Run function after getting a password

Question

We have script http://site.com/ourscript.php

How to add something like "enter password" block on that page?

Just some simple, maybe popup.

Like, we open the page in browser, we should type password, if its ok - function will run.

It has to be done only inside requested php file, .htaccess should not be used.

Thanks.

Answer 1

This is about as simple as it gets:

<html>
    <body>

<?php if (isset($_POST['secret']) && $_POST['secret'] == "lolsecurity") { ?>

        <h1>Secret Page!</h1>
        <p>This type of password-protection is completely open to packet sniffing.</p>

<?php } else { ?>

        <form method="POST">
            <p>Enter Password:</p>
            <input type="password" name="secret">
            <input type="submit" value="Submit">
        </form>

<?php } ?>

    </body>
</html>

Answer 2

Here's a tutorial for a basic authentication system. I'm sure if you spend two minutes googling, you'll find about a million pre-made, ready-to-go PHP login systems.

If you want to create your own, authenticating a user generally requires the following:

• First set up a users table in your database where you store valid usernames and their passwords (as well as any other pertinent user information). Passwords should not be stored in plain text, but should generally be salted and hashed.
• Add a login form to your application. When a user successfully logs in (which you can determine by taking the given password, salting and hashing it as above, and comparing it to the value in the database), use cookies or session to keep track of a login token.
• On each page requiring authentication, the login token should be verified. If an invalid login token or no login token is given, redirect to the login form.