Not exactly the most robust password protection here, so please don't use this to protect credit card numbers or something very important.

这里并不是最强大的密码保护，所以请不要使用它来保护信用卡号或一些非常重要的东西。

Simply drop all of the following code into a file called (secure.php), change the user and pass from "admin" to whatever you want. Then right under those lines where it says include("secure.html"), simply replace that with the filename you want them to be able to see.

只需将以下所有代码放入一个名为 (secure.php) 的文件中，更改用户并从“admin”传递到您想要的任何内容。然后就在那些写着 include("secure.html") 的行的正下方，简单地将其替换为您希望他们能够看到的文件名。

They will access this page at [YouDomain.com/secure.php] and then the PHP script will internally include the file you want password protected so they won't know the name of that file, and can't later just access it directly bypassing the password prompt.

他们将通过 [YouDomain.com/secure.php] 访问此页面，然后 PHP 脚本将在内部包含您想要密码保护的文件，因此他们不会知道该文件的名称，并且以后无法直接访问它绕过密码提示。

If you would like to add a further level of protection, I would recommend you take your (secure.html) file outside of your site's root folder [/public_html], and place it on the same level as that directory, so that it is not inside the directory. Then in the PHP script where you are including the file simply use ("../secure.html"). That (../) means go back a directory to find the file. Doing it this way, the only way someone can access the content that's on the (secure.html) page is through the (secure.php) script.

如果您想添加更高级别的保护，我建议您将 (secure.html) 文件放在站点根文件夹 [/public_html] 之外，并将其放置在与该目录相同的级别，以便它不在目录里面。然后在包含文件的 PHP 脚本中，只需使用 ("../secure.html")。那 (../) 表示返回目录以查找文件。这样做，某人可以访问 (secure.html) 页面上的内容的唯一方法是通过 (secure.php) 脚本。

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];

if($user == "admin"
&& $pass == "admin")
{
        include("secure.html");
}
else
{
    if(isset($_POST))
    {?>

            <form method="POST" action="secure.php">
            User <input type="text" name="user"></input><br/>
            Pass <input type="password" name="pass"></input><br/>
            <input type="submit" name="submit" value="Go"></input>
            </form>
    <?}
}
?>

This is a bit late but I wanted to reply in case anyone else came upon this page and found that the highest reply was a bit off. I have improved upon the system just a tad bit. Note, it is still not amazingly secure but it is an improvement.

这有点晚了，但我想回复以防其他人访问此页面并发现最高回复有点偏离。我对系统进行了一点点改进。请注意，它仍然不是非常安全，但它是一种改进。

First prepare your password salts file:

首先准备你的密码盐文件：

hash_generate.php:

hash_generate.php:

 <?php

 $user = "Username"; // please replace with your user
 $pass = "Password"; // please replace with your passwd
 // two ; was missing

 $useroptions = ['cost' => 8,];
 $userhash    = password_hash($user, PASSWORD_BCRYPT, $useroptions);
 $pwoptions   = ['cost' => 8,];
 $passhash    = password_hash($pass, PASSWORD_BCRYPT, $pwoptions);

 echo $userhash;
 echo "<br />";
 echo $passhash;

 ?>

Take your output $userhashand $passhashand put them in two text files: user.txt and pass.txt, respectively. Others have suggested putting these text files away above public_html, this is a good idea but I just used .htaccess and stored them in a folder called "stuff"

把你的输出$userhash，并$passhash把他们在两个文本文件：user.txt和pass.txt，分别。其他人建议将这些文本文件放在 public_html 之上，这是一个好主意，但我只是使用了 .htaccess 并将它们存储在一个名为“stuff”的文件夹中

.htaccess

.htaccess

 deny from all

Now no one can peek into the hash. Next up is your index.php:

现在没有人可以窥视哈希。接下来是你的 index.php：

index.php:

索引.php：

<?php
$user = ""; //prevent the "no index" error from $_POST
$pass = "";
if (isset($_POST['user'])) { // check for them and set them so
    $user = $_POST['user'];
}
if (isset($_POST['pass'])) { // so that they don't return errors
    $pass = $_POST['pass'];
}    

