:: Web Page Password Protect :: Free PHP Scripts

Статья последний раз была обновлена 04.03.2023

home free scripts online tools articles forum donate

Free php and cpanel scripts to automate your daily routine

Free PHP Scripts :: Web Page Password Protect

Password protect your content with Web Page Password Protect by just adding one line of PHP code to your page source. Script will present user with password entry form, and will not let visitor see your private content without providing a password.

Multiple user accounts support, improved security, automatic logout, and manual logout feature.


  • Save password_protect.php somewhere on your server
  • Update it with your desired password or login/password pair. Use any plain text editor to accomplish this step. Sample editors: Notepad (Windows) or vi (Unix).
  • Open script in your browser with "help" parameter to see the line of code to add to every page you would like to be password protected.

    Example: password_protect.php?help

    It will show you protection code to include into your pages. Sample protection code would look like this (yours will be different):

    <?php include("/home/users/htdocs/security/password_protect.php"); ?>
  • Add that line of code to each php page you would like to protect at the very beginning of the page source (it must be the first line).

    For example you want to protect page protect-me.php. Open it for editing, and add the protection string (see above on how to get the protection string) at the beginning. So resulting code would look like

    <?php include("/home/users/htdocs/security/password_protect.php"); ?>

    … here, at the second line starts your page code …

Find more detailed description on how to setup password protection script on the forum.

Download Web Page Password Protect


August 5, 2000

Awesome script. i just used it on my site and it works great. really simple to set up.



July 28, 2006

Excellent! Nice and simple, but well worth it!

Mark July 29, 2006

Great script, but it would be ideal if a cookie was set so the user didn't have to re-enter the password when navigating through pages in a directory.

Just a little annoyance, other than that it did its job nicely.

zubrag: Changed script according to Mark's suggestion. Now it supports cookies and requires password only once.

Mark July 30, 2006

Wow, now that's what I call support!

Very well done, thanks a bunch!

Jvuz August 2, 2006

Just a question, can you also add different users?

Jason August 3, 2006

Great script! thanks a bunch! worked perfectly

sundberg [anti-spam] inlife.se August 4, 2006

Where do i put "password_protect.php" ?

Does it need to be put in a secure catalog, maybe outside the webroot?

zubrag: you can place it where you want. Outside the webroot or in a secure catalog would be good. But script will not reveal the password, no matter where it is placed.

FrEaKmAn August 5, 2006

Can we modify this so that we can also include username? I'll try myself but I need help!

zubrag: Added multi-user support. Now Password Protector can either ask password only or login/password pair, depending on settings.

August 6, 2006

How can I get the code to re-direct the user after login (into a subdirectory, for example)?

zubrag August 6, 2006

Ok, you can use this tool as redirector (though it was not designed for this). If you want to redirect to some folder after visitor login, then add following line just before the last ?> line

header('Location: http://www.yourdomain.com/redirection/path/'); die();

August 6, 2006

Thanks! Will try that soon… excellent site, helpful admin!

Thanks again!

dave [anti-spam] sweetser.com August 6, 2006


Your password PHP script looks good and I want to use it at GoDaddy.com, my hosting service. So I created a PHP folder at www.abc.com/PHP

which is where I put the script. However, the example include line starts off with:


How (or if) does "/home/users…" relate to what I need to work with: www.abc.com

In other words, I don't have access to any root folders. From my perspective, everything is based at www.abc.com. Given that, what would the path look like in the include statement? Again, how would a web page point to the PHP script when its location is basically a URL, not an absolute path.



zubrag: In order to get your path for include statement open it in browser passing "help" parameter, i.e.: http://www.abc.com/PHP/password_protect.php?help

It will show you the code to include in every webpage you would like to protect.

Cindy August 8, 2006

I must be really dense — where in the code do I put the include("/home3/marilou/cc-ob-www/elder-connect/password_protect.php");?

And correct me if wrong, I would change password_protect.php to the page name I wish to protect.

Do I put this:

die('Include following code into you pages: <br /><b>include("("/home3/marilou/cc-ob-www/elder-connect/password_protect.php");</b>');

like that?

zubrag: in order to see protection code you should open script in browser. From the code you provided it seems like you invoked it from shell (terminal), that is why it shows a lot of things you would not see when opened in browser. In your case just add include("/home3/marilou/cc-ob-www/elder-connect/password_protect.php"); to a webpage you want to protect.

August 12, 2006

Where do I find the final code you modified to include the login/password pair and the cookie support?

zubrag: Use download link above. All changes are already included.

Gwen August 13, 2006

Where do I put the correct password? Do I add all that code to every page of my website?

Gwen August 13, 2006

I added this code in the HEAD part of the page and it isn't working. Did I put it in the wrong place?

<?php include("/usr/hsphere/local/home/gwen1224/shalitraining.com/password_protect.php"); ?>

do all my pages need to be .php pages. Right now they are .htm pages.

zubrag: Yes, script can only protect php pages.

Gwen August 13, 2006

Okay got it all, looks great, works great. You are awesome!!

Marsha August 13, 2006

I am getting this

Warning: Cannot modify header information — headers already sent by (output started at /data/web/virtuals/………

Line refers to the cookies portion

setcookie("verify", md5($pass));

what to do ? Everything else is working it's just that line seems not come up with the error.

Can I get the script without the cookies from where should i take off out of the code.

zubrag: this means something goes to output before password_protect.php is run. To avoid setting cookie add // before setcookie so resulting line will be

// setcookie("verify", md5($pass));

Marsha August 14, 2006

Thanks alot for the response, it worked well, I am so happy!!!

PaulM August 15, 2006

I have a similar problem to Marsha. I get the "Warning: Cannot modify header information — etc" referring to the style line that precedes " input { border: 1px solid black; }".

I am sooooo close to having this working perfectly.

zubrag August 15, 2006

try putting your protection string at the VERY BEGINNING of the file in following format:


PaulM August 15, 2006

I don't have a problem with the protection string. That seems to be working fine.

My problem is in the password_protect.php file that I have named index.php. As I downloaded it, after filling in the password you are just left with a blank page. I wanted it to then redirect to a page called index2.php. The PHP header command won't do that because it cannot have anything else written to the screen first.

How do other people use this script?

zubrag: Script was not designed to redirect, but it may redirect after login if you add the PHP "header" command like mentioned in comments above.

Main purpose of the script is protecting information on php pages. In order to protect web page you need to change that webpage source code (add protection string). If you need to protect few php pages then add protection string to each page. Please refer to "Usage" section at the top of this page for details.

Dhani August 17, 2006

Can you please include the options for "logout". Like having the logout button or something?

Dhani August 17, 2006

And one more thing, can I specify one page just for one user in user list array?

Dhani August 17, 2006

what I mean, one page to protect just one user from the user array list who can access it?

zubrag August 17, 2006

This script can protect only on page by page basis. So if you want to grant access: user A — webpage A; user B — webpage B, then this can be accomplished as follows. Copy password_protect.php to protectA.php, and include protectA.php in webpage A. Copy password_protect.php to protectB.php, and include protectB.php in webpage B. In this way you will be able to give user A access to only page A, and user B will only be able to see page B.

Dhani August 18, 2006

and how about the logout options?

this script is what I need, one more thing is the options to include the logout procedure…

zubrag: It will auto-logout when browser window is closed. Adding logout button/link is not so obvious… Will need to think on how to implement it so that it worked good for everybody.

August 20, 2006

How could I set this up to protect my blog (powered by simplephpblog) on my home server running Abyss Web Server?


Filthio August 21, 2006

Congrats on an awesome script. And so easy to use. I had the same problem as Marsha, with "Cannot modify header information". However I did as you suggested and put the include right at the very start of the document. It worked perfectly. Thanks.

André August 22, 2006

I'm getting two errors;

1) Cannot modify header information…

I uncommented the setcookie thing, and the error was gone.

2) Fatal error: Cannot redeclare showlogin() (previously declared in /home/bla..bla..bla../admin/password_protect.php:108) in /home/bla..bla..bla../admin/password_protect.php on line 108

The line goes like this;

function showLogin($error_msg)

Any idea?

André August 22, 2006

Too many include files I guess.

zubrag August 23, 2006

Andre, seems like you are including it few times in one file. Unfortunately our programmer is currently not available, so I slightly updated script myself. Please download new version. If it does not work for you then please check back in few days.

zubrag August 23, 2006

In order to protect your blog (powered by simplephpblog) you'll need to find some file which is included into all blog pages (this is usually some settings file), and add protection line to that file. Unfortunately I'm not familiar with simplephpblog, so cannot give you more details.

Dhani August 24, 2006

how about adding some parameter into the page.php script that passing the parameter into functions in the included password_protect.php, like:


ps: sorry if I so much to ask, but Im not good enough on PHP… thank you in advances…

zubrag: Nice suggestion Dhani! Thanks. We'll add it on Monday.

Gwen August 26, 2006

Okay, I accidentally overwrote the password_protect php file and can't figure out how to have it ask only for a password and then where to put the password I selected.

zubrag: open password_protect.php in editor. Find SETTINGS START section. If you want to ask password only then USE_USERNAME should be set to false: define('USE_USERNAME', false);

and update passwords array to what you need. Below I'm allowing access with two passwords: root, and adminpass





Burke August 27, 2006

Trying to build the $LOGIN_INFORMATION array from a MySQL database.

This builds the string correctly:

$unpw = $unpw."'".$username."' => '".$password."', ";

then srtip the comma from the end

$unpw_array = rtrim($unpw, ' ,');


$LOGIN_INFORMATION = array($unpw_array);

But it doesn't work. The $unpw builds correctly but when it's added to the (array) it does not work.Do you need CR/LF at the end of each entry?


zubrag August 28, 2006

Example on how to do it based on MySql (this code is not working as is, needs changes to connect to database, and to match your database table/fields names):


$result = mysql_query($query);


while ($row = mysql_fetch_assoc($result)) {



August 29, 2006


First of all, a great script — just what I was looking for! However I am having a little difficulty.

I have placed the file "password-protect.php" in "", and when I browse to it I get the prompt to enter a login and password. Instead I change the address to "" as directed. However, the page doesn't give me the include address, just "Include following code into every page you would like to protect, at the very beginning (first line):".

Apache and php are up and running on my machine (OS X), as can be confirmed by opening other php pages on my machine. Have you got any suggestions as to where I'm going wrong?

Many thanks, Chris

zubrag: Fixed. Please download it again. Thanks for your help!

August 30, 2006

Works like a dream now. Thank you very much for the script and prompt reply.


sarkarsweet [anti-spam] gmail.com August 30, 2006

Hi Zubrag, Thanks for the simple but useful free programme that I have been looking for use.

However, I downloaded it, but do not understand what do I need to do use it for a particular page — only with Password (without any log-in) by spl friends using my Homepage. I viewed the write-up using notepad, but am unable to proceed further! (needles to mention my amateur status).

Will appreciate advice — my e-mail is: sarkarsweet@gmail.com

All the best — Ashit Sarkar (Bangalore)

sarkarsweet [anti-spam] gmail.com August 30, 2006

Further to my earlier msg I have noted that Updating can be done to the file . However, what I cannot figure out is how to:

"Open script in your browser with "help" parameter to see the line of code" — as instructed.

I use Firefox, and the help button is of no help about 'script'! Obviously, I am floundering…

Thanks — Ashit.

ronatola September 1, 2006

hmmmm…this is exactly what I am looking for but…

Like a pervious post, I am using godaddy to host my website. I ftp'd in and created a php folder and dumped the password_protect.php file there. However, when i open the http://www.1234.com/php/password_protect.php page i get a 404 page.

Any ideas? Does my host need to activate php somehow?


Ronatola September 1, 2006


http://www.1234.com/php/password_protect.php comes up as all text and http://www.1234.com/php/password_protect.php?help comes up 404

zubrag September 1, 2006

Ronatola, if it comes up as text/404 then you have no php support enabled. And this tool can only protect php files. Contact your hoster, maybe they want php files to have another extension, like php3, phtml, etc. If they does not support php then you'll need to password protect with JavaScript. We are going to develop such solution in few weeks.

Nils Ingvarsson September 6, 2006


For a PHP novice like me, this script saved my day! Works like a charm. Easy to implement with the provided instructions. And thank you Zubrag for keeping it free. Good job!

For people interested in design, this script is easily implemented in your current webdesign. (It need some tweaking to validate as XHTML though.) Just replace the HTML code in the password_protect.php file with your own. This way you can customize the login page any way you want. Remember to keep all PHP and META code 😉

Here's my try: http://www.utblas1.se/formedlemmar.php

It's in Swedish, but you see what can be done.

Best Regards

Nils Ingvarsson

Jönköping, Sweden

lost September 15, 2006

I am trying to use this code for a blog, and am a real ameteur. What's the best way?


Terry September 17, 2006

This script can be used only to php pages? I have html pages on my site. How can i convert them to php?

September 19, 2006

Thanks you, Work Great.


September 20, 2006

why doesn't the password work except for the last line in the code?


'' => '123456',

'' => '654321',

'' => '789456123'


Claire September 21, 2006

// check if cookie is good

$found = false;

foreach($LOGIN_INFORMATION as $kay=>$val) {

if ($_COOKIE['verify'] == md5($val)) {

$found = true;


In the fourth line it says $kay for the array. Should this be $key?

I am just learning php, so am not sure.


September 21, 2006

it still doesnt work

Brian September 23, 2006

I was wondering if there would be a way to save the login in the cookie so that you could access the cookie and know who was logged into the system. Is there any way to do this?

September 25, 2006

you rule. all i found was apache .htaccess stuff and thot "why isn't there something simple like (insert your beautiful script here)?" thanks for sharing, the world is a better place for it.

Parag September 25, 2006

Well done. You script rules!

Short, well-scripted, tidy and does the job fine and easy to use.Thanks for coding/sharing it.

Plz delete this entry if you want to so that other can find support easily.

jack886 [anti-spam] gmail.com September 27, 2006


The password protected page is stored in a sub-directory, when I test to click that protected page, it just go in directly without asking login name and password, what can I do about it? Is this correct? <?php include("/home/stingyan/public_html/password_protect.php"); header('Location: http://www.the-speedperformance.com/products/A-BV01.php'); die(); ?>

Please advice, thank you a lot!!


Beezer September 27, 2006

After I unzip the file it saves it as Microsoft Picture It! file.

Doesn't look like anyone else has this issue. What program do I need to open the file correctly?

Beezer September 27, 2006

I was able to open the file with Edit Plus Text Editor. Thanks.

Junaid September 29, 2006


Junaid September 30, 2006

the script is working perfect for redirecting .html pages but it fails to redirect to a php page

Niyi October 8, 2006

Nice script…thanx for sharing.

How can I use this script with php/mysql database login array. The example above is not really explanatory enough for a novice like me. Thanks

nisha October 10, 2006


zubrag can you please help by writing ftp creator script also? plz plz

surveyjon [anti-spam] westnet.com.au October 10, 2006

Just a slight problem.

Trying to protect 2 pages with different passwords. Have set up seperate protect pages but once one password is entered, both pages are accessible.

Ellen October 11, 2006

What if I don't want to enable the cookie? What code do I change? I'm only using it on one page in my site.

Squid October 11, 2006

surveyjon, i would add at line 105 this… $gpg = $_GET ["gpg"]; and add to the all the cookie information md5 ($val.$gpg) Lines 118, 133. Then when you call the file use <?php include ("path/to/file/password-protect.php?gpg=XX"); ?> I have not tried this yet, but it should work for multiple pages with different codes.

jerome.law [anti-spam] ipsolutionsltd.com October 25, 2006

Many thanks..this is so sweet. Now I want to try to protect my documents. Can I use the same way? Thanks. Jerome

BigGoga October 28, 2006

Very good and usefull script!!!

I have developed it a little. My version bans users IP after 3 uncorrect passwors input. Last banned address is stored in a text file.

If someone is interested in it. I can share my work 🙂

November 2, 2006

how do I include the password list to accept?

zubrag: open script code for editing in some editor (like notepad, vim, etc.), find SETTING START section, and update it according to comments in the header.

andrew.vos [anti-spam] gmail.com November 8, 2006

why doesn't the password work except for the last line in the code?

I am having this problem too!!

zubrag: Documentation problem. List only passwords when usernames are not in use, like shown below



'my password'


alexcie_larry [anti-spam] yahoo.com November 10, 2006

Hi Its a Great Script you have But i have one question.. I use FRONTPAGE @))# to edit my site can i use your script to protect pages?? Thanks very much

November 15, 2006

Can we use PHPSESSID to protect the pages?

This suggestion is a alterative to the current Cookies Protection.

Emma November 16, 2006

Hi, I must be having a blond moment sorry. Where do I change the password and username to what i want? Is it: I tried but it didn't work.

'zubrag' => 'root',

'admin' => 'adminpass'


November 18, 2006

Hi I set this up it looks like it's working but it will not accept any passwords? with no changes to the script I assume the default is.




doug.turner [anti-spam] nadel.com November 21, 2006

Fantastice script! is there away to set the password to any number between two specific numbers. I need the script to let in multiple users. Thanks

frankkthetank [anti-spam] gmail.com November 26, 2006

Ahh, I'm sorry, I have no idea how to do this.

Could it be explained easier to me?

Thanks in advance

December 3, 2006


Great script Zubrag

Nice and simple

Just a couple of quick questions

Can it be changed to prtect html files or do I need something different? I know this has been asked already but saw no answer

Is it possible to restrict the number of times the user has access? EG. I set it up on a page which outputs codes, but how do I alter it so if the user wants to get more codes, they need to contact me again/re-purchase


December 6, 2006

You can convert an html file to a php file in most cases simply by saving it as a php file in dreamweaver. (Maybe frontpage too, although i'm not sure about that).

fred [anti-spam] lentjes.com December 14, 2006

I an't get the script working. Where do I put the username and where the password?

Jake December 14, 2006

I put this on a Journal Entry Form that I have and I type in the username/pass just fine, type my journal entry, but then when I hit submit, it brings me back into the the login page, then I have to type in username/pass again and then it submits my journal entry. Anyway to change that?

Jake December 14, 2006

Delete my comment. I put the line of code in front of when it should have been at line 1, missed that part. Sry.

sales [anti-spam] prismimages.net December 17, 2006

hi i dont have a clue in the slightest with php but i have a few pages on my site and i want the user to be able to login and depending on their username or password depends on the link that it goes to. say the user name is cat it will go to cat1.php and if it is dog it will go to dog1.php

i cant find anything that can do this without using mysql.



sales [anti-spam] bradfordtradecentre.co.uk December 19, 2006

hi i am trying to secure a admin folder in my ftp how do i do this ive tried putting the script in the folder but its not working

Luke December 19, 2006

You must be the smartest PHP Programmer on earth. Why didn't anyone think of this before??? I've been looking for this exact script since php3… Thank you, thank you, thank you!

Frank December 20, 2006

Simple but awsome ….

A magnificent work

contact [anti-spam] digitalsun.us December 26, 2006

Great Script! Thank you!

Just one question. I get this error: Warning: Cannot modify header information — headers already sent by (output started at /home/content/j/a/n/janepark/html/uploadScript/fileUpload.php:3) in /home/content/j/a/n/janepark/html/uploadScript/password_protect.php on line 120.

how do i fix this?

Greco December 28, 2006


I have never used PHP … But this script sounds fantastic!!!

I have renamed the HTML page as PHP. Will it work?

January 4, 2007

How would you get directly into this page without the popup? Straight from URL?

http://yourwebsite/page username=? password=?

Amanda January 4, 2007

Thanks for this script. It works with Frontpage, I just changed the file extension on an already created .htm page to .php and it works like a charm. So easy!

Tom January 5, 2007

After logging in with your script,

I cannot log out. Neither: include (password_protect.php?logout) nor

setcookie("verify",' ') worked. Once

logged in, I can then always see the protected form. What am I doing wrong?

Many thanks.

lafhog January 7, 2007


Great script Zubrag

Short and simple

Just one quick question

is it possible to password_protect a Folder or Dir, to just display that folder and all its files.


