 |
|
|
|
|
 |
This is a PHP, Sessions and MySQL based system to protect Your site from unwanted visitors.
The system is special because of the access method uses hash to send the password encrypted to the
server. The server send only a cookie containing a Session ID back to the client. All other
information is stored in a session file on the server. So, no authetification information but the session id
is send over Internet.
License
The client side of the system is based on the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" developed by Paul Johnston. The Javascript I downloaded is included in this solution as I
downloaded it from his site. NO changes are made.
Due to the fact that the MD5 script is free this script is also free to use. The copyright on the MD5
script remain at Paul Johnston.
If You plan to use the administration part however. This part is developed by me and the copyright
remains with me. It is also free to use, just keep it as it is and respect the copyright on it.
How it works
On the client the user logs in using the log in page. the password is hashed using the MD5 hash
encryption and together with the user name send to the server. On the server the PHP script checks
the existence of the user with the correct MD5 value in the database. This means that the password is stored
in the database in MD5 format and due to this completely unreadable. It is therefor not possible to retrieve
the password if You or your users have lost it. You have to set a new password in the database. If the user
exists and has send the correct "hash key", access is granted and stored in the session on the server.
All other pages need to check the session information. See the example files how on to do this
If a page
is accessed without access granted an error is raised and the user is redirected to the log in
page. No other information from the page is send to the user.
The user gets access, as may be expected, to ALL the pages that use this method of
protecting. To make the tool working for more levels you need to change the script.
Administration
In the package You will find a part (ppsadmin) to administrate Your accounts.
This administration part is complete and can be places in its own sub domain.
I think it is self
explaining.
The package contains:
- the MD5 script.
- a configuration file for Your database.
- A file to create the table and a first default administration account. You can run the file in
MySQL or load it into phpMyAdmin.
- example files to access the restricted area (index.php and index2.php)
- a log in screen.
- the administration part. start index.php to log in.
- this text as a read me file. Here You can find the default passwords as well.
- a NOT protected (clean_add.php) file to access Your user table if You lost your password. Save
this file local and NOT on the server
See a working demo
limitations
This free script has its limitations:
- only one level of access. This means that the user can access every page on your site using this script.
If a user knows the link to another page or has the link he can access this page as well even if it is not in
his menu
- the script has no possibility to assign special homepages for each user.
If you want speciail additions like the 2 mentioned above, please contact me for a price.
|
|
|
release 1.2.2
- clean_add.php. $_POST and $_GET lines moved to fix savings
release 1.2.1
- changePsw.php. The menu line added, the title on the right place.
- Error messages in server logs due to variable declarations fixed.
Release 1.2
- Added a Change Password file in the user and the admin area
- removed the need of Register_Globals. You can use the script now even on servers that do not support Register_Globals. The script now uses $_POST and $_GET to handle the send data.
- The pwd field in the log in windows is now cleaned before sending.
release 1.1
- changePsw.php
added to give your users the possibility to change their password
- add.php
redirection to correct list fixed
- edit.php
redirection to correct list fixed
change of password fixed. the password field is now empty. the password in the database is now only changed if You fill in a new password.
- delete.php
redirection to correct list fixed
- pps.inc.php
session variables fixed. If You have your own web server You will see that the correct sermon is stored in the session file on the server.
- common use
the control part to check logging in is moved to the beginning of the file (see index2.php) a model is provided in the file template.php
release 1.0
- initial release
see pps.txt for a description
|
|
|
To install the software, unzip the file and install the files on Your server following the instructions in the pps.txt file.
Create the table in Your database, remove the clean_add.php file from Your server
but keep a copy local.
Log in with the default account, create a new administrator and remove the default account.
If the file opens in ie WinZip instead of saving please right click the ling and use "save as" to save your copy.
Next You have to update all the files you want to protect with the first 6 lines and the last line from my index2.php.
All the files have to be of .php type to make them run in PHP
read the included installation description
|
|
|
|
|
|
|
|
|
|
|
|
Nederlands
Svenskt
English
Download