I have one mailbomber script When i hit my web address/mail.php is automatically open But now i want to password protect Mean when i click my website/mail.php it should ask username and password How to do that?
Assuming you have enough HTML and PHP knowledge (Syntax wise) - 1) Set the user name and password in database or variable 2) Create a login form 3) Get the form data using $_POST global in php 4) Check if supplied user credentials are same as stored info 5) if yes then grant access, if no then redirect user to login page A very simple Login structure would go like this : // login.php <?php session_start(); // Stored User crendentials $userName = "User"; $password = md5("Password"); if(isset($_POST['userName'])){ // capture the login data $suppliedUserName = $_POST['userName']; $suppliedPassword = md5($_POST['password']); // Check if supplied information is same as stored information if(($suppliedUserName == $userName) && ($suppliedPassword == $password)){ // Info matched grant access $_SESSION['isLoggedin'] = true; } else{ // Info did not match show error $error = "The user name or password did not match"; } } ?> // access.php <?php session_start(); if($_SESSION['isLoggedin']){ // user is logged in, grant him access } else{ // user is not logged in, redirect him to login page } ?> // mail.php <?php require_once 'access.php'; // rest of your code goes here ?> PHP: I dont suggest you to copy/paste this code. You usually want to filter user input to prevent XSS and SQL injection attempts. I also dont suggest you to store the login info in variables, store them in database instead.
Does it need to be username and password protection? IP address protection is very easy: if($_SERVER['REMOTE_ADDR'] != "192.168.0.1"){ die('You are not authorised to view this page!'); } PHP: Have that before any other code and away you go. Obviously replace that IP address with your own or a selection of IP addresses if you know the static addresses you'll be connecting from. If anyone compromises his PHP script (thus hosted files) they most likely have access to his database credentials so I think that's an overly-complicated solution... unless he truly needs multiple users and passwords accessing the same script.
Yes, IP address based access would be relatively easier, but remember, its very easy to fake your IP address, thus bypassing this protection. It's just what I suggest, its certainly up to him what he finds best for his needs.
I don't know much about IP-spoofing I'll admit but I don't understand how the recipient can recieve data that's being sent to a spoofed address; wouldn't they need to've compromised the network or one of its routes so that the impostor could recieve data as well as submit requests? Yep; understood. There are lots of good ideas here for the O.P. to choose from based on their needs/skills.