January 10, 2007

that is perfect!!!! thanks a lot

January 10, 2007

Hey This thing is great But, I inserted the code to my page and it worked the first time, but it doent work any more. Please Help. It just shows a white screen instead of the Password log in form

Regulus January 13, 2007

It's a great script, exactly whay I am looking for. But just wondering if the number of paswords you can include on the script can be unlimited or not. I intend to include as many as 45,000 passwords on the script. Is this still possible?

Thanks for the great work on the script

January 15, 2007

Great script! It works perfectly. Thank you so much!!!


jerboyd [anti-spam] sympatico January 17, 2007

hi. thanks for this script. i am using it to protect a members only area of my site but i would like to have two levels of security. so some pages are available to anyone who logs in and some are abailable to people who log in with a second security level. is this possible? also how can i have a form for a user registration. thanks for your time

admin [anti-spam] egold-biz.info January 18, 2007

Hi, did I get it correct — that this script will only work to protect php webpages. So I cannot use it to protect my page if it is written in html?

Ange January 26, 2007

Holy cow! I am not a programmer, but it worked perfectly for me. Thank you thank you thank you!!!

January 29, 2007

Great programming!

JBone ~ Majerwebs January 29, 2007

Script is perfect

florence January 30, 2007

Thanks you, Work Great. And you're great

Flo, from France

rscott [anti-spam] nwdusa.com February 1, 2007

Big Goga,

Would really like to see what you had done for the reject IP address after 3 incorrect password attempts.


Anyone modify this to use Session ID rather than cookies???


Great Script. The awesome functionality lets us breathe a little easier here…



Shawn February 6, 2007

I've tried to edit the cookie portion out of the script to no avail. I would like the script to always require the user to provide a username and password. Some way to easily comment out or disable this feature.

Thanks, for a great script!

azearly February 13, 2007

Using password only, can only enter 3 passwords out of 4 that i want to use.

How do i get the forth password to validate?

maurinet February 15, 2007

Zubrag: this script is awesome! Thanks a whole lot!!!

Small question: is there a way to protect a folder with this same script? (I'm using it for a webpage with pictures, and it works gerat, but somebody can still write the address of the directory and access the photos).

Thanks in advance,


Werewolf_NC February 16, 2007

I can't put in my own name and passwords into the script. If I change anything in the password_protect.php script the login page won't load at all. Am I doing something wrong for the name and password?

February 19, 2007

Thanks it worked well but It would be great if you also made it so you could make an option for no cookies.

February 23, 2007

How secure is this please? I really love the simplicity of it, just want to know that it is safe.

fallen_angel February 27, 2007

Excellent script! Works flawlessly! Kudos to Zubrag.

This can be used on htm/html pages if you add a handler into your .htaccess file —

AddHandler application/x-httpd-php .htm .html

March 4, 2007

wow, great code — you just made my life a lot more simple, thanks!!

March 11, 2007

Very clean. what else can I cay?

cate March 12, 2007

this is an amazing code ! clean, easily customizable, etc. perfect.

is there any way to clear the cookie once a user navigates away from the server, so they have to re-enter it the next time they come back?

like, say my site was site.com. when i leave site.com and go to blah.com, it stops saving the cookie so when i return to site.com, i have to enter the password again.

thanks !

Lew March 13, 2007

Zubrag; Great code. Thanks for your efforts. It really helped me out. Its coders like you who make the web work.

Noswombat March 14, 2007

Thank you soooooooooo much……I used it for .htm pages and it worked a treat

osourcem March 14, 2007

i've got some problem as others:

Warning: Cannot modify header information — headers already sent by (output started at /home/blabla/domains/blabla.com/public_html/apsauga/testas.php:2) in /home/blabla/domains/blabla.com/public_html/apsauga/password_protect.php on line 118

how to solve this? i removed header from the page which has to be displayed after login prompt

March 18, 2007

does this script filter mailicious input?

March 19, 2007


I want to password protect a URL page to be accessed from eBook.

I want the access to be transparent to user ie. the reader just clicks the hyperlink to the target webpage WITHOUT being presented with, and having to, enter any user id or passwords! (in other words, these are already pre-set in the page).

Reason is to prevent accidental stumblers onto my webpage but allow book readers to access via the hyperlink click.

Will this do it? How to protect the target URL destination?

roysorin [anti-spam] gmail.com March 20, 2007

hii this is very good system login 🙂

March 21, 2007

Thanks much for making this, Zubrag!!!

March 23, 2007

Thank you so much for the great script, it's just what I was looking for.

A question though — Once a user logs in, they are permanently logged in, it seems. I would like the users to be logged off once they navigate away from the protected page — I would like the script to always require the user to provide a username and password.

root [anti-spam] olgiatipy.org March 24, 2007

Posting this in case it may help some others who want, like I did, to password-protect pages written in HTML

If the page you want to protect is HTML, there is a quick and nasty way to turn it into a .php page:

Add the following two lines before the first line of the HTML page:


print <<<END_OF_HTML

add the following two lines after the last line of the HTML page:



and save the resulting page with a .php extention.

You now have a .php page, which you can protect by adding the line:

<?php include("/directory/of/your/web/site/password_protect.php"); ?>

at the very beginning (after of course changing /directory/of/your/web/site/ to suit your local situation).

Graeme March 25, 2007

Awesome code but how to i make it so it goes to the right page? All that happens is that it comes up with a blank page.

dj_jonathan_martin [anti-spam] yahoo.com March 26, 2007

Thanks so much for this great script!

Having a bit of a problem though, when I run the help execution to get the path, I get a local c: path … any advice would be appreciated! Thanks again 🙂

dj_jonathan_martin [anti-spam] yahoo.com March 28, 2007

nevermind that was the absolute file path on the server. WORKS GREAT!! THANK YOU !!!

exentia [anti-spam] cooltoad.com April 1, 2007

Thank you very much

spented half a day trying htaccess

no luck

happened upon your site googling

15 minuites later all working

as my 5year old says "wicked"

Vivian April 4, 2007

Thanks! This is exactly what I was looking for.

One thing though, it doesn't seem to work in Mozilla Firefox. When I click the link it should show the password page, but it just skips that step. It only worked once in the beginning, but that was it.

Any suggestions on why it's not working?

April 6, 2007



phani April 10, 2007

Thank you very much

michelle [anti-spam] NOSPAM [anti-spam] lwmarina.biz April 12, 2007

Ok.. For the folks that want a password protected page and have NO IDEA how to install anything at all..

If I install(haha ya right) this on a single page, like a private page on my site, do people have the same login's and password.. just give all the people the same id and password??

philwojo April 13, 2007

Vivian, it sounds like you are forgetting about the cookie it sets, you will only see it work once as after you log in it set's your cookie's and then it' won't run again.

Michelle, you set the login's and passwords in the file, so you can put in as few or as many as you want to, or you can give everyone the same one.


Gregorio Aristizábal April 15, 2007

Excelent work!!! Got my password script working in no time! Really easy to use and straightforward. Works well on GoDaddy, with Mozilla.

Could not use the htaccess method due to hosting restrictions, but the script does a great job. You just saved me from having to do it from scratch! Thanks again man.

Take care!

PS. Agree with shawn on the comment "I've tried to edit the cookie portion out of the script to no avail. I would like the script to always require the user to provide a username and password. Some way to easily comment out or disable this feature."

dazakun [anti-spam] shaw.ca April 18, 2007

Awesome script! Thanks! I got it working very quickly with the helpful forum instructions.

One question I have is if it is possible after implementing the login/password form (user has to input both fields) on the main page of a website, to have it redirect to another page on the website after successful authentication. Thanks again

Wesley April 19, 2007

Great script! I modified it slightly to create an online proofing system. It redirects clients to their respective directory depending on the credentials they provide! Thanks again!

Hugh April 20, 2007

Very nice bit of work. Kudos! I have added two functions:-

— javascript to automatically select the pasword box (I disabled the username for my pages); and

— created a setting to show hide the hyperlink to your website — I didn't want to make it too easy for anyone to know how I was securing my pages — the less the bad guys know the better!

But very nice work.



foo April 22, 2007

I changed the passwords in the script but whenever i try to login with the username/passwords i added i get Incorrect password.

pula April 25, 2007

Great script! keep up the good work.

AJ April 25, 2007


I am interested in doing a similar thing — would i be able to see your modifications / source?

Many Thanks,

Folder April 25, 2007

AJ, check the forum, there are multiple threads about redirect after login. Brgds, Folder

Ben April 27, 2007

First, great script!

Al lot of people are asking about changing the usernames and passwords from the default.

Make sure you make the changes in the script and not in the instructions!!!

— Ben

DaveyDee April 28, 2007


I've been googling to find a solid, easy to depoly password script for a few days now and thank goodness I found Zubrag. You are a star my friend — this script is so simple yet so effective. Take a gold star and go to the top of the class!

Kory May 9, 2007

Great script!! I love it!!

My only question is if the script can be made to reflect on different users; for example: if "Bob" logs in then I want it to show "Bob's" page. Or if "Fred" logs in, then I want it to show "Fred's" page.


AJ May 9, 2007


go to the forums. zubrag, some others and myself have got that covered (you just add:

$REDIRECTS = array (

'username1' => 'PATH_TO_PERSONAL_PAGE',

'username2' => 'PATH_TO_PERSONAL_PAGE'


etc etc

underneath 'login details' in the password_protect script

May 11, 2007

how do I redirect back to the login page after someone clicks logout by using the passwordProtectedsite.php?logout=1


// logout?

if(isset($_GET['logout'])) {

setcookie("verify", '', $timeout, '/'); // clear password;

exit("Logged Out");


Kory May 12, 2007

Thanks AJ! But, the script fails to redirect to a php page, all it does is redirect to the root of the site when it's set to redirect to thefile.php. But, it does work with HTML files, unfortunely those don't let me set up protection on them, only the php files let me do that. I am stuck. Any suggestions??

Kory May 13, 2007

Update to previous post:

I finally figured it out!

I am doing a HTML post to password_protect.php file, it leaves a cookie if the password is good, it then redirects to another php file that is set to be secured with password_protect_2.php which has the same usernames and passwords but does not make the file redirect. This work-around works great!! I hope that may help somebody with the same problem! Thanks again!!!

jesstankersley [anti-spam] gmail.com May 13, 2007

This was awesome! Works like a charm! Thank you!!!!!

joe [anti-spam] salesdepartment.com May 15, 2007

I installed this several months ago on a phpbb 2.19 board. Since the day it was installed the board has not had one single spam registration. Pretty phenominal! I was getting near 10 spammers a day before installing this script.

And, another minor miracle I picked up somewhere particularly for those of you with phpbb boards. Rename admin_db_utilities.php with some off-the-wall name. Do the same with your admin_forums.php file. Rename admin_forums.php correctly "only" when you need to admin your forums. Then rename it something non-functional when you're done. No hackers since using this process.

carl [anti-spam] dltlive.com May 17, 2007

This is how I get mine to redirect to the orginal login page. In my password_protect.php this is what this area looks like:

// logout?

if(isset($_GET['logout'])) {

setcookie("verify", '', $timeout, '/'); // clear password;




It may not be exactly what people are looking for but it works for me. Hope this helps. Good luck!

tom_cai12 [anti-spam] hotmail.com May 21, 2007

This is awsome!

I am new in php. Is there easy way to process contents based on the password in the same page? for example, if password = "external" , process function1 elseif password = "internal" process function2?



May 23, 2007

Wonderful! Thank you so much for sharing this…

May 23, 2007

Web Page Password Protect rocks. I had it set up in under 5 minutes and it did exactly what I wanted it to.

Daniel K May 23, 2007

to: Kory

I've been stuck same place as you, is it possible you could upload/send the work-around?

Kory May 25, 2007

In response to the question from Daniel K:

[Admin note] created topic on the forum for this issue: Password Protector — redirects

May 27, 2007

No problem installing. Easy to use. Thanks Hansen Denmark.

JT May 31, 2007

Great script, much appreciated Zubrag

June 9, 2007

this script is fantastic! very nice work.

kdhawkins [anti-spam] gmail.com June 12, 2007

I know nothing about HTML really, I can cut and paste and fiure stuff out generally, but reading all of this giving me a headache, plus I'm using MS Publisher 2003… OF all that has been mentioned, could you tell me how to set up a password protected page where each member can use their email address as their login and choose their own password? I want to put this on my own website (yahoo), but I'm really trying it out for another (university) website in the fall. Any help that you can give me is VERY appreciated!

Thanks so much!


Aa June 12, 2007

I tryed to paste the code into "nvu" and then open it but any password works. How do I set the password?

melissa June 14, 2007

Is there any way to create a "logout" with this password protect?

Craig June 15, 2007

Love the script man. Works a charm. The only i suggest, is a log out feature, more secure. But still a great job!

Ben June 16, 2007

Works great. Thanks for the log out feature too!

June 17, 2007

404 errer what the umm how do i fix it it was on a freewebs page

houssam.ballout [anti-spam] gmail.com June 20, 2007

Hello all,

I've included the file in the files that I want,but when I lunch them,the login form is not shown

any help please

June 26, 2007

Excellent script, worked like a charm. Thanks very much! 🙂

Dave H June 26, 2007

Great script! Unfortunately the cookie does not seem to be working as I have to enter the password again when I browse to another protected page in the same directory

pga June 26, 2007

well, im using this for my schools website but i want to style it so that it fits better. how do i do this?

Sasa June 27, 2007

ok i just got the script, its perfect, but, one question, i am password ptrotecting a proxy page, protection page is awsome, as soon as i go to a diffrent page through proxy, sets me back to log in., any help appreciated

jim June 28, 2007

Fantastic script. Even for a PHP newbie, really easy to use. Thanks

droom June 29, 2007

Thnx for script. Im very new in php but it took 10 minutes to understand how to use it. Really thank you

scott June 30, 2007

does anyone know how to echo the current user?

pat [anti-spam] organizedwisdom.com June 30, 2007

Another fan of this script! Thank you.

July 7, 2007

This rocks. Thank you!

Jordan July 8, 2007

I love your script but there needs to be a log out function when the user closes the browser. What if the user is on a public computer? A logout option will be very useful, and needed.

July 14, 2007

Great working script with full details on instructions…however, I'm having 1 minor blurp…once I enter the password and hit 'submit' it goes to (renamed file = login.php) login.php…can this be changed to a html file?

support [anti-spam] giggigteam.zzn.com July 21, 2007

g8 script but can u set up a form and when its filled out it automaticly adds username and password so they can login

marek4 [anti-spam] ya.ru July 30, 2007

Ìîëîäöû ïðåêðàñíûé ñêðèïò

BuB August 4, 2007

So Easy, and So Darn nice. GREAT Work. Love the cookie thingy, and how it times out instantly when they shut down the browser and come back.


monin12001 [anti-spam] hotmail.com August 4, 2007

I am getting this

Warning: Cannot modify header information — headers already sent by (output started at /data/web/virtuals/………

Line refers to the cookies portion…

just like marsha told…

i want cookies but dont want that error msg.. any help

Thank u


RTP August 4, 2007

nice script. thanks

Brother T August 6, 2007


How would you do this? I want to

1 — have the login form open in a smaller window (target="_blank")

2 — have the small window close after login info is accepted while

3 — updating the original window to reveal the protected site content.

JohnnyF August 9, 2007

For some reason, when I enter the URL www.mysite.com/password_protect.php?help — it gives a dialogue box asking me if I want to open or save the password_protect.php file. I'm pretty sure this is a server issue. Has anyone got any ideas?

August 9, 2007

does this program offer user logging?

Lozza August 9, 2007

I'm adding in the code at the top of the script like it says — but when I go to the secure.php file on the site it doesn't load up the login fields. Any thoughts?!

August 9, 2007

Excellent. Nice of you to post your work for free. Well done!

daybroadway [anti-spam] yahoo.com August 10, 2007

I am having a problem with the login on my php login page. I created a login page where users can login into the site and access other php pages on the site. I put the php protect password on the pages desired. the problem i am having is when the user goes to the login page and logs in it says it's successful but when they go to the protected pages it asks them to login again.

Mick August 14, 2007

This is a fantastic script, exactly what I wanted, thanks!

Hendy88 [anti-spam] gmail.com August 16, 2007

The code works GREAT! Just one problem, in that after the user logs in from my index.php page, they get redirected to another page telling them they are logged in and everything works great. Problem is if (within the same browser session), they stray away from these PHP pages and then come back to the original index.php page… instead of showing the content, it shows and "Index of" and a listing of the files in the Parent Directory on the server. Any suggestions on how to fix this?

Tracy August 17, 2007

Fabulous piece of code! I couldn't get .htaccess/.htpasswd to work, so I was looking for another solution. This is exactly what I needed! Thanks!

August 18, 2007

I am using this script but the google adsense ad not relative to content on password protected pages.They ask to give password protected directory/file & authentication URl then waht is to be written in authentication URl ?

koisti August 21, 2007

I'm using only password protection so not user name needed. The password should be an email address, so have to add check to submit that it even looks like an email address like xxx.xx@xx.xx?

And the password can be anything..

so if you hit correct password it goes works like original but if you try give email address withous @ mark it gives an error message not a valid email address

Gang Zhou August 23, 2007

Excellent! Very easy to use and very convenient!

Guillermo August 23, 2007

I've put it to work in just a minute!!! Thanks a lot!

Anne August 27, 2007

Thank you, thank you! Brilliant piece of code!! I'd spent hours trying others — noe of which worked. Yours was super-quick to install and worked immediately.

Shadow Slash August 28, 2007

Ohhhhh i'm so jealous! I wanna try that stuff now! It's just a shame that my website's server is currently down so I can't try uploading the password_protect.php thingy T_T

kevin [anti-spam] plessinger.net August 28, 2007

Perfect worked like a charm. You rock!

E-man August 30, 2007

VERY Cool! Simple, easy and it gets the job done unlike others I have tried with line after line of extra junk code. Thanks for such a great code.

Renee September 13, 2007

Thanx heaps!! Got it working straight up! Saved me heaps of time. Cheers 😉

greg September 13, 2007

great code! agreed to password protect a site without knowing how to do it. this makes me look good. 😉

Dave Clarke September 13, 2007


I am not very good at php, adn wa wondering if you could show me how to edit the script so it checks mysql db for the user and password rather than a preset one!

waldir September 18, 2007

I would like to have a form for registration on my site, where user would inform login and password, and they would have automatic access to the protected directory. How could I do it? Thanks.

badgirl September 19, 2007

Thank you so very much for writing this script and for making it so easy that even I could understand it. It worked perfectly, and I am using GoDaddy. I was even able to put it right into a the look and feel of my website. And my site uses CSS. If anybody needs help with getting it to work for them, just let me know. If I can do this…anybody can do it. 🙂 zubrag you totally rock!

soojan September 19, 2007

that's grt man… it worked fine ! thanx dude.

ncarrier [anti-spam] hotmail.co.uk September 21, 2007

This did not work for me 🙁 spend ages on this and it still would not work followed every step buy no luck

Eduardo September 22, 2007

Muito obrigado pelo script! Será muito útil para o meu site. Obrigado amigo!

Thank you for this script! It will very useful to my site. Thank you friend!

September 26, 2007

This is an awesome script. I can't thank you enough for creating it!!!

amber September 26, 2007

my boy chris from akron gave me the web site and forgot to give me the password can i get it though

October 1, 2007

Very Nice!!! Thanks!!!

October 10, 2007

Hi Zubrag.

Is it possible to rename the html pahaes to php to be able to use this script?

bram October 10, 2007

is there a way to use the forms with a 'GET' method and not 'POST' because I have another script on that page and in won't work if there is another form with a post method on that page :s

rs-knights [anti-spam] hotmail.co.uk October 14, 2007

i'm having problems trying to add more users could you give me an template/example? of 2 users



Jaffa Designs October 15, 2007

This is a great script that is easily integrated into full HTML/CSS sites. Well written and easy to understand…Thanks Z — Jaffa Designs (Australia) http://www.unaking.com/password_protect.php

asta October 15, 2007


How do I do this (similar to earlier post):

— make access to protected web page transparent to reader of an eBook ie. the reader just clicks the hyperlink ona eBookpage referencing external protected URL, withour having to, enter user id or passwords!

Reason is to prevent accidental stumblers onto my webpage but allow book readers to access via hyperlink, without requiring them to enter the password.

