|
|
This is a PHP, Sessions and MySQL based system to protect Your site from unwanted visitors.
The system is special because of the access method uses hash to send the password encripted to the server.
The server send only a cookie containing a SessionID back to the client. All other information is stored in a sessionfile on the server. So, no authetification information but the session id is send over Internet.
License
The client side of the system is based on the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" developed by Paul Johnston. The Javascript I downloaded is included in this solution as I donwloaded it from his site. NO changes are made.
Du to the fact that the MD5 script is free this script is also free to use. The copyright on the MD5 script remain at Paul Johnston.
If You plan to use the administration part however. This part is developed by me and the copyright remain at me. It is also free to use, just keep it as it is and respect the copyright on it.
How it works
On the client the user logs in using the login page. the password is hashed using the MD5 hash encription and together with the username send to the server. On the server the PHP script checkes the existens of the user with the correct MD5 value in the database. This means that the password is stored in the database in MD5 format and due to this completely unreadeble. It is therefor not possible to retrieve the password if You or your users have lost it. You have to set a new password in the database. If the user exists and has send the correct "hashkey", access is granted and stored in the session on the server.
All other pages need to check the session information. See the example files how on to do this
If a page is accessed without access granted an error is raised and the user is redirected to the login page. No other information from the page is send to the user.
Administration
In the packedge You will find a part (ppsadmin) to administrate Your accounts.
This administration part is complete and can be places in its own subdomain.
I think it is self explaining.
The packedge contains:
- the MD5 script.
- a configuration file for Your database.
- A file to create the table and a first default administration account. You can run the file in MySQL or load it into phpMyAdmin.
- example files to access the restriced area (index.php and index2.php)
- a login screen.
- the administration part. start index.php to login.
- this text as a readme file. Here You can find the default passwords as well.
- a NOT protected (clean_add.php) file to access Your usertable if You lost your password. Save this file local and NOT on the server
See a working demo
|
|
|
|
release 1.1
- changePsw.php
added to give your users the possibility to change their password
- add.php
redirection to correct list fixed
- edit.php
redirection to correct list fixed
change of password fixed. the password field is now empty. the password in the database is now only changed if You fill in a new password.
- delete.php
redirection to correct list fixed
- pps.inc.php
sessionvariables fixed. If You have your own webserver You will see that the correct usermname is stored in the sessionfile on the server.
- common use
the control parts to check inlogning is moved to the beginning of the file (see index2.php) a model is profided in the file template.php
release 1.0
- initial release
see pps.txt for a description
|
|
|
|
|
More info can be found on http://pajhome.org.uk/crypt/md5 where Paul Johnston
presents ie. his Javascript MD5 encription script. Here You can find the original MD5 script and other scripts.
|
|
|
To download the file just click on it and save it on your computer.
To install the software, unzip the file and install the files on Your server,
Create the table in Your database, remove the clean_add.php file from Your server
but keer a copy local.
Login with the default account, create a new administrator and remove the default account.
|
|
|
PPS11.ZIP