AlfieWebDevTips Homefor new and experienced developers
[Home Home] [Web Development Web Development ] [Code Generators Code Generators ] [Resources Resources ] [Contact Us Contact ] |WebDevTips Privacy Privacy |
Print This Page

You are here : Home - Web Development - PHP - Password Protect

Password Protect



This guide will step you through a simple protection script that you can use on your site. This assumes that you do not have the ability to use .htaccess which would be the preferred option.

This is not a 100% secure solution and as such, you should not rely on any scripts like these to protect sensitive data such as credit card details. Basically all you are doing is protecting your pages from general viewing by allowing only people with permission to access those pages.

I have catered for most eventualities in the script, such as those outlined here. So if you want to protect non sensitive information, for example, a family photo album that you only want friends and family to view then this is an easy solution.

Download page protect

Before we start there are some general things you should be aware of! No site is really secure. All we have to do is make it difficult for the casual hacker. Hacking is not my speciality but being aware of certain situations helps.

* The term hacker or cracker can be interpreted differently by whoever you ask, so for clarity I will use the term hacker as someone trying to gain access to areas they are not authorised to.

password tips

To give an example. You can have the best encryption system in the world but if you choose a weak password then all that protection isn't going to help. If you share your password with anyone, again you weaken security.

Hackers have tools such as dictionary scanners which basically try and access your site by guessing words or phrases. Try and use non dictionary words. Try to think of something that is relevant to you but when used as a password is meaningless, even to people that know you.

Replacing certain letters for numbers is a good idea but not perfect. For example change A to 4, I to 1, E to 3, S to 5 and so on. This is a start but by mo means perfect as there are tools that can detect that.

Ok say you have a dog called Rover and you want to use that for a password - after all you are unlikely to forget your dogs name. So, using the method above Rover would become R0v3r. As mentioned already, that could still be guessed. So lets make a bit harder for people to guess.

We have our base password R0v3r. Let's say that rover was born in January 1998. January 1998 could be written as 0198(mmyy), Jan98(mmmyy) Jan1998(mmmyyyy) and so on :) So what you can do is add that to the start or end of your dogs name (again replacing letters with numbers). For example R0v3rJ4n1998 or J4n98R0v3r - how you work it out is your choice.

Passwords are normally case sensitive so try to mix between uppercase and lowercase wherever possible (as long as your remember).

What we have though is a nonsense looking password to everyone except you. Try finding R0v3rJ4n1998 in a dictionary. Even with numbers translated back to letters, I don't think roverjan1988 will be there either :).

Your password is the first line of defence in making life difficult for unauthorised entry, so choose it carefully.

Next we'll look at the script theory.


overview
the theory
the login
validation
a protected page
the logout
If you like our script, please rate it!







Google
 

[back to top of page]   

[labelled with icra -  - this link will open in a new window] [RSS Content]

[Copyright © WebDevTips]