Show DevBest [PHP] Login Script (no MySQL needed)

[Weasel]

A while ago someone posted a request, and I wrote a little script for him to secure his pages with a login script, which doesn't need a MySQL database. So why not make a release thread for it, so people can find it.

Note: if you want to add more then 3 users, just simply add another line like this underneath the others:

$user["admin4"] = "password";

Make a new file security.php, and add:

<?php
session_start();
 
$user["admin1"] = "password";
$user["admin2"] = "password";
$user["admin3"] = "password";
 
if (!isset($_SESSION['logged_in']))
{
    echo '<h1>Login</h1>';
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
        if (empty($_POST['username']) || empty($_POST['password']))
        {
            echo '<span style="color:red; font-weight: bold">Please fill in all fields!</span>';
        }
        elseif ($user[$_POST['username']] != $_POST['password'])
        {
            echo '<span style="color:red; font-weight: bold">Your username/password is wrong!</span>';
        }
        else
        {
            header("Refresh: 1");
            $_SESSION['ingelogd'] = true;
            echo '<span style="color:green; font-weight: bold">You are now logged in!</span>';
        }
    }
    else
    {
        exit('You need to log-in to view this page.<br /><br />
        <form method="POST" action=""><p>
        Username:<br />
        <input type="text" name="username" /><br /><br />
        Password:<br />
        <input type="password" name="password" /><br /><br />
        <input type="submit" value="Login" /> <input type="reset" value="Empty fields" />
        </form>');
    }
}
?>

Now every page you want to secure, add the following on top of that page:

<?php
include("security.php");
?>

And if you want a logout page, make logout.php and add:

<?php
unset($_SESSION['logged_in']);
session_destroy();
echo "You have succesfully logged out.";
header ("Refresh: 5; index.php");
?>

And add a link to the logout page in your layout:

<a href="logout.php">Log out</a>

If you have any questions/feedback, please post a comment.

 

[Beast]

Not bad is the security good?

 

[Aiwa]

I'm sure this will help someone at some point.

 

[Weasel]

Not bad is the security good?

This is just a simple login script, and as it doesn't has a MySQL database, they can't use SQL injections and stuff like that. So yes, I would say the security is good.

 

[Sysode]

Pretty neat if you want pages that contain details to something, that way you can limit the amount of users and control there passwords easily. Simple and sweet

 

[Leader]

ima totally use this for my adminCP