$useroptions = ['cost' => 8,]; // all up to you
$pwoptions   = ['cost' => 8,]; // all up to you
$userhash    = password_hash($user, PASSWORD_BCRYPT, $useroptions); // hash entered user
$passhash    = password_hash($pass, PASSWORD_BCRYPT, $pwoptions);  // hash entered pw
$hasheduser  = file_get_contents("stuff/user.txt"); // this is our stored user
$hashedpass  = file_get_contents("stuff/pass.txt"); // and our stored password


if ((password_verify($user, $hasheduser)) && (password_verify($pass,$hashedpass))) {

    // the password verify is how we actually login here
    // the $userhash and $passhash are the hashed user-entered credentials
    // password verify now compares our stored user and pw with entered user and pw

    include "pass-protected.php";

} else { 
    // if it was invalid it'll just display the form, if there was never a $_POST
    // then it'll also display the form. that's why I set $user to "" instead of a $_POST
    // this is the right place for comments, not inside html
    ?>  
    <form method="POST" action="index.php">
    User <input type="text" name="user"></input><br/>
    Pass <input type="password" name="pass"></input><br/>
    <input type="submit" name="submit" value="Go"></input>
    </form>
    <?php 
} 

<?php
$username = "the_username_here";
$password = "the_password_here";
$nonsense = "supercalifragilisticexpialidocious";

if (isset($_COOKIE['PrivatePageLogin'])) {
   if ($_COOKIE['PrivatePageLogin'] == md5($password.$nonsense)) {
?>

    <!-- LOGGED IN CONTENT HERE -->

<?php
      exit;
   } else {
      echo "Bad Cookie.";
      exit;
   }
}

if (isset($_GET['p']) && $_GET['p'] == "login") {
   if ($_POST['user'] != $username) {
      echo "Sorry, that username does not match.";
      exit;
   } else if ($_POST['keypass'] != $password) {
      echo "Sorry, that password does not match.";
      exit;
   } else if ($_POST['user'] == $username && $_POST['keypass'] == $password) {
      setcookie('PrivatePageLogin', md5($_POST['keypass'].$nonsense));
      header("Location: $_SERVER[PHP_SELF]");
   } else {
      echo "Sorry, you could not be logged in at this time.";
   }
}
?>

And the login form on the page...
(On the same page, right below the above^ posted code)

以及页面上的登录表单...
（在同一页面上，就在上面^ 发布的代码下方）

<form action="<?php echo $_SERVER['PHP_SELF']; ?>?p=login" method="post">
<label><input type="text" name="user" id="user" /> Name</label><br />
<label><input type="password" name="keypass" id="keypass" /> Password</label><br />
<input type="submit" id="submit" value="Login" />
</form>

Here's a very simple way:

这是一个非常简单的方法：

Create two files:

创建两个文件：

protect-this.php

保护-this.php

<?php
    /* Your password */
    $password = 'MYPASS';

    if (empty($_COOKIE['password']) || $_COOKIE['password'] !== $password) {
        // Password not set or incorrect. Send to login.php.
        header('Location: login.php');
        exit;
    }
?>

login.php:

登录.php：

<?php
    /* Your password */
    $password = 'MYPASS';

    /* Redirects here after login */
    $redirect_after_login = 'index.php';

    /* Will not ask password again for */
    $remember_password = strtotime('+30 days'); // 30 days

    if (isset($_POST['password']) && $_POST['password'] == $password) {
        setcookie("password", $password, $remember_password);
        header('Location: ' . $redirect_after_login);
        exit;
    }
?>
<!DOCTYPE html>
<html>
<head>
    <title>Password protected</title>
</head>
<body>
    <div style="text-align:center;margin-top:50px;">
        You must enter the password to view this content.
        <form method="POST">
            <input type="text" name="password">
        </form>
    </div>
</body>
</html>

Then require protect-this.phpon the TOP of the files you want to protect:

然后在要保护的文件的 TOP 上requireprotect-this.php：

// Password protect this content
require_once('protect-this.php');

Example result:

结果示例：

After filling the correct password, user is taken to index.php. The password is stored for 30 days.

填写正确的密码后，用户将被带到 index.php。密码会保存 30 天。

PS: It's not focused to be secure, but to be pratical. A hacker can brute-force this. Use it to keep normal users away. Don't use it to protect sensitive information.

