I am building a website for someone and they want me to password protect the website. The problem I am running into is I don't have access to a database, and the way they have everything set up I can't use .htaccess. Or at least I can't get it to work. Is there any other way to password protect it without using these two things using PHP? I'm very new to PHP so please don't answer with some technical jargon. It will only lose me. I think I can use PHP! The way their whole thing is set up is very weird and I have never seen anything like it before. I'm just trying to work around it because it would be too much of a big deal to try to get them to change anything. Thanks for any help!
Best advice would be to get htaccess with htpasswd working. It would be much more secure than anything you can code (no offense). Option outside of that would be to create a login resorting to a file based list of users. Not the ideal solution and it isn't scalable.
javascript :Z, but if person is smart and takes a look into the sourcecode, he'll see the password , not the ideal solution.
Okay. I'll have to try to get the .htaccess working. I was really hoping there was an additional way to do it that would be secure but I guess not. Thanks for the help guys.
You can use session variables to store cookies and possibly do MDB decryption based off keys if needed. But again you still need to check against something. It is possible to store the file in a secure location, then md5 off a delimiter creating a user/password. Another solution is to just use a remote mysql db. Surely you know or have another host solution?
If you can mantain a session then you can have a login portal set the necessary session flag to openup whatever you want protected. Declare the password and username as constants and just compare them to the values submited at the portal. It's no big deal and shouldn't be significantly less secure than a db method if done properly. Just be sure to change the password every so often, keep it hard to guess (mix caps, letters, and numbers), and regenerate the session id on each page to fight fixation and hijacking. If you can shut out all IPs but the ones you are using, all the better. You could use cookies if you have to, but that should be your last resort.