What is the best way to password protect folder/page using php without a db or username
You could use something like this:
//access.php<?php//put sha1() encrypted password here - example is 'hello'$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';session_start();if (!isset($_SESSION['loggedIn'])) { $_SESSION['loggedIn'] = false;}if (isset($_POST['password'])) { if (sha1($_POST['password']) == $password) { $_SESSION['loggedIn'] = true; } else { die ('Incorrect password'); }} if (!$_SESSION['loggedIn']): ?><html><head><title>Login</title></head> <body> <p>You need to login</p> <form method="post"> Password: <input type="password" name="password"> <br /> <input type="submit" name="submit" value="Login"> </form> </body></html><?phpexit();endif;?>
Then on each file you want to protect, put at the top:
<?phprequire('access.php');?>secret text
It isn't a very nice solution, but it might do what you want
Edit
You could add a logout.php page like:
<?php session_start(); $_SESSION['loggedIn'] = false;?>You have logged out
Assuming you're on Apache:
If you want to avoid cookies, sessions and don't want to play with .htaccess files, you can also do http authentication soley with PHP:
http://www.php.net/manual/en/features.http-auth.php
You can hard code the password into the file and change it as needed, or include it from a file not in your web_accessible directory.
The downside is you don't have the ability to format the "login" screen - it will be a standard http authentication dialog box