Can the password be auto-supplied forexample,maybe likeso:


so that reader doesn't have to be bothered by it?

asta October 15, 2007

I found the answer digging in the forum. Awesome script. Thanks……

AC October 15, 2007

Great Script, thank you for sharing it and being so helpful.

October 17, 2007

Can this script be used as a registration option, so that when users come to my site they can register themselves, get a username and password and then login into the site, instead of me having to create a username and password everytime. This is a super script which is why i'm asking if more functionality can be added.

julian October 22, 2007


id like to set up the password within a box in my site. im using iweb, so its simple to add the login script as a box in the page (i.e. my home page) but once a user enters their details, id like the page to open in a new tab or window. how do i do this? so what id need is code to tell this to open in a new window once login is complete…i can simply add the page with the generated code into the page.. should be easy i think!

Demortes October 23, 2007

Excellent addon to protect my osCommerce admin tool. I love it so much, you are a genius. Saved me the time to learn this type of stuff. I just included it in the header file that is used all the time in the administration tool.

Bob October 24, 2007

fantastic add-on took less than an hour to reconfigure and password protect the admin area. Cheers!

October 26, 2007

this doesnt work it display tons of junk and im really mad

October 31, 2007

when the page refreshes it again asked for username password…

kalobaharon [anti-spam] yahoo.com November 6, 2007

please i don't understand it properly thank may God bless u.

Robert November 8, 2007


Grate script thank.

Is it possible to make chackbox to decide weather to use cookies or not. This will be great function for me.

benjus [anti-spam] alice.it November 10, 2007

Hi… first of all: sorry for my bad english! (i'm italian) i've tried this script but it doesn't work…i upload the php file, then open the help section… i login and when i press the button to enter, it appears a blank page… why? help, please!

benjus [anti-spam] alice.it November 10, 2007

Now i've solved the first problem, i've obtained the php include string… the problem is that even if i put the string on the top of the page code, the login for doesn't appear… and i don't know why

Raine November 14, 2007

Hey! I figured out how to create a link to previous page on a subdirectory and you can enter back to your password protected page without logging in. It's easy to do with javascript.

<A HREF="javascript:javascript:history.go(-1)">Previous Page</A>

Note: this will only work if had you previously logged in, as script remembers password until browser is closed.

lol November 19, 2007

epic fail.

JT November 25, 2007

I'm trying to get the Web Page Password Protect script to work for me. I've followed your instructions and had it going on the first try, but messed up at some point. So started over. Now, every time I get this error message on the page I'm protecting after inputting my specified user name and password: "Warning: Cannot modify header information — headers already sent by (output started at /home/content/d/o/r/dorjecontem/html/Download.php:3) in /home/content/d/o/r/dorjecontem/html/password_protect.php on line 137

What's gone wrong? I simply can't repeat my initial success (which I botched by trying to style the password protect input page to more closely match my site). Thanks. I'm soooooo close!

November 25, 2007

For me scripts don't work

frankie.soliz [anti-spam] yahoo.com November 29, 2007

can i watch tonights game?

bachi November 30, 2007

hi can any body tell me what is the password for this script?

thank you

bachi November 30, 2007

if we upload all our php files in to our server. then how the browser onen our site with out asking the p/w. and i want any body open my site and i dont want to give the permission to save or print my web pages.. can any body suggest for this?

December 3, 2007

looks nice but doesn't work. didn't have time to figure out why, but needs some work. tried it with php and html doc. just goes to protected page with now username or password page. let us know when its fixed. would like to try it. thanks

flash December 3, 2007

i've tested this script every which way an it fails miserably, as has about 75% of the scripts that I test on the net. When you type …password_protect.php?help, you do not get a valid output for one. Too many errors to list here.

Brian December 3, 2007

script does work with firefox. include


That will suppress the errors coming through and make it so you can put it before the content of a page in the include so when the right password and login has been entered you can then see the rest of the content.

Davo December 4, 2007

Disregard flash's comments. I have uploaded password protect on my website and have it working nicely.(even with firefox) Thanks to everyones help on the forums I have tailored the code to suit my site.

baboo December 4, 2007

Works great for me! Verified in IE, Firefox, and Opera.

'flash' why don't you post a topic on the forum? They will help you to get it setup correctly.

December 14, 2007

Works great! Thanks!

December 20, 2007

Love this program. Thanks.

tuaans [anti-spam] gmail.com December 23, 2007

thanks you.

besi [anti-spam] mailbox.co.za December 29, 2007

i would like to try this but is having plain text passwords on a script safe at all? why are passwords not in msql database and encrypted?

Jill January 4, 2008


noemail [anti-spam] hotmail.com January 4, 2008

many thanks!

January 6, 2008

the password and id # doesnt work

January 6, 2008

the password and id # doesnt work

Banning January 8, 2008

this script is hot and works 100% i've been using it for awhile now… i pull all my stuff from a database… if you need help on connecting this script to a database just run a search on this page for mysql or database and up towards the top in 2006 zubrag was kind enough to help a fellow out with connecting it to a database and that code has work perfectly for me.

hawkeye0386 [anti-spam] gmail.com January 14, 2008

The script works great! But where I work, they want some form of a logout button. I just don't know how to code it to work with the script. I can get it to close the window, but then it doesn't delete the cookie.


Orlando January 14, 2008

Do you have codes that may be added in html files to be protected? i'm using html codes in my page. Where in this site can i find such, if any..

rohen22 [anti-spam] gmail.com January 14, 2008

Awesome script! I'm trying to use it as a redirect, so far so good!!! Thanks!

ivo [anti-spam] paximadia.com January 15, 2008

I do not want a user/password combination, but just a password. According to the description, I would need to change the user/password combination to just a password (starting from line 51). But if I do, I keep getting two fields to fill out, instead of one. Anyone any ideas what I could be doing wrong? Other than that, great script and thanks to the very clear explanation also customizable for a non PHP-person like me!

ivo [anti-spam] paximadia.com January 15, 2008

Sorry, after I submitted my previous comment, I saw that there is also a forum. And there it was explained: in line 58, change 'true' to 'false'.

Ali January 16, 2008

This was exactly what I was looking for , but I am having a lil problem; The cookie doesn't seem to work. I have cookies enabled so I am wondering what I am doing wrong. as it is I am required to log into each page I navigate too. Are there any other settings I need to put in?

Hartmut January 16, 2008

I love it. Simple and effective.

You made my day.

SleepinDevil January 20, 2008

You guys do realize this script is very primitive and very insecure.. Also its almost 2 years old now… Since you all use PHP head on over to www.php.net and read the online documentation for SESSION_START() and learn how to use PHP Sessions. They are much more secure and much more versatile!

-Ragnarok Server PHP & Database Admin

Gerard January 21, 2008

Great script , thanks for sharing.

big_djg [anti-spam] yahoo.com January 21, 2008

i need sum help with setting up the password on my webpage… im reading wat to do but i dont get it to well. Can someone please help me my email:is Big_djg@yahoo.com

dave January 23, 2008

include("' . str_replace('\','\\',__FILE__) . '"); ?&gt;');

That doesn't look anything like what everyone else put up… solutions?

rchamberst2 [anti-spam] hotmail.com January 23, 2008

I am trying to password protect a webpage. I am using frontpage 2003 can I use this code and if so how?

NELSON January 23, 2008


saif_phy [anti-spam] yahoo.com January 24, 2008

This code is fine but password is case senstive. How can I make it otherwise

January 29, 2008

Thanks for this. Fantastic.

azrobert [anti-spam] cox.net January 30, 2008

Having Problems getting include line

saved password_protect.php to server but hwen i enter the path and /password_protect.php?help

It comes up with a login box and won't recognize my passwords or users


January 30, 2008

I have found the solution to the logout not working with the back button. Re direct it to a blank page that contains a link with the Javascript code (<a href="javascript:window.close();">You Must Click Here to Finish Logging Out!!!!! </a>) to force browser to close. This is a simple way to remind people to close the browser

denroy [anti-spam] activeice.co.za January 30, 2008

Hey, this is a great script,but i have a bit of a problem. all my username and password are stored in an database and although i am linking to the database correctly i cant get into the desired page.

all my user deatails fails to log me in correctly

Patel January 31, 2008

Hi Zubrag,

Great script. Just what I have been looking for.

I am trying to redirect the page in the event there is an invalid login/pwd to the original page I place the login and pwd. How would I go about doing that? I am able to redirect to the right page if the login/pwd is correct. I tried below code and did not work:

if ($check == "Ok"){

header('Location: http://localhost/containertrucking/websitex/menu.html'); die();


header('Location: http://localhost/containertrucking/websitex/index.html'); die();


Thanks in advance for your help.

Paige February 1, 2008

I love the script! It works perfectly. The only question I have is, can you customize it? By that I mean change the colors of the log in interface? (eg. background, box color, font, etc)? And if so how could I do that?

February 3, 2008


I tried the script and after a few modifications and tries, it worked great !

Just my thought though, wouldn't it be better, instead of redirecting user to an embedded html inside the php, to just ask them using a javascript?

john [anti-spam] cleanexpo.com.au February 6, 2008

The script works fine — thanks — but how do I set it to log out? At present if they move to other page son the web site they can just re-enter the password protected page and it is not until the browser is shut down entirely does it then prompt for the password again.

vishalgaurav01 [anti-spam] gmail.com February 18, 2008

Yeah, Good Script,





tes February 18, 2008

great script! thanks!

jonnovello [anti-spam] yahoo. com February 18, 2008

So, how secure is this script? I have a client who wants a password protected page that allows users to download his software. It would be nice to know that what I'm using for him is basically secure.



johnstell [anti-spam] interstellar-solutions.co.uk February 20, 2008


Great script — works easy — just one thing though — not sure how to protect a second page when a user fills in a form on the first page and then is redirected to a second page?

What code do you have to use again on the second page — it isn't quite clear?

patelgasagency [anti-spam] gmail.com February 20, 2008

Big Hello,

thanks for the work done by the pioners of this site and the way the work has expanded in the grounds back home. will like to appriciate the work done by all of you for us and the community to be rooted to the ground and trying to bring the feeling of togtherness and unite the people of entire samaj.

s-barrick [anti-spam] suddenlink.net February 21, 2008


Will this php script work on a Windows IIS server? That is where my site is that I would like to add this script. I know nothing about programming, but this script looks like it is just what I'm looking for…



Artix February 22, 2008

Who can help?

Some one is inserting his index.html in mai webpage…and i have changed my password..i-m using an php script…if someone can help me it whould be nice…

brandonc503 [anti-spam] yahoo.com February 25, 2008

Hey, great work btw. I am trying to get the user name from cookie but seems to be encrypted, which is great, but how would i go about decrypting it. thanks.

February 26, 2008

Great Script!!! you saved me from putting too uch time into doing it myself. Just a question If I front end the pages I wish to password protect with this, I should be able to specify session variables pulled from the mysql db and propagate them to the page being protected, that way the app can carry a variable on the server side such as username that can be populated to the protected pages.

February 26, 2008

It is not working for me. Can anyone help? I put the script under test folder and created a simple html page and included one liner. I am hosting at godaddy.



clabinger [anti-spam] sbcglobal.net March 3, 2008

Is there a way to use this script to prevent access to other files (such as images) by people who have not entered the password? OR: To prevent viewing of subdirectories on the website (Index of /folder)?

Thanks in advance.

March 4, 2008

is it free

uvex_ [anti-spam] hotmail.com March 4, 2008

Can u add a function, so that we can change the password, without editing the code??

March 6, 2008

<QUOTE>jonnovello [anti-spam] yahoo. com February 18, 2008

So, how secure is this script? I have a client who wants a password protected page that allows users to download his software. It would be nice to know that what I'm using for him is basically secure.



I have the same concern. Everything I have read says that simple password scripts are not really secure and are easy to by pass or obtain passwords.

How secure is this program? Does it really protect personal information contained in the protected page?

karl [anti-spam] nilsen.as March 12, 2008

Thanks for a nice script.

Just what I needed, password for reading the internal sites.

Thougt of contribution info — i would have contributed!


grahamson.1 [anti-spam] hotmail.co.uk March 13, 2008

hi and i am fron sctland and i am finding it really hard..

wat i am trying to find out is how can i make a box saying pass and a box saying uuser name and submit. and when u get the pass right u go to anuther page.. ?

please some one help me

Antispam March 14, 2008


Thanks a lot!

Pola March 16, 2008

This worked like a champ.Cannot be enough thankful to you.Great work.

infoATflutelab.com March 16, 2008

The script could not be opened in MSIE or FF. So how can I resolve the code to paste? Maarten

ScrumpsNet March 17, 2008

Very cool Script!!

Thanks for posting.


With some Usernames and Passwords combinations after login I need to re-direct them to another page. How would you implement script like that into your current code structure?

March 20, 2008

This is a dumb website it doesnt work at all

Kerry March 24, 2008

Using it to protect my live xampp server root.

Thanks a bunch 🙂

rajibhossan [anti-spam] yahoo.com March 25, 2008

I need advance php tutorial

bachanal [anti-spam] ntlworld.com March 25, 2008

Thank you, thank you, thank you! I am a designer struggling with coding and "programming" stuff! Would you believe that after days of searching the web, your script was the ONLY one I understood and could use! I am so grateful! I have registered with your forums for the future. Great — Diana

March 25, 2008

Thanks sooooooooo much for this I have been playing around with .htaccess this little script is fanatstic

March 25, 2008

wonderful script — works perfectly — and I've never used php before — well done! V grateful!!!

ursus [anti-spam] giterental.com March 28, 2008

Excellent script, easy to set up and works well. Thankyou. Ursus the Bear.

Sena March 30, 2008

Thank you so much!!!! It works perfectly 🙂

KarlKaluns March 30, 2008

How good is this script? Is it "hackable"?

Sam March 30, 2008

I have a way of making it work in html

Just put

<iframe src="the/path/to/password_protect.php"></iframe>

Sam March 30, 2008

EDIT : the HTML can only do this if the path was like


and not a root path

JFD March 31, 2008

To those who were asking how to always require login, just change the timeout minutes to an extremely small value (ie .001).

Rick April 1, 2008

I am using the login and password name fields to access a protected web page. If I add a wrong login(username), password or both and press "submit", I get a display of "Incorrect password". Is any way to improve the code so that if I add a wrong user name but correct password, it displays "incorrect login(username)" or if I add a correct login(username) and a wrong password, it dislays "incorrect password" and if I add a incorrect login(username) and a incorrect password, it displays "incorrect login(username) and password". I tried to manipulate the code but failed to get it working.

alexandernewman19 [anti-spam] comcast.net April 7, 2008

I need some help, I haven't the slightest idea on how to do this, I get the form on LOGIN and Password, but I don't know how to set the information for it. When I do I get 3 errors, would some one help me step by step, php codes are my weakest area in coding things and building webspage thats why I stick HTML.

reckylawalata [anti-spam] yahoo.com April 9, 2008

script yang hebat dan luar biasa. sangat membantu dalam aplikasi yang saya buat untuk kantor kami. terima kasih dan Tuhan memberkati

Jakoma April 10, 2008

Im using freewebs for my website and i just wondered wjere to put the script

and also i cant get the code

spawnkornfreak [anti-spam] yahoo.com April 14, 2008

great work!!!

but how to add the users login name to my page?

for example i want to add their login name right after the logout button… also is there a way that we could add a visitors log?

silentgaia [anti-spam] gmail.com April 16, 2008

for some reason, when i paste the php code onto the page i want to protect, it wouldnt work. Can anyone please help me? I've done everything.

rmist April 16, 2008

silentgaia, is the page you are trying to protect a .html file or a .php? It should be a php file. Also is the php code pointing to the correct place where the script is? If the password_protect.php file is in the same directory as the web page you are protecting, you can just put the path as password_protect.php

Hope that helps

April 17, 2008

Thanks !!!! I really apreciate a lot this script.

novoshare [anti-spam] gmail.com April 17, 2008

Thanks !!.

I have found more in two interesting sources ( http://filesfinds.com & http://fileshunt.com ) and would like to give the benefit of my experience to you.

April 19, 2008

1 million thank yous!!!

Christian April 19, 2008


I tried this script, but doesn't work for me, help please :(!


harismol [anti-spam] pollux.gr April 19, 2008

u saved my weekend with this great script. Thank you very much

etaxero [anti-spam] gmail.com April 21, 2008

This script worked AMAZINGLY well… I am learning php and this helped me out so much!

croz April 21, 2008

wont work for me, getting message "A file permissions error has occurred. Please check the permissions on the script and the directory it is in and try again."

Any ideas? I am pretty sure my directory is correct

admin [anti-spam] arperture.com April 22, 2008

http://sphider.arperture.com — Arperture Search uses this script. 🙂

April 22, 2008

This is great! I was having so many issues with security — and this will take care of it. Thanks so much!

jm April 26, 2008


meliej April 27, 2008

you are incredible! this script is great and i really, really appreciate you sharing it, especially for free!

general [anti-spam] benbaxter.co.uk April 27, 2008


I've placed the pass protect php file on the server and added the code to the top of the php file I want to protect — but when I link to the latter it goes straight to it without asking for any login details?

What am I doing wrong?

badinfluencedj [anti-spam] hotmail.com April 30, 2008

hi zubrag..Great script..just wondering if i could pick ya brain,as im having a bit of trouble…i uploaded the script to one site for testing.and it worked great.not problems at all..but as i copyed the folder and pasted to new site..it seems to have gone wront..

i made sure i delete the note directory folders that are always created.but i reckon i have missed somethink….the error message i get is___

e:domainsddnbupload.comuserhtdocsuploadsamplesloginlogin.php on line 67

if you could help that wood be great..look forward to hearing from you..and thanks a heap for the scrip..ITS PROPERRR..

Caelan May 4, 2008

I was wondering if you could include a demo on this page so that I (and others) could see it in action before I download it.

Thanks 🙂

Nisho May 4, 2008

This code is ******* amazing… im speechless. But i keep getting this error:

Warning: Cannot modify header information — headers already sent by (output started at C:wampwwwindex.php:8) in C:wampwwwpassword.php on line 141

I have tried to read some of the 1000 of comments above, and i have tryied to include that line of code at the begenning of the document, but it didnt work out, i think im doing something wrong… can you help me guys?

Thanks alot…

Nisho May 4, 2008

Ah i just added the // (comments) on line 141… and it has stopped showing that. but im just wondering if it would cause a problem ? i havent really gone through the code and im not that advanced in php yet, so if someone could tell me what does that line do and if its problematic to remove that line. the line is:

setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

sergeyp [anti-spam] mac.com May 6, 2008

Great script, I must be having a problem each time i go between pages that are protected or want to refresh, it forces me to log in again. Is this a problem with the cookies?

Matt May 7, 2008

wow, amazing, works a treat, THANK YOU.

Dan May 9, 2008

thanks a lot thats was what i was looking for >< , its easy to use and usefull

andrew [anti-spam] aeonianrock.com May 9, 2008

hey sweet script man. Quick question. How can I determine the user name that is logged in? I have users who will submit a news post, and i want to insert the user id of the person logged in that is posting. It appears you are hashing the user with the password. This would be great if you could help.

Scott May 12, 2008

Hey, I have a Ning social community with about 600 members and I was thinking of adding some special features for select members using this script. Is there an easy way for me to implement this for my "premium" members?

May 13, 2008

Excellent! Thank you!

May 13, 2008

This works perfectly. And it requires very little maintenence to get the VARS right.

May 14, 2008

I've got a question: Whenever I put in a wrong password, it gives me a message about the incorrect password as expected. However, when I put the correct password after that does not allow me through? Anyone have this issue?

kukla [anti-spam] omen.ru May 16, 2008


marlon.s.r.morrow [anti-spam] gmx.us May 19, 2008

The code does not work for me. can you please email me and help me? marlon.s.r.morrow@gmx.us

joshkin20 [anti-spam] yahoo.com May 20, 2008

I have a basic question on this script. I have specific pages (with submission forms on them) that I want each individual user to be able to see. Any solutions?

