added password protection files; added more information to the readme

samharp · samharp · commit 189ec09df84f · 2022-12-05T12:24:59.000-06:00
diff --git a/README.md b/README.md
@@ -1,2 +1,11 @@
 # php-password-protection-div-demo
-A (not super-secure) way to make password protected webpage content with PHP
+
+A (not super-secure) way to make password protected webpage content with PHP.
+
+## In this folder:
+- `secure.php` is the container page (will hold the password-entry form and secure content after entering correct password)
+- `secure.html` is the secure content (will be injected into `secure.php` after entering correct password)
+
+**NOTE:** For even higher privacy, store `secure.html` file in a not publicly-accessible location.
+
+**NOTE:** This method should not be followed for storing credit cards or other private personal information, but content that should only be visible for users with a given password. This is much more effective than a JavaScript/CSS implementation, but it is not impossible to grab hidden content.
diff --git a/secure.html b/secure.html
@@ -0,0 +1,2 @@
+<!-- the raw HTML that should be injected -->
+<p>You entered the correct password!</p>
diff --git a/secure.php b/secure.php
@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <title>Password Protection via PHP</title>
+
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+  </head>
+
+  <body>
+    
+  <!-- container for password-entry form -->
+    <div class="form-container">
+
+      <?php
+        $passErr = "";
+        $thePassword = "password";
+        $pass = "";
+
+        if ($_SERVER["REQUEST_METHOD"] == "POST") {
+          if (empty($_POST["pass"])) {
+            $passErr = "Password is required";
+          } else {
+            $pass = $_POST["pass"];
+            if($pass != $thePassword){
+              $passErr = "Please enter the correct password";
+            }
+          }
+        }
+      ?>
+
+      <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" autocomplete="off">  
+        Password: <input type="password" name="pass" value="">
+        <input type="submit" name="submit" value="Enter">
+
+        <?php echo $passErr;?>
+      </form>
+    </div>
+
+    <!-- where the hidden content will be injected -->
+    <div class="hidden-content-container">
+      <?php
+        if($pass == $thePassword)
+        {
+          include("secure.html");
+        }
+      ?>
+    </div>
+
+  </body>
+</html>

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+<!-- the raw HTML that should be injected -->`
	`2`	`+<p>You entered the correct password!</p>`