File encryption programs have been widely used on the site, which means using a database to store passwords and usernames. The details are as follows:
1. Introduction
Although in general, your website is often so simple that it does not require the use of a database at all; in some cases, your site may want to restrict access to certain pages. Generally, this means using a database to store passwords and usernames. However, you have an easier way - despite its a little less secure, it contains only very little encoding.
If you use a database in your own web application, you've already been able to store passwords and usernames somewhere and there is a way to authenticate visitors. But what should I do when the database cannot be guaranteed to be used due to the security or complexity of your site? There may be times when you just want some special people to access certain pages or areas of your site. To do this, a very simple way is to use a text file that stores the password and create a page to prompt the visitor to enter the password; if the password matches the content stored in the text file, the user is allowed to access the restricted page; otherwise, an appropriate message is displayed before starting to refresh the page to prohibit its access.
For further security, you can also use hashing to encrypt passwords stored in text files, so that if its contents are found to some extent, it will be difficult to identify. All of this can be built with PHP methods and requires only a very small amount of encoding.
Before officially starting, you need to create an environment to test and use PHP; so, you first need to install and configure a web server for PHP. Since Apache works well with PHP and is easy to install and configure, I recommend this solution.
Next, you need to create a page (similar to the image below) - it has a text box for receiving passwords from the visitor, and a submit button to send it to your PHP file. This can be either a new page or a part of an existing page on your website. A simple code block like the following should be sufficient:
<form name="passwordForm" method="post" action=""> <p>Password: <input type="password" name="password"> <input type="submit" name="Submit" value="Login"> </p> </form>
2. Create a PHP homepage
Next, you need to create a PHP homepage that does the actual work. Open a blank page in a text editor and then open a PHP block in a standard way:
As I mentioned before, PHP has a standard set of functions and methods for implementing file operations. Among them, the most important ones are fopen(), fread() and fclose() functions. In order to perform some kind of file operation, we need to open it first, and it is obvious that this is implemented using the fopen() function; and we must specify how to operate the file; reading the file is the most common task, but some additional flags can be used to tell the program whether to place the file pointer at the beginning or the end of the file, and whether to create the file if the file does not exist yet. However, in this case, all we need to do is open the text file containing the password word and read it.
Then, first create a variable to the specified text file path:
$fileloc = "/apachesite/docs/"
Next, create a variable to store the file pointer:
$filetoread = fopen($fileloc, "r") or die("Could not open password file");
You can also use the die method to end the script and if the operation fails for some reason, an appropriate message will be printed on the screen. Once the file is opened, you need to read its contents in order to compare it with what you entered as a password:
$storedpass = fread($filetoread, filesize($fileloc)) or die ("Could not read stored password");
You should set a variable to store the data in the file and call the fread() method (it has two parameters: file pointer and file length). You may (or may not) know the length of your password. To make future programming easier (when password words need to be changed), you can use the filesize() method to get the file length. Once the file is no longer needed, close it immediately:
fclose($filetoread);
3. Use password
In order to use the password entered into the HTML form, you need to get it and store it in a variable. When we use the POST method to send the user input content to the PHP script, we can use $_POST to get the entered password:
$password = $_POST["password"];
Then, we can simply compare the entered password word with the stored password word and take corresponding measures:
if (empty ($password)){
die ("No password entered");
}
elseif ($password != $storedpass){
die ("Password Incorrect");
}
else{
Header("Location: ")
}
The first if statement handles an empty $password variable to prevent the submit button from being clicked when the input box is empty. If the password entered by the user does not match the stored one, then the second statement executes the code in brackets and outputs a message to show that the password is wrong. Finally, if the first two conditions are not met, the script believes that the password must be correct and sends a redirect header to the browser to open the HTML page in the example.
Before this can work, you need to create a text file and put it in the same directory as the PHP file. It needs to include the password you currently want to use stored in plain text and should reference that PHP file name. Save all these files, then open the HTML page in a browser and experiment with the form. The page should work as expected.
When you enter the correct password, if you get an error message, its content is:
"Warning: Cannot modify header information - headers already sent by (thepathtoyourphpfile)"
This means that you need to set output-buffering to "on" in the file located in your Windows directory.
4. Encryption
Now, we start analyzing the encryption issues mentioned earlier. PHP has some built-in MD5 methods. In this way, we can easily convert these functions using these functions before comparing the password entered by the visitor with the stored password.
MD5 is a one-way hashing algorithm, which means that passwords can be encrypted in only one direction - from normal text to encrypted text, and in another direction is impossible. However, this does not make it indestructible. This kind of encryption is easily cracked in brute force or through dictionary attacks, but it is still relatively safe. You can add the following line to the declaration statement of the $password variable:
$md5password = (md5($password));
This allows you to save an encrypted version of the content entered into the text box to the variable $md5password. Now you need to modify your if statement so that it compares the stored password with the new encrypted password:
if (empty ($password))
{
die ("No password entered");
}
elseif ($md5password != $storedpass)
{
die ("Password Incorrect");
}
else
{
header("Location: ");
}
As you can see, we only changed the variables in the elseif part of the statement. This is because even an empty input variable is hashed into a 32-bit value, so $md5variable can never be empty, even if you click the submit button before entering any text into the input field.
Now all you need to do is find the hash value of that password you want to store in the text file. To do this, you can comment out the entire if statement and add an echo statement to display the encrypted password on the screen. You can then copy the encryption string and save it to the password file. However, you have to remember that before using the script, uncomment the if statement and delete the echo call.
As far as the methods discussed in this article are concerned, what the above script framework provides is sufficient. Additionally, the test files discussed in this article, although very basic, can be easily added to an existing page; you can paste it into a window and style it to match the rest of your homepage, and you may include a timing function - which waits for a fixed amount of time before redirecting the visitor to a secure page, while displaying a message indicating that the password is correct. You can also include a similar set of functions to overload the initial page.
In short, you can use the scripts provided in this article to restrict access to specific pages in your site structure. Although this method does not provide a secure username/password authentication method provided by a database, and it means you have to send the password to anyone who wants to access the secure page, it does take very little time and encoding to provide a simple layer of security.
Thank you for reading, I hope it can help you. Thank you for your support for this site!