May 23, 2008


telo May 28, 2008

the issue related to generating new accounts:

the problem is in this file—> scripts/sb_login.php on line 171


function redirect_to_url( $relative_url = "index.php" ) {

$baseurl = baseurl();

header('Location: ' . $baseurl . $relative_url);




replace with this:


function redirect_to_url( $relative_url = "index.php" ) {

$baseurl = baseurl();

//header('Location: ' . $baseurl . $relative_url);

echo( '<meta http-equiv="refresh" content="0; url=' . $baseurl . $relative_url . '">');




pcphil1 [anti-spam] blueyonder.co.uk May 28, 2008

Thanks. This looks like a great script. I have not used it yet but intending too soon. Quick question though. What if someone does a right click and view source on the web page if the web page is not right click protected that is. Will they see the username and password needed to enter the site ? Just a thought. Thanks again anyway.

mkiper [anti-spam] unomaha.edu May 28, 2008

Thanks for a wonderful script. It was very helpful to me. Your instructions were very clear and the code works great.

daniel June 2, 2008


AL June 3, 2008

Spot on. Quality script. Clear instructions.

frisoleder [anti-spam] gmail.com June 5, 2008

Isn't it smarter — just in case you're stupid and lose the included file — to use require() instead of include()?

With require, the rest of the script is not executed when the file isn't present. Include will continue nevertheless.

Great script, still1

carsonfire [anti-spam] gmail.com June 7, 2008

Works great, except when my host switched from PHP 4 to PHP 5, it suddenly is back to requiring the password on every page.

test June 8, 2008

How to password protect just one page?

The context is a puzzle game, where if you enter the right password, you get to see the next page. Any suggestions?

linuxcu [anti-spam] hotmail.de June 13, 2008


I will use and recomment all my friends.

Thanks again

prestley10 [anti-spam] hotmail.com June 17, 2008

I would really like to use this script! But maybe for a different purpose. I have a membership site, and as a promotion, if someone signs-up for the mailing list, the can use a program. But I would only like them to be able to use it once if they have purchases a membership. I provide them the username and password. Can you edit this script so when the person uses the program once on a page, it no longer allows them to use it again? I hope this makes sense.Please help me. I would be so grateful.

nazmul_imm [anti-spam] yahoo.com June 18, 2008

i can't use like this way

<?php includ …..



<what ever…..


teocomi June 19, 2008

thank you very much! it works!

fluorescente [anti-spam] gmail.com June 21, 2008

I can't get it to work getting passwords from a database without users.

I explained in the forum. I really hope you or someone can help me.

Thanks in advance

ascemilas [anti-spam] hotmail.com June 24, 2008

About Redirect to other web address // html code —


sjb2000 [anti-spam] blueyonder.co.uk June 26, 2008


thanks for the code. I down loaded it a few days ago and have it working ok on my site. My only problem is that each time I move to a new page I have ti input the login and password again.

I assume it is a problem with cookies, but have allowed them. I have also tried to four different computers, same problem.

Any advice welcome.


Secret June 29, 2008

I need help, im not good with programming, i think i have done it so far on my website it ask for password, when i enter password it goes back to my page, how do i create page forit to go to, like images? Please help me im lost

July 10, 2008

wat is the id n password?

phoenixagent013 [anti-spam] gmail.com July 14, 2008

good luck

phoenixagent013 [anti-spam] gmail.com July 14, 2008


July 18, 2008

genius stuff: I had never worked with php scripts and thanks to the clear instructions I got it up and running in 10 minutes. Thanks mate

euripides1 [anti-spam] hotmail.com July 19, 2008

Hi, this is a great script, question — I’ve been using it for some time now and it work perfect, I was using it to lock the pages in a particular folder now I have another folder that I want to lock but I want to have a different login design page but when I try it even before implementing my design just the pure code from the script it does not work..

So the question is: does the scrip only work once per domain?

Like I said I have implemented it for a particular folder with it's own login design that represent that information once in, now I wanted to use it for another folder with another login design that will represent the information that will be in the pages after login..


Ann July 22, 2008

wow… thanks a lot! it's easier than I thought. But one more thing, can I track who've been locked in. Like.. can I find out who viewed the page?

JRpassions Photography July 29, 2008

Awesome code — I do not know jack about php, and I have been searching for a code for our photography site. Thanks to you, our clients can be sure no one other than them will access their galleries filled with hundreds of images!

July 30, 2008

Excellent! Easy! Effective!

Dfender July 30, 2008

I need help, I want to protect an .asp document, is there any way to protect an asp document? what can I do?!

July 30, 2008

only one question

how do you open the script in help parameter??

where is the help parameter?

chris July 31, 2008

I like this; it's simple, effective and worked first time. Many thanks

Manuel August 2, 2008

Is there an easy way to make the passwords available one time only?

Deepak August 4, 2008

It's simple and effective one.Great work.

iowieiwie [anti-spam] one.lt August 5, 2008

very very good work !!! excellent !!! thank you !!!! :****

August 7, 2008

Hi, It seems zubrag disappeared around 2006. Does anyone know how I can set it to work with a guest registering an email as username and a fixed password, then email me so I can authenticate the user before allowing access.

That is I dont really need to the secure the page so much as to see who is accessing it.

That is, if I dont know who is accessing certain pages they cannot see those pages.

My apologies if I am way off the mark here, new to this.

Phillip August 11, 2008

Thank you so much for the free script! New to PHP,couldn't have done this myself just yet:)

Rob August 12, 2008

Just what I needed. Very simple and good working script. Thank you.

Brian August 12, 2008

Can i modify this to adapt as a wordpress plugin?

krister [anti-spam] knutars.com August 18, 2008

Excellent solution dude!

Works like charm right out of the box.

Thanx a million 🙂

jeff [anti-spam] syntaxproductions.net August 22, 2008

This kicks $#$. It was the only way I could protect my file upload section as webDAV and htaccess wouldn't work. Thanks A Lot!

milisku.09 [anti-spam] gmail.com August 22, 2008

Thanks for the scropt, it's very usefull

terry54661 [anti-spam] googlemail.com August 28, 2008

great script it works really well but I can only use it on its own page. How would I get the script to be within a page on my site? i.e when people browse around its always on a page somewhere?

pdguimaraes [anti-spam] gmail.com August 30, 2008

thanks man… you just saved me a precious day coding something already lovely coded ! my only suggestion is to all future users is to keep the script out of the host root to avoid password detection in case of apache failure. greetings from portugal !

g. September 5, 2008

excellent script, thank you!

I will use it for multi-user with different pages for different users, as you instructed above

[zubrag August 17, 2006

if you want to grant access: user A — webpage A; user B — webpage B, then this can be accomplished as follows. Copy password_protect.php to protectA.php, and include protectA.php in webpage A. Copy password_protect.php to protectB.php, and include protectB.php in webpage B.]

and I noticed that if you add the same user/pwd to multiple scripts it will be able to open all the pages (protected by different password_protect.php) without re-login. so you can have pages common to multiple users, and others exclusive to single users; or common to different groups of users. excellent.

ukarage [anti-spam] yahoo.fr September 5, 2008

did all you said to do but … when I type the url of my page, no password prompt appears, only my php page …

jennifer September 5, 2008

I'm getting this error:

PHP Fatal error: Call to undefined function: php include()

hermit_au [anti-spam] yahoo.com September 8, 2008

Thanks for the script. How can one change their html web pages into php pages?

ziondatamatics51 [anti-spam] gmail.com September 9, 2008

I am yet to write my first eBook. I had been postponing it for quite sometime now for some reasons or other. It is not I schedule even for next one month.

josh September 11, 2008

thanks a lot man, this is an awesomescript

chriskaub [anti-spam] yahoo.com September 11, 2008

I want to set up a one word password where visitors to my site can enter it in to continue to my next page, how do I write the script and what is the Source Codes, Body and Object Events???

September 12, 2008

This is awsome! It works so well! I used to have this bad one, when you looked at the source, it told all of the usernames and passwords!!!!

hennern [anti-spam] hotmail.com September 14, 2008

Thanks a million!!! Just what I needed…

Johnny September 16, 2008

Need to password protect the whole site not just a page…any ideas

Rick September 18, 2008


Add the line of code to each and every page on the site.

September 18, 2008

it doesn't work with explorer 6 and 7.

what can I do?

Rick September 19, 2008

Can you describe "not working" in more detail?

My "not working" problem is actually "working too well". IE 6 and 7 require the user/pass for every page. I assume that's because IE is not properly handling the session cookie. I have tried the obvious security settings in IE with no luck. Still working on this.

If your "not working" is that the page is showing without a password prompt, this is most likely caused by an error on the path to the script. BTW relative paths DO work OK. "./password_protect.php" works just fine for me.

September 26, 2008

hi zubrag,

I have small media community in my neighbor, i setup some pages on my server for them to stream media on demand using WMP activex.

Here is my server structure…

index.php -> stream catalog -> (on of the stream of user choice e.g) stream07.php (protected)

here is the scenario

1- 1 login per ticket (username) no account sharing

2- login count e.g. user can login specified number of time. e.g a ticket has only 3 login opportunities and will expire after third login.

3- timer countdown on protected page e.g 30 min after that the page should close itself or refresh and log him out and redirect him to catalog page so he needs to re login to view page again or choose another stream.

Thanks in advance

October 2, 2008

This isn't a support forum. Go figure it out yourself.

To zubrag – cool script!

Air^Wolf October 9, 2008

Hi Zurbag,

i keep getting this error after i login "Your submission could not be processed because a security token was missing or mismatched." but when i go back to the main pag with the link and click the link for the protected page again it loads perfectly !

Thanks in advance

Air^Wolf October 9, 2008

Hi Zubrag,

i keep getting this error after i login "Your submission could not be processed because a security token was missing or mismatched." but when i go back to the main pag with the link and click the link for the protected page again it loads perfectly !

Thanks in advance

www.rapidz.tk [anti-spam] gmail.com October 12, 2008

thank you

GCW October 13, 2008


The script works great except if I logout in FireFox 3.x if you go back to login it does not require a username and password. It works fine with IE.

Also I signed up for the forum and have never received an verification email.

sohsowski [anti-spam] gmail.com October 14, 2008

Does anyone know how to "rebrand this" by adding the script in a webpage already made?

Jason October 14, 2008

I'm interested in using this script for multiple users. I read and understand the post describing how to use multiple directories. My problem is I need a login link on my homepage and want the script to redirect users based on their username/password. Is this possible?

Jason October 15, 2008

Oops… I posted my question in the wrong spot. After searching the forums I was able to use this code for multiple users.

sethp1234 [anti-spam] gmail.com October 16, 2008

what about doing the same thing for


Jacpar October 18, 2008

The script loads very my following page :


On that page, I have a link as follow :


When I click on that link, the password is requested again. I don't want that request coming back !

Is there any solution in order to not repeat the login ?

glanz October 18, 2008

I cannot get it to work. Screen flashes then red letters "Incorrect password" appears. I did everything exactly as you explained. Domain is a_name.info which should not matter? I am close? Thanks,

denis October 22, 2008

how work this script

James October 28, 2008

Does anyone know how secure this method actually is? Just wondering. I have used this on my site and I am just curious. I know some types are more secure than others…

Hmfpa October 28, 2008

This thing is 100% secure except for brute force attacks. Thanks

November 7, 2008

works great, thanks

kassalemb2000 [anti-spam] yahoo.com November 8, 2008

My name is Kassalem.


roccosirocco November 9, 2008

You just made the Internet a better place with your addition of an awesome script.

Thank you, it's simple and perfect.

November 9, 2008

Thx for this great script!

mr.3rbje [anti-spam] hotmail.com November 11, 2008

Thank you


jassikhalsa07 [anti-spam] gmail.com November 12, 2008

i am jassi

November 14, 2008

Is there a way to only allow users to try login three times before they are locked out?

psalpren [anti-spam] pacbell.net November 14, 2008


I am trying to download your Webpage Password Protect but am getting Microsoft Picture It Photo 7.0 instead.???? Is there an easy way to hide the script from a “logon” page that shows the user names and corresponding passwords? I have been trying to place the necessary script along with what I need to delete from the logon page into a .js file but I can’t seem to get it to work. I’m not sure that what you have for download (everyone is pointing me to this page) is going to do the trick, but I’d certainly like to try it.

Thanks for any response.

Respectfully,Paul Alpren

sad November 17, 2008


misfit November 22, 2008

i dont understand how it is done, can someone explain thouroughly ?

jan November 23, 2008

Great script!!

geo November 25, 2008

This is pretty neat. Thanks very much, any idea why it asks for password twice though?!

geo November 25, 2008

Forget that last comment. I put the code in twice silly me. This is the best.

M-00-O-00-M [anti-spam] HOTMAIL.COM November 25, 2008



http://if.web.id November 26, 2008

Thanx for this great script… i use it for my rapidleech.

Orlandoech December 2, 2008

Is it possible toadd redirection based on user login?

I.e: ABC logs in and goes to /ABC.html and XYZ logs in and goes to /XYZ.html

elc December 2, 2008

Nice little script. But I advise folks to disable the help feature once they have it deployed — otherwise passing the 'help' parameter to any secured page spits out the path to script, which probably is not desired.


// allow 'help' parameter to display path to this file?

define ('ALLOW_HELP', false);


if(ALLOW_HELP && isset($_GET['help'])) {



bin December 4, 2008

Thanks a lot for this script.. Is there any option to get a log for each user login?

swatidhanta [anti-spam] gmail.com December 10, 2008

I am a good author

roberts_studio [anti-spam] hotmail.com December 10, 2008

This might be good for programmers but there are no instructions that mean anything to us amateurs

Confused December 12, 2008

password_protect.php only work with zubrag/root username password login pair. When i change it to something else then it gives me an error saying incorrect password.

December 14, 2008

This is super! All these years later and I still found great use in this script.

Irina December 16, 2008

zubrag, I want you to wake up every morning and say to yourself: "I am brilliant!" 🙂 Coz you are! Thanks for writing this wonderful script and sharing it with us! And for goodness sakes, put PayPal donate button on here so I can send you some $$ for your efforts!!!

Dj — Web Creations By Z December 19, 2008

There's been a lot of talk about how to affect an elegant logoff scenario. Here's how I perform the logout.

I set up a separate page to say 'Thanks for using the system'. Prior to calling the password protect function, I set a variable, $logout=1. In the password protect script, I check this variable. If set, I assign the Timeout time to .001 (basically less than a second). The thank you screen is displayed and the user is effectively logged out.

Dj — Web Creations By Z December 19, 2008

I'd also like to thank Zubrag for making this script available. Although I am an experienced developer, I am new to web-based applications. Unlike in industry where everybody shares technical know-how, it seems that most other web developers regard you as their competition and are unwilling to do so. When I found this script a little over a year ago, it really helped me out and I have now used it in several applications. Thank you very much.

efendere [anti-spam] yahoo.com December 21, 2008

i need my password

December 22, 2008

Yeah. Totally didn't work. Worthless script written by an amateur.

December 23, 2008

Script works just fine. Just guy above doesn't know how to use it.

lol December 25, 2008


wallace December 25, 2008

Excellent work! Brilliant! Got it working in less than 2 minutes. Love the ?help and the logout feature.

December 26, 2008

Effin awesome!

clinton December 31, 2008

thank you. this work great.

David January 1, 2009

can someone please install this for me ? or is there instructions on how to do it ?

katie [anti-spam] towntek.com January 2, 2009

Thanks, this was just what I was looking for. Works perfectly.

Bailey January 4, 2009

Um… Its cool?…

Onlooker January 8, 2009

I am running a dynamic php website. I need to password protect about 10 pages, however, I am not able to allocate the php include at the very top due to the dynamic structure of the website. As a result of which I get a Warning: Cannot modify header information — headers already sent by … I can comment setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); — the warning disappears, but then then I am prompted to login each tome I click on a new protected page. Is there any way around it?

jonny January 10, 2009

Hi Zubrag! Great script, thx for your offer! But I have a problem now that never occurred before.

I had it protect a page in a directory A in my server area with credentials a1/a2. It worked fine, and firefox/IE kept the password so I didn't have to enter it all the time.

Then, today I protected another 4 pages in a different directory B in my server area, with common credentials in all four b1/b2, and now the browser (be it Fx, IE, Chrome, whatever) doesn't ask to keep the password in any of the pages —the one in A, and all in B.

So, I now have to provide credentials in each page, even during the same session.

I have the password_protect.php file in different locations in A, and B (i.e., I use different instances of it).

A, and B hold different websites /projects.

I'd be grateful if you or anyone else could assist me.

starnsun [anti-spam] comcast.net January 12, 2009

This program is GREAT. The best one I found and really easy to set up. Thank you for the great instructions, for this program and especially for continuing to publish it.

2daybiz January 13, 2009

Install and customize your own job site with the latest Job Site PHP Script. Posting and tracking resumes and candidates have just become easier and efficient. Upload multiple resumes using the resume builder, set visibility and priority for the employers to access it easily & precisely. Separate logins for job seekers & employers. (http://www.2daybiz.com/jobsite_script.html)

shawan.diu [anti-spam] gmail.com January 13, 2009

Web Page Password Protected web page is safe for all. I also did it! on ther other hand, my users also can brows freely but Avast anty virus represent that virus available! its just fake virus created by bloody Avast Antivirus!!

webportation [anti-spam] yahoo.com January 13, 2009

"Web Page Password Protected web page is safe for all. I also did it! on ther other hand, my users also can brows freely but Avast anty virus represent that virus available! its just fake virus created by bloody Avast Antivirus!!"

FOR DETAILS YOU CAN VISIT: http://www.webportationbd.com

savita313 [anti-spam] gmail.com January 14, 2009

Amazing Site I like it. It Was Quite Interesting NiceWork I appreciate the information you provided Excellent post. Keep it up! Good day!

jl-belter [anti-spam] wiu.edu January 15, 2009

Is it possible to get the code to make it you need to enter the password each time? Only because the stuff on the page I'm password protecting can only be seen by the workers. And I don't want someone on a public computer log in. Then someone else go to the website and click on it and see the information. Any help would be appreciated. Otherwise THANKS SO MUCH for the post/file!

Replicas79 January 23, 2009

Brilliant script, works just how I wanted without any complications

January 29, 2009

The script seems to work but it does not point on any web page.

What I need is this: I want to control the access of www.ppp.com. So when username and password are good, www.ppp.com sould open.

But username and password are good and nothing happens. I have a blank page.

drogg87 [anti-spam] yahoo.com February 2, 2009

can you send me a php code for search and login

lainbd.flat [anti-spam] gmail.com February 3, 2009

Your sub-domain will be also password protected http:www.lainbd.com luxurious apartment in Bangladesh

Prem February 4, 2009

Thanx for this great script…

February 6, 2009

how do you

A) log out?

B)make specific users go to individual pages???

bartman February 8, 2009

excellent script very easy to use. I'm a noob at this and needed to protact info on a soccer club site this was perfect.


rrsvghajni [anti-spam] gmail.com February 8, 2009


bolaji February 8, 2009

am a website designer, and am building bank page. i build bank account number and password. i want to use a specific number for the account and a specific letter foe the password. and i dont dont how to do that. i use html

Shabnam February 9, 2009

Thank you so much! I'm not great with PHP but this was a breeze to set up. :]

Thomas February 14, 2009

Great script. This was very helpful

rwm February 17, 2009

Thanks! This was so much more simple than other solutions I tried, and just as effective.


QA February 19, 2009

You might want to mention that Mac users can use the plaintext editor neXtSoft NotePad. Not sure if you're aware of that app.

thfc [anti-spam] hotmail.com February 20, 2009

Script is excellent — thank you!

bestbaby2love [anti-spam] yahoo.com February 20, 2009

hi guys i try this code and it is not working

February 20, 2009

This is a great script, I am using it to protect my site while it is under development.

Galoop February 20, 2009

Great Script and greater — how to — info

thanx alot…

craig_mb [anti-spam] yahoo.com February 21, 2009

What if a user loses their password? Can you add a value for the email to the array and a "send me my password" for folks who lost their password?

