/////////////////////////////////////////////////////
//                                                 //
//           P H P P a g e P r o t e c t           //
//                 Version 1.0.0                   //
//                                                 //
//                 Copyright 2002                  //
//                  David Broker                   //
//          http://php.warpedweb.net/              //
//              All Rights Reserved                //
//                                                 //
//          In using this script you               //
//           agree to the following:               //
//                                                 //
//      This script may be used and modified       //
//              freely as long as this             //
//             copyright remains intact.           //
//                                                 //
//     You may not distibute this script, or       //
//           any modifications of it.              //
//                                                 //
//   A link must be provided on the website that   //
//             uses the script to:                 //
//          http://php.warpedweb.net/              //
//                                                 //
//      Any breaches of these conditions           //
//        will result in legal action.             //
//                                                 //
//      This script is distributed with            //
//        no warranty, free of charge.             //
//                                                 //
/////////////////////////////////////////////////////

Contents:

• About
• Included Files
• Installation/Usage
• Change log
• To do

About

PHPPageProtect is a user authentication system used to password protect selected pages.
Pages are protected by adding a single line of PHP script at the top of the page.
A web-based administration section allows for the creation of new users, deleting users, changing passwords and viewing logs.
User information and logs are stored in a flatfile (text) database.

Included Files

1. readme.txt
   This file.
2. admin.php
   The adminstration script.
3. login.php
   The script which logs in/out the user.
4. protect.php
   The script which provides the page protection.
5. conf.php
   The configuration file.
6. eg.php
   An example of a protected page.
7. firstpage.php
   The first page you see when you log on.
8. log.dat
   The file where login records are stored.
9. users.dat
   Where username/encrytped passwords are stored.

Installation

1. Requirements:
   • PHP Version 4.0.2 or greater.
     This is needed because of the functions used in the script are not valid in PHP3
   • Session Support
     Your webserver must have session support enabled and working.
   • VERY basic knowledge of PHP.
     This is required to install the script. You need to edit a few lines of the script, all of which is described in detail.
2. Configure the scripts:
   1. First open admin.php, login.php and protect.php in a text editor.
      Edit the $config variable to point to the config file. If the conf.php file is in the same directory as admin.php, login.php and protect.php then you can leave these as they are.

      EG: $conf = "c:\\path\\to\\conf.php";

   2. Next open conf.php in a text editor.
      There are several variables to edit here:
      1. Set the administration username and password (case sensitive):

         EG: $admin_username = "Username";
             $admin_password = "PaSsWoRd

      2. The full server path to the users.dat file:

         EG:  $user_data = "c:\\path\\to\\users.dat";
              $user_data = "/path/to/users.dat";

      3. The URL of the first page the user will see when they login:

         EG: $first_page = "http://www.example.com/firstpage.php";

      4. The URL of the login page:

         EG: $login_page = "http://www.example.com/login.php";

      5. Whether or not you wish to log user logins (true/false):

         EG: $log_login = true;

      6. If you set $log_login to true, you must specify a log file path:

         EG: $log_file = "c:\\path\\to\\log.dat";
             $log_file = "/home/path/to/log.dat";

3. Installing the scripts:
   1. Upload those files to your server.
   2. Change file permissions:
      On Unix the users.dat and log.dat files need to be writable by the webserver (usually "nobody").
      On Windows 9X/ME no permissions need to be changed.
      On Windows NT/2000 the users.dat and log.dat files need to be writeable by the webserver (usually "INET_USR" or similar)
4. Using the scripts:
   Now we need to use the scripts.
   • Administration
     
     First point your browser to the uploaded admin script:

     http://www.example.com/admin.php

     Log in using the selected username and password.
     • Create a new user.
       To create a new user simple fill out the information in the "New User" form and click "Create".
     • Delete a user.
       Simply check the box next to the username you wish to delete and click "Delete".
     • Change password.
       Select the username from the list and enter the new password in the password and confirm password boxes then click change.
     • View Log.
       If you have selected to log the login attempts, the you can view the log file by clicking "View Log".
     • Clear log.
       Click the button to clear the log file (Caution: there is no undo feature).
     • Administrator can also log on through the "login" section, but the it is not logged.
   • Protecting a Page
     • To protect a page you must simply include this line at the very top of the page you wish to protect:

       <?php include("protect.php"); ?>

       It is very important that there are not blank lines or spaces before the above line.
       If protect.php is in a directory different to the one the page is in the line will need to look like this:

       <?php include("directory/protect.php"); ?>

       
       If protect.php is in a directory above the one the page is currently in it may need to look like this:

       <?php include("../directory/protect.php"); ?>

     • Page protect functions: Protect pages have access to a number of PHP functions used to display the persons name, username or logout URL.
       You use them in the page like this:

       >?php function_name(); ?>

       See example.php for a protected file that uses all the functions.
       • print_name();
         Print users name, ie: "David Broker".
       • print_username();
         Prints the username, ie: "david"
       • print_logout_url();
         Prints the URL to logout.
         Example usage:

         <a href="<?php print_logout_url(); ?>">Click here to logout</a>

       • print_first_page_url();
         Prints the URL of the page the user first sees when they login.
   • Logging On/Off
     To login simply open login.php in your browser and enter the username and password that you created in the Administration section.
     • If sucessful you will be brought to the firstpage that was specifed in the configuration.
     • If unsucessful an appropriate error message will be shown.
     • To logout you need to have a page which call the print_logout_url() function, as shown above.

ChangeLog

• 26-01-02 V1.0.0b
  • Fixed small session destroy bug.
  • Removed accidental > at the end of conf.php
• 27-11-01 V1.0.0
  • Initial Release.
  • A user authentication system.
  • Logon script starts/ends session.
  • Protection script gets that session and shows page, or shows unauth message.
  • Admin script for user admin/log viewing.
  • Text file database. MD5 passwords.

To Do

• User change own password.
• More admin options (edit user).
• Lost password options.
• More information stored on user.
• Email confirmation of registration.
• Online register requests.
• DB Support