I have created a WordPress Plugin now Download here:
Place this at the top of header.php
1: session_start();
2: if(isset($_SESSION['authenticated'])){
3: if($_SESSION['authenticated'] == "yes") {
4: $authenticated = "yes";
5: }
6: else{
7: $authenticated = "no";
8: }
9: }
10: else{
11: $authenticated = "no";
12: }
13:
14: if($authenticated != "yes"){
15:
16: echo <<<EOT
17: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
18: <html>
19: <head>
20: <title>Redirecting</title>
21: <meta http-equiv="REFRESH" content="0;url=http://example.com/login.php"></HEAD>
22: <BODY>
23: Not authenticated - redirecting...
24: </BODY>
25: </HTML>
26: EOT;
27: exit();
28: }
29: ?>
And save this as login.php
1: <?php
2: session_start();
3: if(isset($_REQUEST['password'])){
4: $password = $_REQUEST['password'];
5: if($password == "password") {
6: $_SESSION['authenticated'] = "yes";
7: $do = "redirect";
8: }
9: else {
10: $do = "incorrect";
11: }
12: }
13: else{
14: $do = "showform";
15: }
16: //done processing
17: if($do == "showform"){
18: $formhtml = <<<EOT
19: <html>
20:
21: <head>
22: <title>Your Site | Login</title>
23: <style type="text/css">
24: body {
25: background: url(http://chatfieldfamily.co.uk/images/1.jpg) no-repeat;
26: background-size: 100%;
27: font-family:Verdana, Geneva, sans-serif;
28: }
29: #form {
30: opacity: 0.5;filter:alpha(opacity=50);zoom:1;
31: }
32: #form:hover {
33: opacity: 0.8;filter:alpha(opacity=80);zoom:1;
34: }
35: </style>
36: </head>
37:
38: <body>
39: <div align="center" id="form" class="form"style="margin-top:400px; margin-left:40%; margin-right:40%;; background-color:#000; color:#FFF"><h2>Your Site Login</h2>
40: <form action="login.php" method="post">
41: Password: <input type="password" name="password"></input><br></br>
42: <input type="submit"></input></form></div>
43:
44:
45:
46: </body>
47:
48: </html>
49: EOT;
50: echo($formhtml);
51: }
52: else if($do == "incorrect") {
53: $formhtml = <<<formhtml
54: <html>
55:
56: <head>
57: <title>Your Site | Login</title>
58: <style type="text/css">
59: body {
60: background: url(http://chatfieldfamily.co.uk/images/1.jpg) no-repeat;
61: background-size: 100%;
62: font-family:Verdana, Geneva, sans-serif;
63: }
64: #form {
65: opacity: 0.5;filter:alpha(opacity=50);zoom:1;
66: }
67: #form:hover {
68: opacity: 0.8;filter:alpha(opacity=80);zoom:1;
69: }
70: </style>
71: </head>
72:
73: <body>
74: <div align="center" id="form" class="form"style="margin-top:400px; margin-left:40%; margin-right:40%;; background-color:#000; color:#FFF"><h2>Chatfield Family Login</h2>
75: <form action="login.php" method="post">
76: <div style="color:#F00" >Incorrect password</div>
77: Password: <input type="password" name="password"></input><br></br>
78: <input type="submit"></input></form></div>
79:
80:
96: </body>
97:
98: </html>
99:
100: formhtml;
101: echo($formhtml);
102: }
103: elseif($do == "redirect") {
104: echo <<<redirect
105: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
106: <html>
107: <head>
108: <title>Redirecting</title>
109: <meta http-equiv="REFRESH" content="0;url=http://loggedinurl.com"></HEAD>
110: <BODY>
111: Authenticated - redirecting...
112: </BODY>
113: </HTML>
114: redirect;
115: }
116: ?>
see it in use at www.chatfieldfamily.co.uk
Thanks for this! I have one question. Will this also limit search bots to access and index the blog?
RE:Thanks for this! I have one question. Will this also limit search bots to access and index the blog?
Yes this will, I will update the script to allow google bot access (ip addresses) and use a meta-header to prevent it from caching the page.
Update: I know have a modified version which allows google/yahoo/bing bots to access the page. If you want this version email me: webmaster@spiders-design.co.uk
I’m trying to set up my blog in wordpress and I want my page to do what your’s does (single login). How do I or where do I go to create the login.php?
I did the first part ….changed your website to my address but now I’m stuck on step #2.
Thank you!
RE:I’m trying to set up my blog in…
You need to create the file in notepad or any other text editor and upload it o your web histing directory. In addition you need to upload a background image ( you can opy the one on chafieldfamily.co.uk if you want) and save it as 1.jpg in a folder called images or change the script as required.
just tried your method but i do get errors with my login.php.
Parse error: syntax error, unexpected $end in /webspace/13/47942/clubmembers-only.com/wp-content/login.php on line 114
could you please provide us with the example files?
best regards
Tommy
ADMIN REPLY:
Links to source is now provided.
got it … the problem was on my side.
thanks for that script
I have trouble with the redirect on Firefox for mac .
can you help?
EDIT: Firefox on mac has a problem with redirects to fix the problem change the authenticated code from:
authenticated redirecting...to:
I’m also having trouble. First I was experiencing multiple parse and $ errors, but after fixing those, now whenever someone logs in, it just keeps redirecting them back to the login.php!
Where do I change the code?
When someone types in the password, does this just allow them to read the blog? They can’t start editing it, right?
Thanks
ADMIN: That is correct
Great Job on this script. It works like a charm. Thank you for offering it freely – you are appreciated. Cheers!
I too find that it keeps going back to the login screen.