David February 22, 2009

Brilliant script, thanks! Fixed the issue with protecting my editing pages from inadvertant use 🙂

Noob Coder February 22, 2009

i have a problem on the signup.php part, everytime user registers an account it always say "Cannot add user to database"?

and im always getting this PHP Error

Warning: fopen(/home/a5017784/public_html/others/users.php) [function.fopen]: failed to open stream: Permission denied in /home/a5017784/public_html/others/signup.php on line 97

please help. . .(T_T)

February 23, 2009

I entered the code but it will not lode in safari or firefox can anyone help me

Tim February 23, 2009

I got this to work for a single user login but will it function for multiple logins where each user has a separate page that is protected by that respective user?

John February 26, 2009

Work's great. Easy as pie to set up and made some changes so it fits the look of the page. Fantastic.

February 27, 2009

nice tool works for me! i'm using abyss web server and php 5… http://outro.webs.com

KW March 3, 2009

This is fantastic! Thank you very much for doing this!

Jassim Raja March 4, 2009

Thanks much! It works great. I love it. Thank you for keeping it free and simple to use.

bcrossb [anti-spam] san.rr.com March 4, 2009

i have two protected pages,using two different user name. if the user wants to see page on, enters user name for that page( as defined in login.php), works fine. then wants to see protected page two by returning to main page, clicking "selection" box, login.php comes up blank. no option to enter new user name to see page 2. only way i have found to get around this is to start browser over. any ideas?

nice script!!!

flapdrol March 5, 2009

wachtwoord ???

Alan March 9, 2009

Hi, thanks for such a great and simple to use script

Jay March 11, 2009

i really dont understand about "help" parameter, any one can explain it abit more please. thanks

March 13, 2009

Hi — great script. How can I jazz up the sign in area a little — can I addd a .jpg for example under the username and password field? This would be tremendous because it would help me here but also on a larger proejct im working on (etoolreview.com)


March 18, 2009

I got to see the Username and Password protect sample By entereing /help on the end of my webroute. I also added the login name and password that I supplied and that Worked, I even had the code to enter on my very first line of the pages that I wanted to protect.

But it DIDN'T work for me on the actual webpage. It just pushed my mormally centered template over to the left.

No sign in form page appeared.

Your help would be appreciated.

Andrea March 21, 2009

TERRIFIC SCRIPT! Thank you for sharing!


the help parameter is simply giving you the include code. If you are familiar with php its a standard include with path to the file. put it as top line of code in your page you want to protect.


include ('path/to/nameofmyfile.php');


this uses cookies, you should use two different files for two different pages. Just put one user/pass for one file>save. Then put other user/pass > save as new filename. Then include the seperate relevant protection file on each page. Otherwise a user inputs a va;id login and can potentially have access to both pages, which defeats the purpose of what you are trying to do.

March 21, 2009

Great staff, it works like a charm

mahfuz April 2, 2009

can anyone post any script of adding contents(like image/text) to any webpage directly with administrative privilage.i want to edit my web page directly from net with my administrative privilage which means only i can edit (like adding image or text) my webpage directly from net but none.pls respond quickly.

mahfuz April 2, 2009

can anyone post any script of editing(like adding image or text)a webpage directly from net with administrative privilage.i want to edit my webpage directly from net that means no one but me can edit me webpages directly from net.please respond quickly..

Dwaybe April 2, 2009

Hello. I am doing this in Dreamweaver CS3. I have the php in my folder plus on my server. I am having trouble figuring out where to actually put my username and password for this to work. I am also having trouble figuring out how to link everything to my pages. Please help me ASAP 🙁

Steve April 5, 2009

For those who have problems with the script! IT DOES WORK, provided that you followed the directions! Re-read everything all over again. If you follow the instructions CAREFULLY step-by-step IT WILL WORK FOR YOU!

bunty_mana [anti-spam] sify.com April 6, 2009

i have use your password protected code but how can i creat the login id and password for different usser to view the different pages

for example : — when raj login he go to page 1

when rama login he go page 2

and any other login they go any other page which i define for them different usser different page

April 7, 2009

When I go to my php page, it doesn't have the password protection. I used the code from the ?help on the password_protect.php file, added it on the first line of my php file, no luck!

lennie April 9, 2009

Great script, trouble-free installation if you follow the well-commented instructions in the script.

Very much appreciated.


Mick April 9, 2009

Thanks Zubrag

Your work is appreciated, cheers!

zabboto [anti-spam] gmail.com April 10, 2009

Hello! I would like to set up a website where I could upload password protected music. Each password could only be used once to download the files…is there anyone who might be able to help me learn how to set something like this up?

[anti-spam] bcrossb April 10, 2009


annabiele [anti-spam] yahoo.com April 15, 2009

I have a pet, but how do I get a login?

April 17, 2009

Guys, this is insanely easy to customize and install…..i arrived to this page 10 minutes ago and the protection is working already…..THANKS SO MUCH !!!!!!!!!!!!!!!!!!!!!!!!

Alex Glynn April 18, 2009

I never post comments on this sort of thing but I must say this is absolutely brilliant.

aiehfi [anti-spam] yahoo.co.in April 21, 2009

supergreat! really very very great. it works really!!

Tochiman April 22, 2009


April 24, 2009

Amazingly simple. Yet awesomely built! Thanks!!!

April 28, 2009

so i am not really sure what I am doing wrong but after I enter my username and password I get this error:

Warning: Cannot modify header information — headers already sent by (output started at /mnt/netapp01/students/cpbanks/sushi/admin/dataOptions.php:2) in /mnt/netapp01/students/cpbanks/sushi/admin/password_protect.php on line 138

I'm taking a class on php right now so I honestly have no idea what that error means. Your code seems to work for everyone else so I am going to cross my fingers and hope it can work for me too!

DezB April 29, 2009

In relation to the previous post, I got the same error, any thoughts anyone??

This is an excellent script and is obviously very much appreciated by all who use it, thank you Zubrag

mark.juice [anti-spam] hotmail.com April 29, 2009

very good work! thanks for your script, so simple yet so powerfull!

rohcodom [anti-spam] gmail.com April 30, 2009

your script rulez! is simple and brilliant… Thanks.

garymcgill77 [anti-spam] msn.com May 1, 2009

hi there great script BUT 1 thing when i login i get Cannot find users list!

so i have to close it then re-open then i can see the content

nicholas.reed.web [anti-spam] gmail.com May 9, 2009

I am using password protect very nicely. It logs in ok to pages 1 and 2 that are password protected, however, on a third page, it asks for a login again. After loggin in to this third page again (as you are prompted to) you can access pages 1,2 and 3 without any issues.

So really, this is a case of double-login, which always occurs on page 3.

Page 3 is the page that does the database work, it recieves data through a POST in php.

aadnanheaven [anti-spam] yahoo.com May 12, 2009


Srikanth May 16, 2009

My soul dying will rest in peace after finding this excellent script which I was honestly longing for. It is God's gift through Zubrag.

emiliorruiz [anti-spam] gmail.com May 17, 2009

Warning: Cannot modify header information — headers already sent by (output started at /hermes/bosweb/web233/b2332/ipw.eruizfco/public_html/delta_77/biblioteca_digita.php:1) in /hermes/bosweb/web233/b2332/ipw.eruizfco/public_html/delta_77/password_protect.php on line 139

tranmkp May 21, 2009

good tool — how do I sync it with my existing db? only users that are paid up my access members area? Cheers!

Paul May 21, 2009

Thanks, this worked very well and was easy.

Thanks for the great script. May 23, 2009

Anyone with "Cannot modify header information…" error. In most cases this is due to UTF-8 encoding with signature. Use Notepad2 or equiv and change the encoding to UTF-8 (without the signature).

mrkips May 24, 2009

Thank you for this script. Simple to set up and very useful for protecting files.

May 25, 2009

Hi I found this page while looking for password protection.

I just want to password protect a download link on my site, is there a way for this script to work that way?


May 26, 2009

Another very satisfied customer

May 27, 2009

Hey thanks…it works great and only took 2-minutes to set up!

xmenx10 [anti-spam] hotmail.copm May 31, 2009

Wow dude, kudos to you, You should receive the —==FECES Awarard==— (for providing Friggin Easy Code for Easy Security), One questions tho, other than closing the browser (in an effort to make general users "happy", can I apply a button to 'Log Out', which basically forgets the authenticated user and requires a (re)login, if the user wishes to immediately come back?

amit.516 [anti-spam] gmail.com June 1, 2009


This is amit. I need a little help in making these php codes work. I am working on a project and I am jam stuck. If you could provide me help on this, I would really appreciate that. Man please help me as it is very important for me.

Please leave me a mail.

benjamin.frank [anti-spam] ymail.com June 1, 2009

It logs in ok to pages 1 and 2 that are password protected, however, on a third page, it asks for a login again. After loggin in to this third page again (as you are prompted to) you can access pages 1,2 and 3 without any issues.Thank you for this script. Simple to set up and very useful for protecting files.

Jacoby June 2, 2009

This is great! Thanks so much!

jyarnold [anti-spam] att.net June 2, 2009

Can this script redirect based on username? For instance if user A logs in then he goes to page B and if user C logs in he goes to page D, etc?

Wayne June 3, 2009

Since I added Password Protect to my website, spam has dropped to ZERO ! Thanks, Zubrag.

kevin June 5, 2009

The password protection works, but I keep on getting: "Warning: Cannot modify header information" on my pages. Any ideas?

shaggy June 6, 2009

you know, you guys are bumping a thread that's like 3 years old. Anyway, just thought I'd add my two, and say AWESOME script zubrag, thank you!!

John C. A. Manley June 13, 2009

Many thanks. Exactly what I needed. Easy to setup. Worked Great.

GMIXX June 14, 2009

DUDE! (I am from Hawaii…lol)

Thank you from the bottom of my HEART! This is awesome…


Kristle June 14, 2009

This is damn nice!

amirhussain135 [anti-spam] hotmail.com June 14, 2009

plz tell me about how can i recover my deleted date….?

Daniel June 14, 2009

How to i make it so the username is not cap sensetive

June 17, 2009

I received the following code in the top line:

<?php include("d:\hosting\mhaney1014\password_protect.php"); ?>

But when I test out my .php page and try to type in username/password, it says invalid?

svar [anti-spam] svaroh,com June 18, 2009

I am not a tech person by any means. We have Sharepoint Designer 2007 and I have been desperately trying to figure out how to upload a fill able pdf and have it password protected with 240 different logins. Needless to say I am at my wits end. If anyone can help me, I would REALLY appreciate it.

adamoli [anti-spam] gmail.com June 19, 2009

Hi. The script does not seem to work in the latest version of Firefox, it just displays the page! Any tips on this?


Sam June 21, 2009

Great script works fine for me in IE7, Firefox 3.0.11, Safari 4 Public Beta and Opera 9.62. Thank you very much!

john [anti-spam] fawkesbay.com June 22, 2009

Greetings. Just wanted to say thank you for an excellent script. I've been learning PHP and have worked very hard using the things I've learned but for all the new clients I am starting to get now, this is by far the easiest and secure way to create simple content management systems for the many non-profits and customized sites I am developing.

Thank you so very much. All your work is really appreciated.

A June 24, 2009

Extremely helpful- thank you so much.

denisus15 [anti-spam] gmail.com June 29, 2009

he need cookies… i hate write pass on every refresh

johndevblack [anti-spam] yahoo.com July 3, 2009

Easy to implement in the Windows XP version of PHP5 but difficult under Ubuntu Linux 9.

Please advise users to add the include statement before the <HTML> tag.

If you wish to pass an argument to the script which includes your password script, the argument needs to be extracted before the include statement

thus — $fn = $_POST["fname"]; and then restated within the <form> statement in your script thus —

echo '<input type="hidden" name="fname" value="' . $fn . '">';

A great little script.

Thank you for providing it.

July 4, 2009

Great work Zubrag, what a wonderful script easy to implement on planet earth. Keep it, What a great Genius? Huhh

July 8, 2009

Thank you! Needed something fast and this worked like a charm!

clive_william [anti-spam] ymail.com July 8, 2009

php& java is really a good language write any script also .So that is very useful blog.

am9e [anti-spam] hotmail.com July 9, 2009


dasd July 11, 2009

AWESOME SCRIPT!!!!!!!!! thank you {{}}}}

wheeler July 14, 2009

Wow, I'm hooked — this works so well I'm going to wear it out. THANKS

AohmZ July 14, 2009

Thanks for posting! I am new to PHP and am looking at scripts to get started.

jehzlau July 14, 2009

this script really works great! thanks for creating one and sharing it to the world. 🙂

admin [anti-spam] izewebdesign.com July 16, 2009

You are so awesome for making this so easy to use.

weston [anti-spam] inspireddesign.biz July 30, 2009

Is it possible to make the timeout days rather than minutes? I have situation where I need access to expire for each individual after 30 days. Maybe there is a better way but I don't know how.

Mega pack July 31, 2009

can i use this script so when paypay sends them to my opt in form page to give me their details, before they are sent to the download page. Its the download page i want to stop from being accessed from external sources, but i want the customer to be able to fill in opt in box and go to the download page without having to put in a code. I really just want to stop my download page from being accessed from the internet.. only from the sign up form

Nick B July 31, 2009

I appreciate you making this script. It's simple and just what I needed.

18robin.singh [anti-spam] gmail.com August 1, 2009

gmail show my username and password when i open the gmail on my computer.what is the problem. plz help me.

Wes C August 7, 2009

Thanks for doing this. It is a very big help!

mir August 8, 2009

Using the script with a php page made from a dreamweaver template and it's not working. Any ideas

CLM August 11, 2009

Thanks heaps — using this script has saved me tonnes of headaches! You're an angel 🙂

johnx360 [anti-spam] kicked.se August 12, 2009

Is there anyway to logout? And if not can you create some kind of overlay at top with a logout button?

223751 [anti-spam] googlemail.com August 15, 2009

Brilliant script works excellent!

I was thinking how I can change the font or background for the login page ? is that possible?

Did I miss it?


ticmic [anti-spam] selcom.hu August 19, 2009

I need to protect two pages with different log ins and passwords is this possible

` August 20, 2009

Great script, thanks a lot, Worked a dream with one site I am working on.

Web Designer August 21, 2009

To Rob, whom posted on Aug 15, 09

Look at lines 98-117. That's the html part of the page. You can change the font and background there. If you don't know html go to www.w3schools.com and look it up.

Dan August 27, 2009

I need to be able to have multiple (unlimited) passwords… basically the customers will be using their product serial number

luci_unikatu [anti-spam] yahoo.com August 28, 2009

Can you change a bit thew the scrpt? I want that the script to take te users and passwords from a .txt file and in txt file to be a line for every user and password like this user_name:user_password

Thanks if you want you can send'it at luci_unikatu[at]yahoo.com

September 3, 2009

very nice. 5 min and done.


John Smith September 6, 2009



This is very cool. Easy to setup & worked perfectly as I want. Keep up & thanks alot. Its very usefull!!

Vitaly September 7, 2009

Awesome script! Thank you so much! It solved my problem of protecting the whole bunch of pages by placing a script into a header.inc, and it worked in a matter of minutes.

September 9, 2009

Fantastic work!

This was just what I was after 😀

Took me less than 1 minute to get working! No hassle or problems… straight outta the box!


September 9, 2009


I have edited the code and removed all traces of example.com as the page when you log out but for some reason when you log out it still sends you too www.example.com any thoughts or ideas?

I can send anyone the files as per edited and see if they can figure it out, thank you!

slimebag [anti-spam] gmail.com September 10, 2009

Here's a way to database the usernames/passwords

$dbhost = ('localhost');

$dbuser = 'YOURDBUSER';

$dbpass = 'YOURDBPASS';

$dbname = 'YOURDBNAME';

$query = "select * from administrators";

$dbh=mysql_connect ($dbhost, $dbuser, $dbpass) or die('Cannot connect to the database because: ' . mysql_error());

mysql_select_db ($dbname);

$result = mysql_query($query) or die('Error : ' . mysql_error());

while(list($usr, $pwd) = mysql_fetch_array($result, MYSQL_NUM))



$usr => $pwd,);



Torpian September 10, 2009

Looks like a good script but I can't get it to work for me. I'm using Dreamweaver. I uploaded the file to: <?php include("/home/grandeur/public_html/password_protect.php"); ?>

I've copied that line into the first line of the pages I need protected but nothing happens. The only thing I've changed in the script I downloaded was the username and password, and I also created a page for it to direct people to when they put in the wrong password. Any help would be greatly appreciated.

Eric September 11, 2009

This script has made my life easier 😀 Thanks a lot and keep up the good work.

TomatoWilo September 13, 2009

Excellent script! Very easy to use and really secure!! Two thumbs up!!!

joetobey [anti-spam] gmail.com September 14, 2009

Any way to store username and password combinations in MySQL and then use this script to check them during login?

September 15, 2009

How can I put all usernames/passwords in a separate userdetails.txt file, and use a 'include' statement to bring these in so that I only need to edit this file, and not touch the php file? Anyone?

September 29, 2009

I find this does not work in IE 6 7 or 8. I saw a reference to that problem in one question , but the solution oferred did not fix the problem. "Not working" in my case means that the page contents load without asking for a password. Works great in Firefox, but close to 100% reliablity on the web is what I am looking for.

dendirk28 September 30, 2009

Same problem, IE7 asks the login at every load (IE8 probably too). Any solution for this by now??

October 1, 2009

Awesome script!

October 1, 2009

Awesome! Thanks so much.

mr.daryn.8 [anti-spam] hotmail.com October 5, 2009

I seem not to get my website password protected from peopel I don't know.

etarking_90 [anti-spam] yahoo.com October 8, 2009

this is great

www.vizionwebdesign.com October 9, 2009

awsome free simple script to use for client web pages that is not really data senstive.

inyourfaceinterface [anti-spam] gmail.com October 14, 2009

Best ever! you rock

October 14, 2009

thanks this is a great script

jvandale [anti-spam] collecive-spark.com October 14, 2009

Used it a couple of times and works great! Thanks for making it soooooo easy!

zeshan_haider_changazi [anti-spam] yahoo.com October 17, 2009

hi zubrag

i m very thankful to you and your team for making such easy codes which help the beginner web developers great.

after implementing it to my side i got one question that how can i change my password, username or how can i add new users.

yujumoes [anti-spam] hotmail.com October 19, 2009


akhilesh1780 [anti-spam] sify.com October 21, 2009

my password mis ho gaya hai.my detail

akhilesh kumar, dob 1.7.1980,chhibramau, dist. kannauj,jon.kanpur, uttar pradesh, india

my cellphone no. 05691-220520,9839563909

please my password send cellphone no.thanks

jeff October 23, 2009

great script. the only extra step I had to solve was getting my server to support php files. i checked the box andd all is well…thank you for an easy but solid solution to protecting my limited access webpages.

October 23, 2009


tinavelez [anti-spam] msn.com October 26, 2009

thank you so much, this is exactly what i was looking for for my customer log-ins. Two question though:

1. when testing in mozilla after i loged in and then closed the browser, opened a new browser in mozilla, it asked for the login again! PERFECT! even if i went to the history and clicked on the protected page, it still asked for password again! PERFECT! that's exactly what i was looking for. but when i tried it with ie, i was able to access the "secure" pages through history and by typing the path of them even after closing original browser, after inputting the login the only way it would ask again is if i cleared cookies. here's the question: is there any way this will work with ei as well as mozilla?

2: if someone chooses to "hack" my site with any of those programs, will they be able to see all my html codes and passwords and everything? If so, will it make any difference if the site has a ssl certificate?

thanks again for the scripts and instructions, they are GREAT!! 🙂

danielsmigs [anti-spam] hotmail.com October 28, 2009

It works perfectly!

But, just wondering how to protect whole DIRECTORIES instead of just individual files … ???



pavan October 29, 2009

where should i place the redirect after it checks when the username is correct, pls let me know, thanks in advance

November 3, 2009

is there a way to set it the code so that username and paswords can only be used once? thank you

normdunk [anti-spam] btinternet.com November 6, 2009

outstanding — once you know where to place what — its brilliant

Vishal November 17, 2009

Very outstanding php script, I just download it and set it up on my site and it works perfectly!

Thanks so much for making this script and having it as a free php script.

