Test PHP Script for Password Protecting Web Pages

This simple test PHP script demonstrates how you can provide password protection for part of a web site, when you do not have access to your web server's implementation of the HTTP basic authentication scheme. It works in conjunction with a JavaScript function which is called in the header of each protected web page. See htttp://www.braemoor.co.uk/software/passwords.php for more details.

The functionality protects against a casual attempt to access protected pages, but because it requires JavaScript to be enabled in the user's browser, it shouldn't be considered for anything where security is a critical issue, although the user would need to know the specific URI of the protected page in order to access it, as it would not be referenced directly by any page.

Try it: (passwords are xyzzy, abcdef, 123456): Enter password:

The normal route through the PHP script when called as above simply checks the given password against one contained within a list, and displays either the required entry web page of the protected part of the site, or reports that an invalid password has been given. The script allows for as many multiple passwords / entry web page combinations as may be required.