$_SESSION['authenticated'] gets set to “yes” in the login.php file but when it redirects, it’s no longer yes in the header.php file.
[...] June 30th, 2010 in Web/Tech Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet Box WordPress PluginThere are lots of posts on how to make a password protected WordPress blog. I followed quite a few unsuccessfully (like this one). [...]
[...] To password protect a wordpress 3 blog with a single password use this script: http://www.spiders-design.co.uk/password-protect-wordpress-blog/ [...]
I’ve changed the header and uploadede the login.php but i only get a blank page.
A little help please
I first had the problem with the parse errors. Once I moved everything to its own lines, as in the example, rather than all bunched up as in the code snippet, it worked.
I think I found the problem with how it keeps redirecting to the login even when it’s the right password. Change if($authenticated != “yes”){ to if($authenticated != “no”){ (line 14)
seems to work for me now, but I haven’t tested it fully.
Wait, that doesn’t work…folks can get in directly without going to the login page! oops!
Well, how can it stop redirecting to the login page when the password is correct?
Im looking to implement this, but what user is it grabbing the password from?
This looks great! But where do I find this header-file you are talking about?
There’s no header.php in my root dir. The only header.php that I can find is in the dir of my theme. But that doesn’t work. Hope you can help me out here!
the valuable info u provided do help my investigation for my company, appreaciate that.
It works!
But how long does the user stays logged in??
Is there anyway to implement a logout screen??
The login is handled by PHP sessions and therefore timesout when:
* the browser is closed
* the IP is changed
* the cookies are cleared
* the user Logs out (see below)
* A significant timeframe lapses (not sure precisely how long – something like 24hrs)
Is there anyway to implement a logout screen??
Yes – I should have integrated this within the script (I am currently turning it into a wordpress plugin and will incorporate a logout page)
Create a page called logout.php
and use the code;
<?php
session_destroy();
echo <<<EOT
Logging out
Logged out – redirecting…
EOT;
?>
It is the header file in your theme. I reccomend using the inbuilt editor in wordpress to edit the file.
The password is defined in login.php
HMMM
Does your PHP installation allow sessions?
Only explanation I can come up with.
Does not work for me
I’ve edited header.php and created login.php but it just shows a blank page, no redirecting at all. I’m using WP multisite.
Hi!
I have been trying to find a log-in option for my WP site and I stumbled-upon this site.
This works great! Just have to figure out how to edit the background but other than that it works fine!
If you manage to turn this into a wordpress plug-in soon please do let me know.
Thank you sooo much!
Hi,
I tried to create a log-out page with your code:
<?php
session_destroy();
echo <<
Placed the logout.php page in the same directory as login.php but I get this error message when I log-out:
Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/content/33/5045933/html/coach/wp-content/themes/rich_corp/logout.php on line 2
Please advise on how I can resolve this.
Thanks!
Hi we anticipate a plugin release in the next few months.
New features will include:
Search engine Bot access
Ip deny / allow list
If there is something you think we should include then please comment it.
[...] Chatfield´s Password Protect WordPress schützt WordPress mit einem Passwort gegen fremde Blicke. Ideal für zum Beispiel ein [...]
[...] Protect WordPress Plugin | 30. August 2010 | Autor: Karl-Heinz Daniel Chatfield´s Password Protect WordPress schützt WordPress mit einem Passwort gegen fremde Blicke. Ideal für zum Beispiel ein [...]
here’s a chunk of code that can be inserted at the beginning of the wordpress header file, that does not require any additional files:
<?php
session_start();
$the_current_password = 'whatever';
// or…
// $the_current_password = file("get_password_from_db.php");
$login_form =<<<EOF
please enter password
EOF;
if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}
} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();
}
?>
sorry… here is a corrected version of a simple chunk of code to insert at the top of your header.php file that accomplishes overall password protection without requiring any additional files:
<?php
session_start();
$the_current_password = ‘whatever’;
// or…
// $the_current_password = file(“get_password_from_db.php”);
$login_form =<<<EOF
<br&rt;<br&rt;<br&rt;
<div align=”center” id=”form” class=”form” style=”margin-top:100px; margin:0 auto; width:350px; background-color:#ccc; color:#666″&rt;<FONT SIZE=”-1″ FACE=”Arial, Helvetica”&rt;<br&rt;please enter password</FONT&rt;
<form action=”http://url_of_your_blog/index.php” method=”post”&rt;
<input type=”password” name=”password”&rt;<br&rt;<br&rt;
<input type=”submit” value=”login to the ________ blog”&rt;<br&rt;
</form&rt;
</div&rt;
EOF;
if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}
} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();
}
?&rt;
to quote bullwinkle… this time for sure!
here is a simple chunk of code that will allow you to password protect your wordpress blog… simply insert at the top of your header.php file, and change the password per your specifications:
<?php
session_start();
$the_current_password = ‘whatever’;
// or…
// $the_current_password = file(“get_password_from_db.php”);
$login_form =<<<EOF
<br><br><br>
<div align=”center” id=”form” class=”form” style=”margin-top:100px; margin:0 auto; width:350px; background-color:#ccc; color:#666″><FONT SIZE=”-1″ FACE=”Arial, Helvetica”><br>please enter password</FONT>
<form action=”http://url_of_your_blog/index.php” method=”post”>
<input type=”password” name=”password”><br><br>
<input type=”submit” value=”login to the ________ blog”><br>
</form>
</div>
EOF;
if (isset($_REQUEST['password'])) {
$password = $_REQUEST['password'];
if($password != $the_current_password) {
echo “$login_form”;
exit();
} else {
$_SESSION['authenticated'] = “yup”;
}
} else if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'] == ‘yup’)) {
echo “$login_form”;
exit();
}
?>