Jessie November 20, 2009

This is an amazing script! It took a little bit of playing around with it, but I got it working and I'm a PHP rookie! Thank you so much!! 🙂

Marcus November 26, 2009

Great piece of code. It works well. Thank You

max November 30, 2009

thank you very much for the code saved me ages in writing my own cheers zubrag!!!!!!!!!

sanjay December 1, 2009

I am in very trouble, because i don't know about php and php database. I am operating http://www.moneyinhands.com but i want user can Register and Login into my website with php and his database. I am very interested to know about php and his database, if you are good in php and his database please suggest and help me to i build better website for my users in India. If you want to charge any amount i will pay you just give me idea and support to i build website with Login Systems in PHP. I am waiting for you Reply…

djm [anti-spam] evolvnet.com December 1, 2009

Works like a charm. Thanks!

December 1, 2009

I don't know about other browsers but Internet Explorer view source only showed the html not the php when trying to view the include file directly — so no looking at the passwords or code -that's so cool!

December 2, 2009

Although many tutorials say how to hash passwords and create logins, this is the only one I found that shows how to put a good include file on the page to be protected: Excellent! Big problem with logout though. It redirects but does not log out. Can make back button go to expired page but refresh brings it back up again. Tried unsetting variables, session destroy, meta no-cache, header no cache. Only way to kill this login is close the browser or set header to empty which prevents any future logins. Please someone tell me how to do a proper log out : )

aaronwexler [anti-spam] hotmail.com December 2, 2009

Great script, it seems to work for me only sometimes. Other times instead of getting the login page with the boxes I just get a blank page. When this happens I try to use the ?help function to see if anything changed but that just brings up a blank page too. The only way I have found to fix it is to reload the downloaded script from scratch but then I lose all of my logins. I am using godaddy, dreamweaver CS4 and php pages. Any help

aaronwexler [anti-spam] hotmail.com December 2, 2009

nevermind I got it….I was missing a comma when adding logins. It is amazing how much time you can save when you actually read things

PHP_Idiot December 3, 2009

This script is PERFECT, and it works…easily!

I've tried several others and always run into problems and errors, but within 20 minutes I had an entire section of my site protected (www.gbpokerclub.co.uk).

Thank you so much guys.

prowler December 5, 2009

i did everything you said, but when i put any of your user/pass pairs (i didnt change it for test) i get "The page cannot be found" page.

im using IIS 5.1 and PHP 4.3.11

bryce.power [anti-spam] gmail.com December 5, 2009

AWESOME SCRIPT!!!! This is amazing. What i would like to see in the next release though is for the logout function. I want it to be able to go to 2 different pages depending on whether you hit "logout" or your time expired.

December 8, 2009

Perfect! Thank you very much.

elrat December 10, 2009

Thank you so much! The first time I've installed a php script and it worked like a dream.

justin [anti-spam] igrowbeards.com December 11, 2009

Thanks very much for this. Works like a charm.

daniel December 11, 2009

Thanks, you're a pimp!

December 15, 2009

This is an excellent password protection script! Much appreciated …


att December 22, 2009

Great PHP password protect Script, created over 9 years ago and still the easiest and most efficient script I could find. Thank you very much!

nzdzeni [anti-spam] gmail.com December 23, 2009

Thanks so much! This was perfect for what I needed — really easy to implement and beautifully explained. You will be today's "Gratitude Item" on my blog (http://www.dzeni.blogspot.com).

replies [anti-spam] hotmail.com January 3, 2010

Reffering to an earlier comment, how can I force the password entry to appear as a popup window kind of deal rather than as a new page?

adendum [anti-spam] hotmail.co.uk January 4, 2010

Excellent and elegant solution. 10 out of 10 Mr Zubrag!!!

Rob_ITA January 7, 2010

TNX really much for the script: it fits perfectly my needs.


January 9, 2010

I figured out the problem relating to "Warning: Cannot modify header information — headers already sent by …"

It has to do with where you're putting the call to password_protect.php.

I moved it out of the HTML body and up to the top of the file above the !DOCTYPE declaration and it worked fine.

Guessing this works because it's above the header of the page it is included on and therefore the header inside password_protect.php doesn't attempt to send the header again after the header info was sent.

January 10, 2010

How do protect that actual script that contains the username and password. They could still find a way to get to that script. It should be hashed up and interpreted by the php engine somehow not just laying there along with the other scripts

mk January 22, 2010

I love your script, you are a genius.

hothouse January 26, 2010

Very cool — thanks so much!

tmontague [anti-spam] mpamedia.com January 26, 2010

Nice script, very useful. Can "reset/forgot your password" feature be added.

We have an issue with the admin needing to know what user passwords are and also getting bugged because users can't remember their password. Being able to reset it would be awesome.

Thanks for your great work on this.


rob [anti-spam] orijindesign.co.uk January 27, 2010

Great stuff — thank you!

NH January 30, 2010

Hello what a great script! I just don't know how to enter the numbers for the timeout…? does it have to be in second, minutes, in other words, 05 for 5 minutes?

February 12, 2010

great script. I had it going in like 10 minutes. great description!

mjouve [anti-spam] bellsouth.net February 13, 2010

Please I'm not to smart to use the computer, just please tell me how I can do to get some help from the "NASCAR ANGELS"


Marco Jouve


christy3341 [anti-spam] hotmail.com February 15, 2010

i would like to join a hip hop dance class, i would like to know where to go and how much it cost. if someone could either e-mail me or call me that would be great 🙂 1204-218 4562


Ties February 16, 2010

arning: Cannot modify header information — headers already sent by (output started at /home/fastwhip/public_html/testground/beheer/test.php:7) in /home/fastwhip/public_html/testground/beheer/password_protect.php on line 138

I keep getting this error. And it does not seem to save the cookie because i have to re-enter the password on every page. How can i solve this?

Ties February 16, 2010

For people who get the 'Cannot modify header information' error on line 138.

Make sure u put the 'include' php code on the FIRST line of your protected page. It has nothing to do with UTF-8 encoding as stated before, just put it on the FIRST line.

Ties February 16, 2010

Oh I forgot to mention. THANK YOU SO MUCH FOR THIS WONDERFUL SCRIPT. This script is a gift from heaven and you're a prophet from the PHP Gods..

February 18, 2010

this seems to work great. i think its protecting my directories from being browsed(directory listing) but if you know the unique URL to photos, they aren't protected. But GREAT work here thank you

daznlily [anti-spam] googlemail.com February 19, 2010

Hi this script is excellent, I am still struggling to get it to completely work. I am creating a secure page with an upload facility, but I keep on getting this message:

Parse error: syntax error, unexpected T_BOOLEAN_AND in /home/virtual/site256/fst/var/www/html/store.php on line 112

I know this sounds cheeky, but is there any chance you could take a look at my page code and see where my error might be. I get this error when I try to click onto the password protected page.



flash62 [anti-spam] bluewin.ch February 20, 2010

Hi ! Thank a lot for your great job !

Maybe just a small request:

is it possible to write a simple .txt log file with the login infos ?


user-1 login on 20.02.2010 at 21:30

again you are great php guru !

Ciao, Pietro

February 22, 2010

Great script. Thanks

alex [anti-spam] hoquality.com February 25, 2010

Really nice script! Just what I was looking for — Thanks!

brightondesira [anti-spam] hotmail.com February 28, 2010

tini il paswerd man

brightondesira [anti-spam] hotmail.com February 28, 2010

nixtiq il paswerd man

James March 2, 2010

This is great, anyone manage to adapt this so you can store passwords in external file? or the option to set password without changing the code?


lairbear [anti-spam] gmail.com March 6, 2010

Is there a way to widen the page display? It seems that part way down the list the little icon that appears on the left moves to the right, probably because of long song titles. Also, what is the icon that is supposed to appear there? There is no "dif" folder. My web site is larrystunes.net


greenhornporn [anti-spam] gmail.com March 8, 2010

i put in the code and im only getting a black page. i am totally lost now. it worked one time then i got the black page and i cant figure out what i did wrong can you send me a email on whats wrong. thankz

greenhornporn [anti-spam] gmail.com March 8, 2010

this is the code i get on my members page what does this mean……

Warning: include() [function.include]: URL file-access is disabled in the server configuration in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1

Warning: include(http://www.greenhornporn.com/php/password_protect.php) [function.include]: failed to open stream: no suitable wrapper could be found in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1

Warning: include() [function.include]: Failed opening 'http://www.greenhornporn.com/php/password_protect.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/g/r/e/greenhornporn/html/php/members.php on line 1

mrindasman [anti-spam] att.net March 9, 2010

Thanks for the great script! This was just as easy as the drag & drop login tools for ASP.NET.

March 10, 2010

Yes nice script — Thanks a wrought

ahmedzeinn [anti-spam] hotmail.com March 10, 2010


March 12, 2010

You want to give this membership login a whirl — it even supports recaptcha:


March 15, 2010


Potreau Gérard March 20, 2010


ron March 21, 2010

Tried it, it worked on the first page i went to, tested it, signed in, and after that no more asking for sign ins, and some pages came up blank.

ron March 21, 2010

WTF? This some kind of scam, or joke? After using the password once, it's gone. Nothing asks for a login or is protected anymore because all the code inside the protect.php file is gone, its now blank, even if i re-upload, it and check again, its blank. The F@#$%ing crap better not be some kind of hack, i just fell for!!!!!

g31.potreau [anti-spam] orang.fr March 23, 2010

inutile. Pour destination Andore depuis la france

telecom [anti-spam] altuonline.com March 26, 2010

can this script be used on an .html page? or does my page that I'm trying to protect needs to be in php format?

waleed March 27, 2010

i want to protect my password and my eamil

perpetualjon March 28, 2010

The file does need to be a .php file and not .html or .htm. Luckily, html files can be converted just by changing their file name extension. The code within an HTML file works just the same when it's identified as a .php file.

hshan April 1, 2010

Excellent job!

ris-cp [anti-spam] hotmail.com April 7, 2010

Wow! Thank you so much. I've been trying the htaccess way but it didn't seem to work. And this way did!

brainbugger24 [anti-spam] gmail.com April 7, 2010

Have Computer Problems? Try asking Experts for free:


cicciohofman [anti-spam] gmail.com April 10, 2010

This was amazing and soooo simple. Thanks so much. I only have one question: Is it easy to specify the "go-to" page based off of the different logins? For example: If the user is 'joemamma' then I want to send that user to 'joemamma_action.php', but if the user is 'me' then I want to send that user to 'me_action.php' etc etc! Thanks

Deepak Rajpal April 13, 2010

smart code… thanks

April 14, 2010

Absolutely phenomenal. Great script.

kassalem April 21, 2010

hi how are you this website is very good…….

Humanbakedbeans [anti-spam] hotmail.co.uk April 21, 2010

hi, i'm trying to put it onto a site called weebly.com. this site allows you to build a site for free. How can i do this? Please help, Thanks

Kishore April 24, 2010

It helps so much to me, thanks.

April 28, 2010

GREAT CODE, I love it, thank you for puting it together and answering all of our questions.

April 30, 2010

kunna oooooombikkko

Gunasekaran GouthamRaja May 3, 2010

Hi I have launched my website in webnode.com. I want to protect a particular page. Can U help me how to do this?

Gunasekaran GouthamRaja May 3, 2010

Hi I have launched my website in webnode.com. I want to protect a particular page.

I have uploaded the "password-protect.php" file. But how to get the path where it is stored so that I need to apply it in the protection page

BMF Sports May 4, 2010

This is RIDICULOUSLY EASY! It took me a few tries to get it, but it's only because I was thinking in HTML mode for a while. This script ROCKS!

Ellen May 5, 2010

thank you, this is just what I was looking for! -and so easy for a noob like me 😉

thom [anti-spam] 321goforit.com May 6, 2010

fooling with this script for 4 hours now… keep Running into problem you identified solution before where you suggest // setcookie("verify", md5($pass)); however that effectively kills using this script on multiple pages and the user needs to relogin every page. I am at a loss as to what to do to eliminate the "Cannot modify header information…" error message. I reference the password protection page in the first line of the php page and there is no code sent before? Please help I dont get where the problem is… it points to the cookie line.. but unsure why.

gomsymarwaha [anti-spam] yahoo.in May 7, 2010

hi ,, m gomsy,, i made a html web page and i want to put a password and username on its login page .. so would u plz help me

Pete May 7, 2010

When I connect it to mysql, it only works for the userid and password that is LAST in the database table.

wachs84 [anti-spam] yahoo.com May 8, 2010

This authenticator is outstanding, and I assure you I'm a person who rarely uses that word. What was not obious to me at first, was that the whole point is to provide a hyperlink to any-and-all PHP files that you want to protect, whose first line has been edited to include the one line of Protection Code. The edited PHP files will seamlessly automatically call the password_protect.php file to authenticate, then revert back to the original PHP file that was the original target. Providing the user a hyperlink directly to the password_protect.php file will work too, but it will display a blank webpage upon pressing Submit. My point is that one critical line of Protection Code is the heart & soul of this wonderful code you designed.

Recommendation: upon form load, the Login entry control box should automatically get Focus, so that the user does not have to mouse-click on it, and can immediately type USERNAME TAB PASSWORD ENTER, badda-bing-badda-bang done in 3 seconds.

jim_neal [anti-spam] yahoo.com May 10, 2010

I have it working if I go directly to the protected page. However I linked the protected page from my index page. If I click on that link I am taken directly to the page without a password prompt. However if I type the address directly in I get the prompt.

KC May 12, 2010

This is an awesome script.. i learned so much and had it up and running in less then 10 minutes.. AWESOME work.. thanks so much!

Ian May 13, 2010

When I go to "http://www.mysite.com:82/password_protect.php?help", my browser downloads the file. I'm using Safari, and my site's hosted over port 82.

jayfuentes [anti-spam] gmail.com May 13, 2010

how would I be able to grad the $LOGIN_INFORMATION and use it in another php page to verify permissions?

May 17, 2010

Is there a way to keep the $login variable in memory so I can display the currently logged in user if needed?

eyphotography May 18, 2010

Works great!! I'm using it for my photography client login page.

Neofrgo May 20, 2010

i love you mate i have been looking for a password for my site and i have just found your's it works perfect i love my mate!

May 24, 2010

Very very cool, thanks for your help.

Finnur May 25, 2010

Hey there. Good script. I was wondering if there's any way to make it automatically log back out after a certain amount of time has passed. This will prevent the page to be open if entered in a public computer.

thanks for this great script!

judybooty May 25, 2010

Just a neads up for some newbies using godaddy. If you are using the default hosting provided by godaddy (windows) it will not accept the php files. You will need to call godaddy and have them switch you to a linux server. There is no charge for this and no down time. Just make sure you are not using .asp files which will not work with linux.

lx May 26, 2010

Hi zubrag,

Your script rocks!

Does anyone know how I restrict login to one user only, e.g. if User1 logs in no one else called 'User1' can login at same time?

In other words: I don't want users to use each others accounts from different workstations.



loveyourscript May 26, 2010

Looking for a way to implement a 'logout' button or timeout the cookie to require a user to log back in after a certain amount of time of inactivity

charles.morrison [anti-spam] rocketmail.com May 28, 2010

Great, works for my site, though i would appreciate if any one can let me know, how can i make it that, you only get one password input attempt, after which if you put in the wrong password, you are redirected to a different page, and you cannot go back to the password page by clicking the back button on the web browser.

Also, if you get the right password, you are redirected to anothe page too.

Albanian June 5, 2010

hey dude great script….its been a long time ive been looking for such script thxxxxxxx babe

bill1229 [anti-spam] wwmgmt.org June 7, 2010

Does this script do any logging so I can see who logged in? I want to pass out login ids and pws and then be able to track who used it and when.

June 13, 2010

Amazing NO WORDS

phlum June 15, 2010

Can we put just .htm files in the LOGOUT_URL field?

Jacob June 21, 2010

Very nice script. I love it!! Iv been looking for ages for one of these. Again, brilliant! Oh and for you guys who want people to be able to log out. Why don't you just create a link that reloads the page. As mr man who made this said, it logs you out when you reload the page. So that would work bcuz it is working for me 🙂 <a href="www.klueless.net/forum"> This is what im using it for </a>

kolbjoern [anti-spam] stuestoel.no June 22, 2010

Automatic focus

As I used only the password part (not the username), I added

<body onLoad="document.pw.access_password.focus()">

in the Form part of the script to let the input field have focus at start.

kolbjoern [anti-spam] stuestoel.no June 22, 2010

Automatic focus

Sorry. I forgot to tell that I had to give the form a name: <form method="post" name=pw>.

kolbjoern [anti-spam] stuestoel.no June 22, 2010

Logging out

I added a var $passord_i_bruk = 'yes' at the top of the program. Then where I would have the log out possibilities in my html side I added

if (isset($passord_used))

print '<div><a href="password_protect.php?logout=1">Logg ut </a></div>';

else do_something_else;

When logging out the user is at the moment redirected to a html file defined in the LOGOUT_URL.

June 25, 2010

Would it be possible to present some comprehensive examples on hoe to attach this to a MySQL database?

Yours faithfully


shibu.n [anti-spam] adventity.com June 27, 2010

user name password

Shakka July 4, 2010

wats the password??

mrtrixter [anti-spam] hotmail.com July 4, 2010

Great little script. Nice work, and thanks!

tetinedours38 [anti-spam] hotmail.fr July 6, 2010


July 14, 2010

Nice script. But when i insert the script at the top of my page it shifts all my content to the left. Any ideas why ??

faedelagra7 [anti-spam] hotmail.com July 16, 2010

what is revenue .com

July 27, 2010

For the logout i keep getting this on click

You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.

These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.

and i cant seem to get it to work

design [anti-spam] sbroderick.com July 27, 2010

Probably one of the coolest, simplest and best scripts I've ever found. I just used it on a site and it not only saved my so much time because it's so simple and fast, it really impressed the client and myself with how versatile it is! Thanks!

ContentChris July 29, 2010

This script is actually amazing! I needed a decent loginscript for a page I had no way of using a DB driven method. This is much better then the temporary javascript login I fixed.

Cause lets face it, javascript is not what u want.

Thanks a lot author!

telessa [anti-spam] comcast.net July 31, 2010

OMG! I have been working on the forever! My site says the host server name is D:/Hosting/cwbkman/ and I uploaded the php file to that server. I changed the password and added the coding line to the very top (with no spaces) of my wanted protected pages and nothing happens!! WHat am I doing? PLEASE HELP! EMAIL!

July 31, 2010

I have your script up and running, everything was working fine, but now in IE7 and IE8 after sign in I'm getting a blank screen?

July 31, 2010

Great great…the only remark I have is that when i type a wrong login there is a error saying… wrong password..

Is there only one validation on teh 2 fields?


JB August 10, 2010

Very Nice! too cool. perfect, Genius. simple, But powerful!

kj August 11, 2010

Its a good script, thanks!

JimmyC August 11, 2010

Man! Thank you so much for this! I am not great at MySQL and PHP. This works great! I would just have to tell the client what the user and pass is and off we go. I read a lot of these posts and I suppose if you want multiple page login, meaning different pages for different people, I just create this code and rename? One of these days I would love to write something where the user can create the name and pass… but I'm gettin a headache just thinking about it..LOL.. Thank you sir for this! Awesome dude for helping us all… JC

chigger August 15, 2010

wow this is great! thanks a lot man =D

raihan_mazumder [anti-spam] yahoo.com August 16, 2010

Can you send me my email some php good script? email: raihan_mazumder@yahoo.com


+88 01712048181

James August 17, 2010

Is there any way to make it so that the cookie lasts forever instead of deleting it at the end of the session? Other than that the script is rock solid.

cfksite [anti-spam] gmail.com August 20, 2010

I set this up on my site, and the log in works fine, but it Keeps asking for a password everytime I come back to the page. Isnt there a cookie being Set to prevent that?

jade August 22, 2010

Thanks for this it is just what I needed and works a treat! x

maxbomb95 [anti-spam] yahoo.com August 24, 2010

I don't really understand what to do here. I modified the password and username with notepad i'm not really sure if I modified it right though. But regardless how do I put the script into my webpage. My website is html. What part of the scipt do I put on the page?

My email address is maxbomb95@yahoo.com

Matt August 25, 2010

Brilliant script! You've just saved my bacon! Thanks so much.

malar.rose34 [anti-spam] gmail.com August 26, 2010

the php code that does not go to previous page

Codenix August 28, 2010

Great script mate — had limited success with four others I tried due to poor doco or commenting — yours was a breeze to set up 🙂

Thank you!

