password-protection - w3toppers.com

What is the best way to password protect folder/page using php without a db or username

Edit: SHA1 is no longer considered secure. Stored password hashes should also be salted. There are now much better solutions to this problem. You could use something like this: //access.php <?php //put sha1() encrypted password here – example is ‘hello’ $password = ‘aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d’; session_start(); if (!isset($_SESSION[‘loggedIn’])) { $_SESSION[‘loggedIn’] = false; } if (isset($_POST[‘password’])) { if … Read more

How to remove .htaccess password protection from a subdirectory

You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3: # allows any user to see this directory Satisfy Any The syntax changed in Apache 2.4, this has the same effect: Require all granted

Password protecting a directory and all of it’s subfolders using .htaccess

It’s a simple two step process In your .htaccess put AuthType Basic AuthName “restricted area” AuthUserFile /path/to/the/directory/you/are/protecting/.htpasswd require valid-user use http://www.htaccesstools.com/htpasswd-generator/ or command line to generate password and put it in the .htpasswd Note 1: If you are using cPanel you should configure in the security section “Password Protect Directories” EDIT: If this didn’t work … Read more

Password protect a specific URL

You should be able to do this using the combination of mod_env and the Satisfy any directive. You can use SetEnvIf to check against the Request_URI, even if it’s not a physical path. You can then check if the variable is set in an Allow statement. So either you need to log in with password, … Read more

Non-random salt for password hashes

Salt is traditionally stored as a prefix to the hashed password. This already makes it known to any attacker with access to the password hash. Using the username as salt or not does not affect that knowledge and, therefore, it would have no effect on single-system security. However, using the username or any other user-controlled … Read more

HTTP authentication logout via PHP

Mu. No correct way exists, not even one that’s consistent across browsers. This is a problem that comes from the HTTP specification (section 15.6): Existing HTTP clients and user agents typically retain authentication information indefinitely. HTTP/1.1. does not provide a method for a server to direct clients to discard these cached credentials. On the other … Read more

SQLite with encryption/password protection

SQLite has hooks built-in for encryption which are not used in the normal distribution, but here are a few implementations I know of: SEE – The official implementation. wxSQLite – A wxWidgets style C++ wrapper that also implements SQLite’s encryption. SQLCipher – Uses openSSL’s libcrypto to implement. SQLiteCrypt – Custom implementation, modified API. botansqlite3 – … Read more

Reading a password from std::cin

@wrang-wrang answer was really good, but did not fulfill my needs, this is what my final code (which was based on this) look like: #ifdef WIN32 #include <windows.h> #else #include <termios.h> #include <unistd.h> #endif void SetStdinEcho(bool enable = true) { #ifdef WIN32 HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE); DWORD mode; GetConsoleMode(hStdin, &mode); if( !enable ) mode &= … Read more

How do you use bcrypt for hashing passwords in PHP?

bcrypt is a hashing algorithm which is scalable with hardware (via a configurable number of rounds). Its slowness and multiple rounds ensures that an attacker must deploy massive funds and hardware to be able to crack your passwords. Add to that per-password salts (bcrypt REQUIRES salts) and you can be sure that an attack is … Read more