
#1 by Alex on July 30, 2009 - 7:37 pm
How do you set the session length in the program? As entering 30 in this varailble did not seem to have any effect
$_SESSION['mpass_session_expires'] = “”;
#2 by speedy18us on July 31, 2009 - 11:58 pm
sorry to inform you but this script is not protected against hammering. if i disable cookie, there will be no session and i could try some hammering all day. i just did :)
#3 by user24 on August 3, 2009 - 3:03 am
You are correct, but there’s nothing anybody can do about that. Every password script in the world will suffer the same problem. People can connect via 100,000 proxies, what can I do to stop that?
#4 by Craig on December 4, 2009 - 7:15 am
Cookieless sessions?
http://myles.eftos.id.au/blog/2005/11/26/cookie-less-sessions-in-php/
Or check force user to have cookies enabled, otherwise no login attempts allowed.
If quote “there will be no session” unquote, can you even login? Therefore just hammering at “nothing” lol
Just a thought…
#5 by danoli3 on August 31, 2009 - 12:24 am
hey man, I can’t get this to work on my local domain,
apache 2.2 and php 5.3.0.
:(
#6 by MWP_Designer on June 13, 2010 - 4:45 pm
I like your script and would like to make some modifications and looking for support. 1.) To force user to have cookies enabled or else echo error message. 2.) Option to display error messages for incorrect entered password. 3.) How would I include this file in the settings.php and all pages that was to be protected would have to enter password. The option of logging out would be? What I am in the process of creating is a file that opens two config files for editing which are (php) to modify content for days of the week. Thank you in advance for any support or direction…..
#7 by Jety on December 19, 2010 - 8:24 am
Thanks for this script, I have just used it to secure my contacts page with phone numbers of my friends and works very well.
#8 by Stan Szymczyk on March 14, 2011 - 7:08 pm
How can I download the php pass? I cant find it
thanks
#9 by Abbs on June 9, 2011 - 7:20 pm
I really need such a password protection programme but after innumerable bad experiences with such software (malware, I should call it!), I’m afraid to download it. Comment verification would be fantastic, even though this seems like the real deal. Thanks for sharing,
Abbs
My website: SEO Cape Town
#10 by dean on August 13, 2012 - 1:04 pm
To download click source…. it is tiny font next to the demo text.
#11 by UK corporate photography on August 6, 2011 - 11:42 am
Where do i go to download the php password? Mark.
#12 by Chinmay on December 15, 2011 - 6:15 pm
Its awesome dude…
Surely I will follow this all.
Thanks…
:)
#13 by Itexus on January 3, 2012 - 11:13 pm
Damn, cannot get it to work.. well written script, i really like it as i read trough it but only gets: “0 && !empty($session_expires) && mktime()>$session_expires) || em” and bla bla bla.. :(
#14 by mikenco on January 25, 2012 - 11:30 pm
Great little script, perfect for keeping out general users. Have already put it in place. Thanks :)
#15 by dean on August 13, 2012 - 1:01 pm
To download click source…. it is tiny font next to the demo text.
I have it some real instructions would co a long way with people