August 30, 2010

You are great guys! I hv enjoyed much in navigating through this page. keep it up guys.

Karen Chun August 30, 2010

This is a wonderful script…I end up having to maintain websites that are built on lame hosts without easy interfaces like cpanel and which do weird behind the scenes stuff that invalidates .htaccesss.

So this was a LIFE SAVER!


ripmiata [anti-spam] gmail.com September 3, 2010

Thank you. I had this up on our web site in 10 minutes. You are a gentleman and a scholar. I use old Frontpage 2003 and I saved my target page as a PHP file and copied the code to the first line like you say. Saved to web space and brought it up. Hit the hypelink for the protected page and entered "zubrag" and "root" and got the page. I then changed the UserID and passwords to match the vendors I want to access the protected page(s) and made the Timeout value ".001" so they would have to sign in every time. Thank you so much. I will be looking for the Donation Page as soon as I finish this.

Macc September 4, 2010

Thanx man, just what I need.

wcongdon59 [anti-spam] yahoo.com September 7, 2010

I was watching a football game at Starbucks when I first bought Veetle TV and today I tried to get back onto NFL Live TV @ mytvdirect.com/member.php, but now I can't get through the password screen. There's no "Forgot your password" feature. My screen/member name is 5RLauthor. Can you help me?

leon September 9, 2010

This may have been addressed but I didn't see it up above…how do I modify the file so that it only requires a password and not a username?

Any help would be greatly appreciated.


info [anti-spam] kristieakindesign.com September 10, 2010

Awesome script and so easy to implement! This worked like a charm. Thanks!


zhapness [anti-spam] forum.dk September 12, 2010

Hi is there anyway i can the script without the cookies thing?

And thanks for all these nice scripts 🙂

Dazadz September 14, 2010

Brilliant script, thanks very much. Really annoying to see the thoughtless comments left by some people too stupid or lazy to figure it out, everything is explained very well.

I had one problem with having to re-login on each visit after closing the browser, altering the cookie timeout to 72000 instead of leaving it on 0 solved that for me, I use IE.

If you don't want cookies I think you can just put // at the start of line 139 (the setcookie line) and that will stop cookies being set.

joey September 15, 2010

Great Script, I have one issue once everything is up and going i see a warning message at the top of my page.


Mark September 15, 2010

Thanks for a great, easy to use script!

mindz0r [anti-spam] mail.ru September 17, 2010

I get warning:

Warning: Cannot modify header information — headers already sent by (output started at Z:homelocalhostwwwusersindex.php:1) in Z:homelocalhostwwwuserspassword_protect.php on line 138

Linda G. September 19, 2010

L-O-V-E this script!! EXACTLY what I have been looking for!!!

September 20, 2010

Bless you people! Great script, easy & with understandable comments, especially for a beginner to PHP like me. Thank thank thank you Nicky

Brahdah Neke September 20, 2010

Awesome Script!

Nice work my brahdah!!! Mahaloz!

Louw September 22, 2010

Your facility is being used by scammers. Check out www.revenue.com sending out e-mails purporting to to come from SA Revenue Services. Suggest you look into it as it compromises the integrity of your site

Tim September 27, 2010

people are getting the Warning: Cannot modify header information error because this scripts only works in php5 +

Anurag Panda September 29, 2010

Thank you. Very useful.

Sjors October 1, 2010

This is perfect!

Thank you!

October 2, 2010

great script. Going since 2006 and still going strong.. good work!!

Amazing the No. of people who cannot read simple instructions and ask questions here!! 🙂

Any chance of a logging feature to capture IP/login/password attempts?

I have added it to your script manually but would be a great add-on…

October 14, 2010

I do not understand what you mean when you say "Open script in your browser with "help" parameter to see the line of code to add to every page you would like to be password protected." Can you please explain?

khairul October 18, 2010

I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You! I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!I love You!

centralpadesigns [anti-spam] gmail.com October 19, 2010

This is actually a really awesome thing. Thank you so much!

tiffpeirsim [anti-spam] gmail.com October 22, 2010

Hi Zubrag,

I want to share one password_protect with 2 different domain, what should I do? Please help me! Thanks for your help!

October 25, 2010

well done, thank you!

hoe October 26, 2010

Abe Tum Koi Hindi Me Nahi Likh Sakte Ho Kya MuZhe Bahut Problum Ho Rahi Hai Samjhe Tum Log Koi Video Kyon Nahi Banate Ho Hmmm Ya Tumhare Pass Video Recorder Nahi Hai Reply Now

robert.hill [anti-spam] ultimatesupport.com October 27, 2010

What if I want my downloads from that page to have that same protection, so people could not just copy the link and send it to everyone?

imaga_kingsley [anti-spam] yahoo.com October 27, 2010

pls i need your support on how to create a subdpmain and a password 4 hosting.pls!

October 28, 2010

!!! Comments posted here will not be answered. If you want to ask a question please post it on the forum.

they were answered back in 2006 — 2007 your site just aint the same.

sonnyb [anti-spam] radiohd.us November 1, 2010

Warning: Cannot modify header information — headers already sent by (output started at /……djsonnyb/jukebox/index.php:1) in www/djsonnyb/jukebox/password_protect.php on line 139

im a noob any help? thanks. I erased some of the path because of security

Blogspot Malaysia November 7, 2010

Very nice script. Helped me alot. Thanks!

<a href="http://www.blogspotmalaysia.com">Blogspot Malaysia</a>

Daku November 12, 2010

For people who are trying to use this but who keep getting the "login incorrect" message. The solution is, you need to:

1) Add a comma to the end of the line

'admin' => 'adminpass'


2) Add your own username and password (no comma at the end of that line), so it looks like this:

'admin' => 'adminpass',

'registered' => 'letmein'

Then it will work.

Just changing the default passwords will not work, you need to ADD one.

Many thanks for this script.

November 19, 2010

Great!!! It works in 3 minuts!

Many Thanks!


natalia November 23, 2010

Hi, first of all great script !!!!!

.. . but I can’t make it work for the sever http://users.auth.gr/~nakour when I write http://users.auth.gr/~nakour/password_protect.php?help it just edits the code. (I tried it to another server and it works fine). Could you please, …,please help me

martin [anti-spam] dtgweb.com December 2, 2010

how could i use this script to force all protected pages to https?

December 10, 2010

Everyone that is getting the header error on 138. Put this script ON LINE 1!!!! Even before your DOCTYPE.

ecurtissdesigns [anti-spam] gmail.com December 13, 2010

Great Script, … my sincere thanks.

Craig December 15, 2010

Thank you very much for this very simple code.

Simplicity is a good thing.

kalyan_p85 [anti-spam] rediffmail.com December 17, 2010


please send me the information that how can i open a website by logging only once.

i.e i give user name and password only once at a time.

Purko December 22, 2010

Many thanks!

oe December 24, 2010

great tool for php obfuscation


December 26, 2010

martin [anti-spam] dtgweb.com December 2, 2010

how could i use this script to force all protected pages to https?


//force redirect to secure page

if($_SERVER['SERVER_PORT'] != '443')

{ header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); exit(); };


i found this php code online

it will work as long as you server supports https

lulz December 28, 2010

You people know that this article is 10+ years old right?

You expect to still get answers?

You expect this to be the best option?


January 5, 2011

hey lulz

Instead of being an ass — be helpful. This is the best online resource I've been able to find regardless of age.

If you have a better solution — post it!

info [anti-spam] reiner-ahlgrimm.de January 6, 2011

I also couldn't find a better solution. That's it! Thanks to Zubrak!

enz January 17, 2011

you may have answered this already, but for some reason i am being asked to repeat the username and password for every page. Apart form this hurdle every thing looks great.


cg4u.info [anti-spam] gmail.com January 18, 2011

we are from CG4u.net (www.CG4u.net)

thanks for the great script,

it helped us a lot for secrecy on web,

thanks man,

God Bless you,

Fill your dreams,

to reality,

Make you happy for ever

Unknown823 January 21, 2011

Great script, thank you for letting others have it. I also must say that I found it kind of ironic that just minutes after downloading this protect-your-website script from here a month or two ago, this site was hacked.

rob [anti-spam] lightfusion.co.uk January 23, 2011

Thanks for the Script, Its brilliant.

Multiuser support would be an awesome addition (user A has access to Page A, User B to Page B, ETC.)

i know this can be don'e by duplicating and renaming the file though…

So Thanks Very Much for your Efforts!

salsaShark February 7, 2011

Speaking of which, how would one add multi-user support (as stated above)?

Partha February 12, 2011

Thanks, I am going to use this script

info [anti-spam] awacsweb.com February 14, 2011

hello my friend download password Protect, i wanna just request password in limited country.please help in this cause.how to use this code.

Zeeshan Raza

alexlworks [anti-spam] rogers.com February 14, 2011

Multiuser support would be a very useful addition I agree.

deeanne February 16, 2011

Thank you very much!!

sal February 16, 2011

fantastic script, thanks so much!

Rico February 24, 2011

Does the script require to relog in when I update the password on the password.PHP or

How do I get rid of the cookie support?

aparcedo [anti-spam] hotmail.com February 26, 2011

hi. how can i put in the code a funtion to aedit a txt in the server that includes:





with every login.

Eris stephenelis [anti-spam] yahoo.com March 3, 2011

I am interested in using this script for multiple users. I read and understand the post describing how to use multiple directories.i am being asked to repeat the user name and password for every page.

rbrianh [anti-spam] electro-mechanical.com March 6, 2011

How can I use this for multiple pages where each one can only log into their own page and not the others on the same site?

itokelement [anti-spam] gmail.com March 7, 2011

Good script, generally easy to implement.

However, how would one post the logout value via AJAX when capturing a click on the logout button using jQuery?

Thuan Nguyen March 9, 2011

Love the script. Very useful. It needed a little CSS, but works perfectly. Thanks a bunch.

stan [anti-spam] imperialmed.com March 15, 2011

This is wasome script. I am web amature and dobnt know any html/php/asp/ and I was able to install it with out any problems

thanks so much


March 21, 2011

I also have the example.com problem.

Iulian April 5, 2011

Wow this is an awesome script, I was looking for something like this for a long long time! Thank you and god bless you!

barcode maker April 11, 2011

Great script. I will be using it on my website. Thanks for sharing it.

barcode software


kyl April 15, 2011

this is perfect and less then 2 min install.

warray April 18, 2011

thank for the script it work perfect after

i install it, even though it take time for me to figure it out….ehm not familiar with PHP…thanks

May 2, 2011

Thanks, This is great script. Can you please advice if depending on the password (password only option) can I redirect it to a particular page.. e.g. if there are 3 passwords say admin, normal, moderator then it should go to /admin.php if admin is selected, should go to mod.php if moderator is selected etc..

d6bmg May 6, 2011

very nice script. Using it in my saveral module.

At last a big thanks to all who made this script.

digital_es [anti-spam] ymail.com May 9, 2011

Thanx, i new in PHP,

this very helpfull code

lots of thanx

wayneb May 17, 2011

Thank you, my friend for a great script. I'm new to web design and this is a super design.

maheshkakara4u [anti-spam] ymail.com May 19, 2011

thank you, for your good script its really helps help to solve my problem

Balaji May 20, 2011

Hi, I culdn't login , password error, can anyone tell the username , password for this script, Pls…..

jeremyb [anti-spam] zippymail.info May 23, 2011

Very useful and easy to implement into my website. Thank you.

Francois May 24, 2011

Straightforward, i like it!

thomas May 26, 2011

it did not work

June 5, 2011

super approach, works out of the box. cs.

alex June 10, 2011

anyone figure out how to make it so depending on the username, it redirects to a certain page?

socialmedia2127 [anti-spam] gmail.com June 14, 2011

This is awesome. Nice script! It works so fast and very good. It really give a support. You really are genius. Thanks for sharing your wonderful insight.

<a href="http://drivingtraffic.com/category/conversion-tips/">six minutes to success life</a>

sterling [anti-spam] stylebysterling.com June 15, 2011

Uh… I do all my sites thru iWeb off my mobile me automatic Publish. My designer friends site I'm doing she just wants her Wholesale page to require a password but can't figure how to use your code for…?

Dejan June 20, 2011

Hi, good work.

I there a possibility of multi-user password (each user to have their own unique password) and the password that have a duration. For example. that password for 30 days after the expiration of the time they can renew it in another 30 days.

Marco June 20, 2011

Hi there. Very nice and easy to use script. I have one question though and I hope somebody might be able to help me. I tried integrating it into our ecommerce website where I would like to have a separate section for b2b customers. Unfortunately the password-protect php seems to mess with may layout. I _guess_ it might be because of the die(); value which prematurely kills the rest of my php and so messes up the layout but I am not sure how to fix that. Any ideas would be really appreciated — Link is here: http://www.sport-damm.de/index.php?main_page=page_2



saileshbang [anti-spam] gmail.com July 2, 2011

Hello i know its very good scripts but i cannot give my password and access the page..please explain me in easy process..

let us suppose if i want to give login name as abcdef and password as xyzabcdef

then what should i write in the code….


'zubrag' => 'root',

'admin' => 'adminpass'




July 7, 2011

Sailesh, just replace the username and password given with yours or put a coma at the end of 'adminpass', new line and follow the given order.

Samuel Mungujakisa

July 7, 2011

I integrated a database into this, allowing for database-based authentication. Sample code is as follows:

$a =$_POST['access_login'];

$b = $_POST['access_password'];

$users="SELECT * FROM users WHERE user='$a' and pass='$b'";









"$x" => "$y"


munguja7 [anti-spam] yahoo.co.uk July 7, 2011

Forgot to sign the last post.

Samuel Mungujakisa.

July 7, 2011

Is it possible to redirect each user to there own page, for example i want it something like

'user' => 'userpass' this goes to one page whilst

'user2' => 'user2pass' would go to another?

Thank you

July 9, 2011

I really like this script, quick and easy. I am trying to add a drop box so that users can connect to different databases (different connect_to.inc file for each database). Anyone have any ideas on this.

July 9, 2011

Oops! disregard the last message. Just found the forum.

DolphinSurfer July 12, 2011

Word of warning: If you test this script manually in your browser, you _will_ be logged in until you close the browser. This caused many hours of fiddling with the HTML code to "try and get the login" to show again.

Giles July 31, 2011

Great script and have used it on several sites,

I'm having a problem with a clients shared GoDaddy host. Everything as it should be and I can generate the path through ?help but when stripped into my php page I get a login screen and once login is entered it re-directs to the appropriate page but its just blank. I've attempted both the path generated by your script and the absolute path from the GoDaddy server, still no luck.

I've installed it perfectly on my own GoDaddy server with no problems. Any ideas or anybody else with issues on GoDaddy.


lovecharles2004 [anti-spam] gmail.com July 31, 2011

Hello, this is really good

Is there a possibility of multi-user password (each user to have their own unique password) and the password that have a duration. For example, that password for 30 days after the expiration of the time they can renew it in another 30 days.


August 7, 2011

Good script, thank you. Works fine, I had some problems with the cookie but found that after putting the include line i.e.

<?php include("path/to/password_protect.php"); ?>

on the VERY FIRST LINE of the subsequent pages it worked a treat. Thanks!

shaan August 10, 2011

but as its asking paswd only once. and then i belive its set in cookies.

but i want password authntication every time i am browsing that site., how to do this..

thecsa0ne [anti-spam] gmail.com August 11, 2011

Hy zubrag! 🙂

Thenx the script. Can you give me one capcha script to be include in login and register script? This anti-spam is nice. Thx. My email ist valid.

PS.I try to hard, learn english 😛

Ste August 17, 2011

it works for me only with the default user and password.

and how can i change the width of the passworded page? i have a small php page 350x400px

rottencrystalforest [anti-spam] gmail.com August 17, 2011

Thank you so much, this script has solved my problem and functions perfectly. I can add users and subscribers to my confidential webpages and not necessarily give out internal and admin login details. Good work and keep it up! Thanks again.

Ste August 17, 2011

Will only work for me with default user and password? doesnt work when i edit them 🙁

oyster August 18, 2011

Very good script.Users must take care to place this outside of server's root directory because passwords are unencrypted and someone with a spider app can download the whole site and read them.

SANDY August 19, 2011


Jane August 28, 2011

The scripted worked on all other folders in the my site. Now I have set up another directory as password protected and it doesn't seem to see the password_protect.php file to verify the password. It kept on prompting me with the username and password. What have I done wrong?

ally September 3, 2011

it works great, but does anyone know how to send message after login?

I have tried this but it doesn't work:

if($_POST['access_login']=="ok" && $_POST['access_login']!="email@email.com"){

Mail("email@email.com", "login", $_POST['access_login']);

September 13, 2011

Doesnt work, and i did what you said. (using wamp server 2.1 with php enabled)

alvaro September 16, 2011

Great code zubrag, works perfect!

Thank you!!!!

September 20, 2011

Thank you so much. Exactly what I needed!

September 25, 2011


Deep September 26, 2011

Thanks a lot..!script working fine.

wagnercott2 [anti-spam] yahoo.com October 6, 2011

can anyone help me, what is the password for this?? http://hkprojects.freei.me/php/putmeon/putmeon.php?id=


monirali51 [anti-spam] yahoo.com October 7, 2011

someone set a password on http://hkprojects.freei.me/php/putmeon/putmeon.php?id=

… it was a mean effort. we ppl have some fun with the project. pls make it password free or publish the password here if anyone knows.tons of ppl r depending on it. help it pls . greetings

wagnercott2 [anti-spam] yahoo.com October 8, 2011

plss give the password of this..


Plssssss TY

ataylor801 [anti-spam] yahoo.com October 14, 2011

I want to set up usernames so users can see all the links/files on the page being protected but I want a guest username to only see certain links. Can I use the same script and change something to do this? please help…

goloco101 [anti-spam] gmail.com October 18, 2011

Hi there just want to make an inquiry of how sustainable <a href="http://www.golocomarketing.com">Online Local Listing</a> is

m.shiraz554 [anti-spam] gmail.com October 19, 2011

nice stuff is very perfect!!!

J.jolly October 22, 2011

There is a big problem with this script, when i click submit button with blank username and password, it shows the protected page, it doesnt say wrong password. Please help me, i need help really fast. All other things are fine in this script.

Thank you!

rudiansyahsh [anti-spam] yahoo.co.id October 24, 2011

can help to get open this link and what that pasword

http://hkprojects.freei.me/php/putmeon/putmeon.php?id= (number) how make open this link.

can help me anyone

ivan October 24, 2011

how can i add multi user??

HELP PLZ October 24, 2011

I have deleted some of the files by accident were can I re download the whole thing?

PRIYA October 29, 2011


prashantpnd951 [anti-spam] gmail.com October 31, 2011

Will it is secure to buy server space from website company. Will it is secure to upload my file there, can they copy my php coding

November 4, 2011


I have uploaded the password_protect.php file on my server and created a protected .php file with the first line of code like you said.

When I open the password_protect.php for the first time I type the login and password and when I submit, I opens again the password_protect.php but blank this time. Then I go again to the password_protect.php page to log again, but the page is also blank. It opens again well after cca. half an hour. I am new with php and scripts, please help! Please check it yourself: http://roartrans.freehostia.com/password_protect.php

Thanks in advance

Jamy November 4, 2011

Cool script!

I was trying to cook up my own solution for hours till I found this, in a few minutes I was done!

Thanks for the script man!

Ricardo November 9, 2011

Loving the script but one of my passwords will not work. Lets say i have a password called chicken, another called flower and another called traseña. The traseña one will not work, is it to do with the ñ? and if so, how can I bypass this as I need this to work?

shankar November 15, 2011

Thank You for this valuable inforamtion.did well for me.

ritudoki November 17, 2011

Awesome script! Thank you very much!!!

DK November 17, 2011

You rock!

December 1, 2011

I"m having an issue. I did everything correctly but when I got to my 'protected' page it displays normally asking me for no password?

December 1, 2011

Where can I get a comment board like this one? This one is perfect, please direct me, thanks!

