<?php
##################################################################
# SETTINGS START
##################################################################
// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
'admin' => 'admin'
);
// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);
// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.example.com/');
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
##################################################################
# SETTINGS END
##################################################################
///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
// logout?
if(isset($_GET['logout'])) {
setcookie("verify", '', $timeout, '/'); // clear password;
header('Location: ' . LOGOUT_URL);
exit();
}
if(!function_exists('showLoginPasswordProtect')) {
// show login form
function showLoginPasswordProtect($error_msg) {
?>
<html>
<head>
<title>Admin Control Panel</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body style="text-align:center">
<style>
input { border: 1px solid black; }
</style>
<form method="post">
<h1>Please enter password to access this page</h1>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
) {
showLoginPasswordProtect("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
// So need to clear password protector variables
unset($_POST['access_login']);
unset($_POST['access_password']);
unset($_POST['Submit']);
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLoginPasswordProtect("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFORMATION as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLoginPasswordProtect("");
}
}
?>
Tag Archive for password
password protect
Category: Uncategorized |
Tags: password
Single-Page Password Protection
<html>
<head>
<title>Private Page</title>
</head>
<body>
<?php
$password = "phpmac";
if (!isset($_POST['submit'])) {
?>
<form action="" method="POST">
Enter the Password: <input type="password" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
} else {
if ($_POST['password'] == $password) {
?>
Secret content!
<?php
} else {
?>
<form action="" method="POST">
Enter the Password: <input type="password" name="password"><br>
<input type="submit" name="submit">
</form>
<?php
}
}
?>
</body>
</html>
Password Protect Folder / Directory with htaccess and htpasswd on Apache and Linux / Unix
Step 1 - Create .htaccess file in folder you want to protect, copy the code and paste the code below, and then set server path to the file AuthUserFile /path/to/.htpasswd AuthName "Restricted Area" AuthType Basic Require valid-user Step 2 - Open Terminal, go to the directory you want to protect, and enter the following (changing the username to whatever you want). Enter the password upon prompting. htpasswd -c .htpasswd username
Quick, Simple Password Generator
import string from random import choice size = 9 ''.join([choice(string.letters + string.digits) for i in range(size)])
Generate a Unambiguous Random Password
function random_password($len = 7, $mixed_case = false)
{
$a = "abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789";
if(!$mixed_case) $a = strtolower($a)
$out = "";
for($i = 0; $i < $len; $i++)
$out .= $a[rand(0, strlen($a))];
return $out;
}
ios7crypt.rb
#!/usr/bin/env ruby
# Author:: Andrew Pennebaker
# Copyright:: Copyright 2007 Andrew Pennebaker
# License:: GPL
#
# == Synopsis
#
# ios7crypt: encrypts and decrypts passwords with Cisco IOS7 algorithm
#
# == Usage
#
# ios7crypt [OPTIONS]
#
# --help, -h:
# show help
#
# --encrypt, -e <password1> <password2> <password3> ...:
# prints out the encrypted passwords as hashes
#
# --decrypt, -d <hash1> <hash2> <hash3> ...:
# prints out the decrypted hashes as passwords
require "getoptlong"
require "rdoc/usage"
$xlat=[
0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,
0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,
0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53,
0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36,
0x39, 0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76,
0x39, 0x38, 0x37, 0x33, 0x32, 0x35, 0x34, 0x6b,
0x3b, 0x66, 0x67, 0x38, 0x37
]
def encrypt(password)
seed=rand(16)
password=password[0, 11]
hash=(0 .. (password.length-1)).collect { |i| $xlat[(seed+i)%$xlat.length] ^ password[i] }
return format("%02d", seed) + hash.collect { |e| format("%02x", e) }.join("")
end
def decrypt(hash)
seed=hash[0, 2].to_i
hash=hash[2, hash.length-1]
pairs=(0 .. (hash.length/2-1)).collect { |i| hash[i*2, 2].to_i(16) }
decrypted=(0 .. (pairs.length-1)).collect { |i| $xlat[(seed+i)%$xlat.length] ^ pairs[i] }
return (decrypted.collect { |e| e.chr }).join("")
end
opts=GetoptLong.new(
["--help", "-h", GetoptLong::NO_ARGUMENT],
["--encrypt", "-e", GetoptLong::NO_ARGUMENT],
["--decrypt", "-d", GetoptLong::NO_ARGUMENT]
)
mode = :help
opts.each do |option, value|
case option
when "--help"
RDoc::usage
when "--encrypt"
mode = :encrypt
when "--decrypt"
mode = :decrypt
end
end
case mode
when :help
RDoc::usage
when :encrypt
ARGV.each { |arg| puts encrypt(arg) }
when :decrypt
ARGV.each { |arg| puts decrypt(arg) }
end
wget with username and password
wget <a href="http://MYUSERNAME:MYPASSWORD@somesite.org/
" >http://MYUSERNAME:MYPASSWORD@somesite.org/
source
Category: Uncategorized |
Tags: agents, authentication, automation, Bash, batch, cygwin, download, linux, one-liners, password, wget
Cross platform secure password storage
A quicker method that also works cross-platform is to use OpenSSL (which macos includes). To encypt a list of secrets with the 256-bit AES, open the terminal and do: openssl enc -aes256 -salt -a -e -out secrets.aes You'll then be prompted twice for a password, after which you can begin typing whatever you want. When you've typed enough, hit control-d twice and the data will be encrypted and placed in a filed named "secrets.aes". To decrypt the file created above, do: openssl enc -aes256 -a -d -in secrets.aes Enter the password when asked and openssl will decrypt the file and print it in the terminal. Because openssl works the same under macos, bsd, linux, and (cygwin) Windows, files created like this can be used on any platform. A slight variation can be used to encrypt/decrypt files (rather than typed input): openssl enc -aes256 -salt -a -e -in myfile -out myfile.aes openssl enc -aes256 -salt -a -d -in myfile.aes -out myfile There are also other cyphers available, type "openssl enc help" for a list.
password protect a file not directory
<FilesMatch mitglieder.php> AuthType Basic AuthName "Mitglieder Bereich" AuthUserFile /path/.htpasswd require valid-user </FilesMatch>
htpasswd add user
/usr/sbin/htpasswd2 -b ./passwd user pass