PHP]Secure page password protection

1. <?php
2. echo "<body bgcolor=black>";
3.  
4. session_start(); //starts the session. you will get a PHPSESSID cookie
5.  
6. $admin_user_name = "root"; //Change this with the username you want
7. $admin_password = "toor"; //Change this with the password you want
8.  
9. if (!isset($HTTP_SESSION_VARS['user'])) { //If user is not blank
10.  
11. if(isset($HTTP_POST_VARS['u_name'])) //If user is not blank
12.  
13. $u_name = $HTTP_POST_VARS['u_name']; //Set $u_name
14.  
15.  
16. if(isset($HTTP_POST_VARS['u_password'])) //If password is not blank
17.  
18. $u_password = $HTTP_POST_VARS['u_password']; // Set Password
19.  
20.  
21. if(!isset($u_name)) {
22.  
23. ?>
24.  
25. <HTML>
26.  
27. <HEAD>
28.  
29. <TITLE><?php echo $HTTP_SERVER_VARS['HTTP_HOST']; ?> : Authentication Required</TITLE>
30.  
31. </HEAD>
32.  
33. <BODY bgcolor=#ffffff>
34.  
35. <table border=0 cellspacing=0 cellpadding=0 width=100%>
36.  
37. <TR><TD>
38.  
39. <font face=verdana size=2><B> </b> </font></td>
40.  
41. </tr></table>
42.  
43. <P></P>
44.  
45. <font face=verdana size=2>
46.  
47. <center>
48.  
49. <?php
50.  
51. $form_to = "http://$HTTP_SERVER_VARS[HTTP_HOST]$HTTP_SERVER_VARS[PHP_SELF]";
52.  
53.  
54. if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
55.  
56. $form_to = $form_to ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
57.  
58.  
59. ?>
60.  
61. <form method=post action=<?php echo $form_to; ?>>
62.  
63. <table border=0 width=350>
64.  
65. <TR>
66.  
67. <TD><font face=verdana size=2><B><font color=white>User Name</font></B></font></TD>
68.  
69. <TD><font face=verdana size=2><input type=text name=u_name size=20></font></TD></TR>
70.  
71. <TR>
72.  
73. <TD><font face=verdana size=2><B><font color=white>Password</font></B></font></TD>
74.  
75. <TD><font face=verdana size=2><input type=password name=u_password size=20></font></TD>
76.  
77. </TR>
78.  
79. </table>
80.  
81. <input type=submit value=Login></form>
82.  
83. </center>
84.  
85. </font>
86.  
87. </BODY>
88.  
89. </HTML>
90.  
91. <?php
92.  
93. exit;
94.  
95. }
96.  
97. else {
98.  
99.  
100. function login_error($host,$php_self) { //function for returning error page
101.  
102. echo "<HTML><HEAD>
103.  
104. <TITLE>$host : Login</TITLE>
105.  
106. </HEAD><BODY bgcolor=white>
107.  
108. <table border=0 cellspacing=0 cellpadding=0 width=100%>
109.  
110. <TR><TD align=left>
111.  
112. <font color=white><font face=verdana size=2><B> You Need to login to view this page. </b> </font></font></td>
113.  
114. </tr></table>
115.  
116. <P></P>
117.  
118. <font face=verdana size=2>
119.  
120. <center>";
121.  
122.  
123.  
124. echo "Error: You are not Logged in!
125.  
126. <font color=white><B><a href=$php_self>Click here</a></b> to login again.<P></font>
127.  
128. </center>
129.  
130. </font>
131.  
132. </BODY>
133.  
134. </HTML>";
135.  
136. session_unregister("adb_password"); //Unregister's the password you entered from the session since its invalid
137.  
138. session_unregister("user"); //Unregister's the username you entered from the session since its invalid
139.  
140. exit;
141.  
142. }
143.  
144.  
145.  
146. $user_checked_passed = false;
147.  
148.  
149.  
150.  
151.  
152. if(isset($HTTP_SESSION_VARS['adb_password'])) { //if password is not blank
153.  
154.  
155.  
156. $adb_session_password = $HTTP_SESSION_VARS['adb_password'];
157.  
158. $adb_session_user = $HTTP_SESSION_VARS['user'];
159.  
160.  
161.  
162.  
163.  
164. if($admin_password != $adb_session_password) //if entered password not equal to the page password then
165.  
166. login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']); //calls the login_error function
167.  
168. else {
169.  
170. $user_checked_passed = true;
171.  
172. }
173.  
174. }
175.  
176.  
177.  
178.  
179.  
180. if($user_checked_passed == false) {
181.  
182.  
183.  
184. if(strlen($u_name)< 2)
185.  
186. login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
187.  
188.  
189.  
190. if(isset($admin_password)) {
191.  
192.  
193.  
194. if($admin_password == $u_password) {
195.  
196.  
197.  
198. session_register("adb_password");
199.  
200. session_register("user");
201.  
202.  
203.  
204. $adb_password = $admin_password;
205.  
206. $user = $u_name;
207.  
208. }
209.  
210. else {
211.  
212. login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
213.  
214. //logs ip to iplog.txt for more security of who wanted to access the page
215. $fp = fopen('IPLog.txt', 'a');
216. fwrite($fp, $_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n");
217. fclose($fp);
218.  
219. }
220.  
221. }
222.  
223. else {
224.  
225. login_error($HTTP_SERVER_VARS['HTTP_HOST'],$HTTP_SERVER_VARS['PHP_SELF']);
226.  
227. //logs ip to iplog.txt for more security of who wanted to access the page
228. $fp = fopen('IPLog.txt', 'a');
229. fwrite($fp, $_SERVER['REMOTE_ADDR']." Accessed at ".date("j F, Y, g:i a")."\n");
230. fclose($fp);
231. }
232.  
233.  
234. $page_location = $HTTP_SERVER_VARS['PHP_SELF'];
235.  
236. if(isset($HTTP_SERVER_VARS["QUERY_STRING"]))
237.  
238. $page_location = $page_location ."?". $HTTP_SERVER_VARS["QUERY_STRING"];
239.  
240. header ("Location: ". $page_location);
241.  
242. }
243. }
244. }
245.  
246. ?>