Derrick December 11, 2011

Sounds good, I am tempted to use even with my limited knowledge of computer code. Does anyone know if it is more secure than MrSites own password system please ?

December 12, 2011

password protect doesn't work on certain computer I've tried. What happens is that the password and username are accepted but I am not redirected to my actual page upon entering password and username. any ideas why? does it have to do with windows security settings?

December 21, 2011

i can't open the php file once it's unzipped. it has the little ie icon and won't open for editing.

very frustrating. am i doing something wrong? tips?

sammietech [anti-spam] gmail.com December 25, 2011

hello guys, am using dreamweaver and php. i have try to redirect page, but its given me an error message that state "Warning: Cannot modify header information — headers already sent by (output started at /home/cac/public_html/connect.php:16) in /home/cac/public_html/testing2.php on line 8"

Please what am i going to do

vemeka [anti-spam] gmail.com December 28, 2011

please let me know what i am doing wrong, after adding the code, when i enter the url it will go directly to the redirected webpage without displaying the username and password login page, Pleas help- Thanks

arthesashe [anti-spam] gmail.com January 3, 2012

how about admin account can add another password or change the password without editing its source code. meaning must have a SQL.

Nasim January 13, 2012


When I'm trying to log out by using parameter like password-protect.php?logout=1

it is redirected to another site [i.e. http://www.iana.org/domains/example/]

Why it is happening???

pedromarqueslx [anti-spam] gmaill.com January 18, 2012

Thank you for sharring.

Best regards.


brad January 18, 2012

I cannot get the code to insert into my page. Every time I go to …/password_protect.php?help in my browser I just get the same page, without any new information or code. Where can I find that line of code to insert into my pages? thanks!

thomas.rykala [anti-spam] gmail.com January 22, 2012

Brilliant. Thank you.

January 23, 2012

Fantastic — exactly what I was looking for! Thank you very much for this.

DevHead January 24, 2012

Hey, first of all thanks. This script works really well.

Now, I'd like to redirect users to different pages based on the username/password they provide. I'd like to only have one login box that redirects them based on who they are. Can you provide the if statement for this? THank you!

DevHead January 24, 2012

basically to clarify more I want to write something liek this:

if $_POST['access_login'] == "test" && $_POST['access_password'] == "abc123" {

// direct to this page


DevHead January 24, 2012

if ($_POST['access_password'] == "abc123") {

header('Location: http://www.google.com/');


if ($_POST['access_login'] == "test" && $_POST['access_password'] == "abc123") {

header('Location: http://www.google.com/');


Figured it out. You can use the above code to direct users to different pages using the above code

sales [anti-spam] page2pagepro.com January 25, 2012




UID: zubrag

PSW: root




PHP + AJAX + STYLE = Nifty one-page login.

January 27, 2012

Is there any way to password protect html pages…

burton_1979_1 [anti-spam] yahoo.com January 29, 2012

How do I protect my directories besides my files?

waahmed [anti-spam] etilizepak.com February 2, 2012

plz send password

February 3, 2012

Thanks for a great Login script.

With limited PHP skills I initially had issues creating a logout that worked. But final got it right and thought it worth sharing here.

I found this code:

// logout?

if(isset($_GET['logout'])) {

setcookie("verify", '', $timeout, '/'); // clear password;

header('Location: ' . LOGOUT_URL);



in the login.php file supplied.

So on the page that I am protecting I created a login button with the following code:

<div><a href="your-url.php?logout=true">Log Out!</a></div>

your-url being the same url of the page you are protecting. so it just re-runs the page and login.php but this time the variable logout has something in it so it clears the password.

If navigate away from page without logout then timeout script should be relied on to log out. But I am still testing this!

austinjbollinger [anti-spam] gmail.com February 4, 2012

I just had a question about putting this into a table or something so that it can be better aligned. Any ideas? www.videogize.com/clients.php

February 9, 2012

This is a neat script, but I'm wondering if there would be any way to actually control content BASED on the username used to login? So PersonX could see content specific to them, and PersonY would see something else, specific to PersonY. Just wondering.

Mohd_arshad33 [anti-spam] yahoo.com February 9, 2012

Hi I want to use this script but can anyone help me for autoredirect mane page if not loggedin.

Means if I am using this script into 4 pages like page1index, page2,page3and page4, n last is password protected page so if user open directly page2, so user auto redirect to index page not show direct login form I hope you getting my point. Thanks mohd_arshad33@yahoo.com

missymoo February 16, 2012

Hi..just wondering how I would use this on my the website I created through weebly. Do you know if it is possible?

Thanks so much for your help.

Hunter [anti-spam] piercetwins.com February 19, 2012

How to make website

February 21, 2012

Wiow..dis was wt i need

March 2, 2012

Super! Very easy to customize and efficient — thanks


stiofan.deGeata [anti-spam] gmail.com March 8, 2012


This is a great script and is greatly needed. I installed it on my testing server and it worked great, however, when I installed it on our site (GoDaddy, linux), it doesn't work anymore. I have no problem getting the URL using the "?help" parameter, but it produces "/home/users…", just as Dave said earlier. The php script is totally unresponsive and the page is out there for all to see.

Any ideas?

Karlos March 9, 2012

Great script, thanks alot for sharing with the community.

Emanuele March 17, 2012

Zubrag, thanks for the valuable script which made me password protect my website almost in the same amount of time I needed to google "password protect website"… You're a genius, a generous genius!

March 17, 2012

Zubrag, thanks for your skill and generosity. I have tweaked it to log users logging in, setup a logout and added my own headers and footers. Brilliant. Graeme

Daniel March 22, 2012

Super nice script!! Did the job i needed it to do!! Saved me alot of time and work!!

ben March 22, 2012

I had the problem of getting a 404 error on my server and it was just because I did not have the server set up with php support. Also remember your page needs to be in php too. Silly mistake and took some careful reading of the comments to figure out but looks like other people had this problem too.

Script now works great thank you

JiiKoo March 25, 2012

Simple and fast entry level password protection for the web pages. One thing worries me is that this script doesn't prevent some bots trying to login with brute force to the site due to lack of the number of the login attemps allowed and nor it doesn't have any feature passing the authentication information thru the web server log files to block the intruders IP using for instance fail2ban or some other similar utility.

March 28, 2012

Can it be set-up to multiple user n multiple redirection? example: user 1 with password 1 goes to page 1. user 2 with password 2 goes to page 2

April 2, 2012

Relative newbie, just installed DW and Xampp found your script and found it easy to set up and use.

*Thumbs up*

Poulty April 11, 2012

As a newbie to php, I found this really helpful, thanks.

A small mod I added was to put focus into the password box when loading the page, here it is, I hope it helps someone else. Just replace the form definition with this:

<form name="loginform" method="post">

<h3>Please enter password to access this page</h3>

<font color="red"><?php echo $error_msg; ?></font><br />

<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>

<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />


<script type="text/javascript">



kuzco1 [anti-spam] gmx.ch April 11, 2012

Hello, I love this script, but unfortunately I was not able to change the script to use a SQLite database. Can someone please send me his *.ph which is using SQL or mySQL to kuzco1@gmx.ch.

Juan April 13, 2012

Just started today to program in PHP and mySQL and this was so easy to implement in my little project. This is just so amazing!

rha2180 [anti-spam] yahoo.com April 25, 2012

Great Script, super easy to implement. I'm wondering if there is a way to pass the username to another page so I can give admin rights to specific users so they can create new users, as well as have users change their own passwords. Thanks,


sreed207 [anti-spam] gmail.com May 6, 2012

I have the script up and running on a site, and it works great in firefox, but the logout url is not actually logging out in ie (it redirects but does not logout). Any suggestions? Does this have to do with caching?

sreed207 May 7, 2012

Got it running (see my previous comment). I don't think the HTML no-cashing was enough. I added this in right before the <html> tag, and now ie logs out correctly:


// Date in the past

header("Expires: Mon, 26 Jul 2011 05:00:00 GMT");

header("Cache-Control: no-cache");

header("Pragma: no-cache");


Lefteris May 10, 2012

Thanks a lot mate!

Your script works like a charm….

Really Good Job!

Intrepid May 27, 2012

Logon is good, but Cookies fail to set on data from mySQL, so keep needing to logon :-$LOGIN_INFORMATION[addslashes(strtolower($row['name']))] = $row['password'];

Cookies work just fine on, no need for repeated logons:-


'zubrag' => 'root',

'test' => 'testpass',

'admin' => 'passwd'


azim8725 [anti-spam] yahoo.com May 29, 2012

ami bdadclick a kivabe platinum plus account khulbo bolben please.

hatimnes66 [anti-spam] yahoo.com June 15, 2012

my pass world Sako

New.methodsir [anti-spam] gmail.com June 29, 2012

Koto taka niben per account khulte?

Leonardo July 26, 2012

Ok, it work fine.

Thank you very much,


shangguanyu [anti-spam] yahoo.com August 24, 2012

I completely agree with you. I have no point to raise in against of what you have said I think you explain the whole situation very well

Nick August 28, 2012

I used the script to try it out, and everything works, the only problem, is that it won't let me add more than two users. Why is this?

Nick August 28, 2012

Nevermind, sorry, just wasn't reading, what it says right above the array of passwords. Great Script!

Pete August 29, 2012

Forget the password_protect.php?help that returns a server-specific URI. I wanted to be able to test using wampserver on my localhost too, so I used

<?php include($_SERVER['DOCUMENT_ROOT'].'/mypath/password_protect.php'); ?>

This allows the code to work on any server without having to modify every file when I change.

samundrak [anti-spam] yahoo.com September 2, 2012

zubarg died or still alive ???????????????//

September 6, 2012

How can I have the page access an "https:" page?

jesseg [anti-spam] jessegunzel.com September 6, 2012

How can I have the page access an "https:" page after successful login?

bbariyana [anti-spam] gmail.com September 15, 2012

Your script look good and i to use it in my site.

Georgi's FlatPress Guide September 19, 2012

Zubrag's great script is now available as a FlatPress plugin. Now you can have a completely private personal or small team blog, yet still be able to update it remotely using blogging software such as Windows Live Writer. Full instructions and a download link here:


Jon September 19, 2012

This script was super easy, lightweight, and perfect. Thank you!

October 10, 2012

Isn't it possible for others to get md5 hash stored on the cookie, for example using packet sniffers or cross-site scripting?

Couldn't others access the protected pages, or even finding the password using MD5 collisions, just by having that md5 hash that always stays the same?

mani366 [anti-spam] gmail.com October 13, 2012

I have created a free website — passncfm.webs.com How can I password protect it. Pls help

creative.versatile [anti-spam] yahoo.com October 25, 2012

Good script! However, it would be better if a session-cookie could be saved (after log-in) on the desktop — so that all other protected webpages can be accessed, without logging-in separately for every page (the comment-out method does not protect ANY file at all) please.

Saldy November 9, 2012

How to make forum in php

December 1, 2012

Can anyone help to pull usernames and passwords from mysql?


coderguyz [anti-spam] gmail.com December 5, 2012

hmmm…superb script….thank you so much……….

Savannah December 20, 2012

hello…can anyone tell me if this code is teh kind of pw protect that requires one single pw? Or can we create unique passwords for each user? And if unique does the code generate them for us or do I need to import a list of passcodes to be assigned? Thx so much for any assistance!

nowhereman [anti-spam] nowhereland.gov January 3, 2013


Can create unique passwords for each user

Flash Buddy January 3, 2013

Savannah, you open password_protect.php in a text editor. There is an array that new users and their passwords can be added to. Look for the sections labeled Settings Start. Here is my script with logins for my 3staff.


'Tom' => 'luv2surf',

'Dick' => 'hateLEDs',

'Harry' => 'needabath'


You can find more info in the forum for this script: http://www.zubrag.com/forum/

ddave2122 January 4, 2013

Once I found out that it only works with .php pages, worked like a charm! Thanks for the great script!

Intrepid January 12, 2013

How can I get the script to use an array generated by mySQL, where user names and passwords are stored

Mowgli January 29, 2013

This script is great!

I've been trying to make some slight changes, but can't seem to figure out how to make it work.

What I'd like to do is:

— allow MAX_ATTEMPTS tries to get the password correct

— Call e.g. failed.php on failing all attempts, pass.php if correct password.

Can you give me some guidance on making this work? Thanks.

Mowgli January 29, 2013

Err, sorry about the above question. I'll go to the forum. I saw the comment too late 😐

February 27, 2013

Has anyone got this to work with Jquery Mobile. It kills the CSS and would love to find a way to use this…

paymentautomation March 8, 2013

I would like to give several clients access to a restricted area, but each client must only access their specific page.

If I create one webpage that askes them for the user id and password, what happens after a successful login? How do they proceed to their specific webpage?

Sebastian March 18, 2013


To fix this issue, all you need to do is simply remove the 'underscore' from the php file.

For example:

Rename the file —> 'password_protect.php'

To —> 'passwordprotect.php'

Your welcome! :3

SrAxi April 8, 2013

perfect. U are genius.

nusamax [anti-spam] gmail.com May 17, 2013

Hi, I just want to know is it possible to protect different pages with different passwords?

I mean to view "PAGE A" password should be "TEST1"

to view "PAGE B" password should be "TEST2"

is it possible? have unique passwords for each different pages?

Chris May 24, 2013

Hi, very good solution, butI have a problem. I have created password_protect.php, I have put in my page the code in the first line. It starts asking the password (I put only password protection not username). When I give the password which I previously define in password_protect.php, the page appears again the same to put again the password and don't show the "real web page.

friendzhost [anti-spam] gmail.com June 6, 2013

Any one can help me plzzz i got this message after login page,

Warning: Cannot modify header information — headers already sent by (output started at /home/raees123/public_html/libpk.php:26) in /home/raees123/public_html/password_protect.php on line 139

Thadeo.Wen9.Com June 15, 2013

waooooooo!!!! yesssss

LANNER July 15, 2013


Stay this script update for long years 🙂 thanks and good job

suporte [anti-spam] inglesfuncional.com July 16, 2013

Does anyone having issues when trying to submit the form (password)!

I am getting error: ERR_EMPTY_RESPONSE

August 3, 2013

after login it stays blank and doesn redirect 😛

Mo August 14, 2013

Thank you. You are awesome.

info [anti-spam] dstar.in August 16, 2013

Thanks for you script

but tell me how insert new username and password pairs by php form

August 24, 2013

superscript to protect my girls friends nude pics !

chloe.t.williams009 [anti-spam] gmail.com September 4, 2013

i noiiiid php ,mailers and shells and smtp …….how can i get get it plz ….need it urgently

Peo September 17, 2013

Simply perfect! thanks!

JiiKoo September 18, 2013

The users are being stored into the file bin/users.php as seen here below. There aren't at the moment any other way adding the users than manually in this file. Below is an example adding two users or user1 and user2, the next filed is for the password, the 3rd field is for the e-mail address (not a must, can be left empty), and the 4th is for the home page for this specific user from the root level of your web server configuration.

<?php die(); ?>



altinsley [anti-spam] hotmail.com September 18, 2013

need to see and gey my grandson pics

ali.arman173 [anti-spam] gmail.com September 26, 2013


hey September 29, 2013

well help me where is the log out butoon

kenneth.chow312 [anti-spam] gmail.com November 5, 2013

May I know what is the Login and password ? I tried both but cannot login…

Login : root

password : adminpass

Thanks !

dirkvl123 [anti-spam] hushmail.me November 5, 2013

Thanks for this! Very usefull!!!!

Jared November 7, 2013

This is great, and highly customizable! My only question is if it's good enough to keep a single page that has an file upload script protected on a domain without mod_security enabled. Thoughts?

It is the only thing on the domain (subdomain actually).

tivisu November 8, 2013

I use users and password from database. But I have a problem with password, because in database password is stored with md5. So, where can I add md5 to "protector" accept the password from form?

November 11, 2013

Great Script. Thanks

Sufia Erum November 11, 2013

Hi Kenneth,

The 1st user & password is:



2nd user & password:



daniel November 20, 2013

is there anyway to password protect a directory?

mcswanepoel [anti-spam] mweb.co.za November 20, 2013

Super Script. Got it working on first go. I would just like to know is there a script to log out ?

Sorry for the dumb question.

php guy November 21, 2013

To logout, place following html on your protected page <a href="http://example.com/protected-page.php?logout=1">Logout</a>. Change the link to match yours, but leave "?logout=1" part as is.

photos by jerry December 6, 2013

I am trying to have primary users who have access to multiple pages or an entire directory and secondary users who only have access to specific pages will this script do that?

beamkiller December 11, 2013

This script is good. But if you click on LogOut and press the Back button in the browser you can see the page and interact with it.

Is there way too disable this?

I think cookie is not succesfully deleted.

Asif December 13, 2013

How do I remove the cookie functionality, so that it will require password for everytime i refresh the page?

chris December 20, 2013

awesome! thanks a lot!

TH January 5, 2014

Thanks! Useful and simple!

Rasheda Sultana January 11, 2014

Awesome script. Thanks for share it. I add it on my private image upload center.

http://sultana.me/upload/ with a new login template. hope u like it 🙂

wpgbrown [anti-spam] hotmail.co.uk January 12, 2014

It does'nt work for me!

trenowsky [anti-spam] abv.bg January 28, 2014

Awesome script. Thanks for share it. But I would like to ask You if it's possible to set up an automatic log in , in case of "thank you page" where I need my clients to view the protected page without a password (after payment), and people who doesn't come from paypal secure page to view the log in box page…how could it be done ..

Ron Johnson February 7, 2014

I didn't know it was so easy to protect your site. This was so helpful and easy. Thanks!

Ron Johnson | http://www.yourtrustedagent.com/auto-insurance.html

dave February 13, 2014

loaded up and works ok, my question is that for some reason with this I have to sign into every page within the hidden folder is there a way round it

dave February 13, 2014

Changed script according to Mark's suggestion. Now it supports cookies and requires password only once. how do you add the cookies sript

vincurek.f [anti-spam] gmail.com February 17, 2014

Thank You VERY much! 🙂 This is exactly what i was searching for.

pete February 25, 2014

Hi, I'm something of a novice so would appreciate any help. My website is hosted on a windows server and i'm getting the following line to include in pages to be protected <?php include("D:\CustomerData\webspaces\webspace_00102460\wwwroot\password_protect.php"); ?>. Doesn't work. Do I need to transfer my site to a linux server to get this to work?

firman_hajili [anti-spam] telkomsel.co.id February 26, 2014

hi all,

after i use the script and log in with username and password then it was successfully enter the website. but, everytime i click the content on my website, it always loop back to the username and password page again and again. please help with the solution.

thanks all

TimeOut Challenge April 6, 2014

Hi, Great script. I'm having issues with the timeout. After the 2 minutes that I assigned I see my page but with without the style sheets applied. I log in and then everything is fine.

hoyu.yiu [anti-spam] gmail.com April 14, 2014

Great Scrip.

I am trying to pass over some $var from the page it's trying to protect to popular some page information on the password_protect.php page.

However, I have no success to. It seems that any and all $var I specify on the password_protect.php page or pass over from the page before is being ignore. What am I missing? Thanks.

April 18, 2014

yeah its cool dude love it

April 21, 2014

that's a beautiful script man, peace and great job

April 21, 2014

Really good script, thank you for share it!

May 7, 2014

Quick and simple! Thank you very much.

May 8, 2014

14 years after, still works beautifully!

Great pieces of work are like this!

Thank you very much!

Joao Silva, from Portugal

sam May 9, 2014

I got it to work right and its great, but is there a way to do it so I don't have to put that line on the first line of the page? Can I change the password_protect file such that it looks to the second line of each file for that line? There is other text that I must put on the first line

Wayne May 12, 2014

I am interested in 2 things and seem to not understand, can anyone help?

1) What do I do to make it an entry page that protects all the pages on the site with only the password entered on the landing page.

2) If I use a password file to pull passwords from where and how do I set the file up?

May 14, 2014

anyway u can make the password encrypted??

Add Comment

!!! Comments posted here will not be answered. If you want to ask a question please post it on the forum.

E-mail or Name: Not required. Email will be protected from spammers

Comment: Please do not post unrelated comments

Anti-spam: Please enter (7967ebfb) into the box

© zubrag.com privacy policy | site map