PS：重点不是安全，而是实用。黑客可以暴力破解。用它来让普通用户远离。不要用它来保护敏感信息。

I would simply look for a $_GETvariable and redirect the user if it's not correct.

$_GET如果不正确，我会简单地寻找一个变量并重定向用户。

<?php
$pass = $_GET['pass'];
if($pass != 'my-secret-password') {
  header('Location: http://www.staggeringbeauty.com/');
}
?>

Now, if this page is located at say: http://example.com/secrets/files.php

现在，如果此页面位于说： http://example.com/secrets/files.php

You can now access it with: http://example.com/secrets/files.php?pass=my-secret-passwordKeep in mind that this isn't the most efficient or secure way, but nonetheless it is a easy and fast way. (Also, I know my answer is outdated but someone else looking at this question may find it valuable)

您现在可以通过以下方式访问它：http://example.com/secrets/files.php?pass=my-secret-password请记住，这不是最有效或最安全的方式，但它仍然是一种简单快捷的方式。（另外，我知道我的答案已经过时，但其他人可能会发现这个问题很有价值）

Some easy ways:
Use Apache's digest authorization.
Use lighttpd's digest authorization.
Use php's header digest authorization.

If you want you can also make it so only certain ip addresses can login.. :) really easy with lighttpd

如果你愿意，你也可以做到只有某些 IP 地址可以登录.. :) 使用 lighttpd 真的很容易

Update: I will post some examples soon, so don't vote down for no examples, i just need to get some down for this answer.

更新：我很快会发布一些例子，所以不要投票给没有例子，我只需要为这个答案准备一些。

If you want to use sessions the following is the best way to go:

如果您想使用会话，以下是最好的方法：

# admin.php
session_start();
if(!$_SESSION["AUTH"])
    require_once "login.php";
# Do stuff, we are logged in..

# login.php
session_start();
if($_REQUEST["username"] == "user" && $_REQUEST["password"] == "pass")
    $_SESSION["AUTH"] = true;
else $_SESSION["AUTH"] = false; # This logs you out if you visit this login script page without login details.

if($_SESSION["AUTH"])
    require_once "admin.php";

This method does not contain the examples for above but you seamed interested in this method. The other method examples are still to come, I have not got enough time to get it for apache or lighttpd settings and the php header auth: http://php.net/manual/en/features.http-auth.phpWill do.

此方法不包含上述示例，但您对此方法感兴趣。其他方法示例还在后面，我没有足够的时间来获取 apache 或 lighttpd 设置和 php 头验证：http: //php.net/manual/en/features.http-auth.php会做.

This helped me a lot and save me much time, its easy to use, and work well, i've even take the risque of change it and it still works.

这对我帮助很大，为我节省了很多时间，它易于使用且运行良好，我什至冒着更改它的风险，但它仍然有效。

Fairly good if you dont want to lost to much time on doing it :)

如果你不想在做这件事上浪费太多时间，那就太好了:)

http://www.zubrag.com/scripts/password-protect.php

http://www.zubrag.com/scripts/password-protect.php

A simple way to protect a file with no requirement for a separate login page - just add this to the top of the page:

一种无需单独登录页面即可保护文件的简单方法 - 只需将其添加到页面顶部：

Change secretuser and secretpassword to your user/password.

将 secretuser 和 secretpassword 更改为您的用户/密码。

$user = $_POST['user'];
$pass = $_POST['pass'];

if(!($user == "secretuser" && $pass == "secretpassword"))
{
    echo '<html><body><form method="POST" action="'.$_SERVER['REQUEST_URI'].'">
            Username: <input type="text" name="user"></input><br/>
            Password: <input type="password" name="pass"></input><br/>
            <input type="submit" name="submit" value="Login"></input>
            </form></body></html>';
    exit();
}

</html>
<head>
  <title>Nick Benvenuti</title>
  <link rel="icon" href="img/xicon.jpg" type="image/x-icon/">
  <link rel="stylesheet" href="CSS/main.css">
  <link rel="stylesheet" href="CSS/normalize.css">
  <script src="JS/jquery-1.12.0.min.js" type="text/javascript"></script>
</head>
<body>
<div id="phplogger">
  <script type="text/javascript">
  function tester() {
  window.location.href="admin.php";
  }
  function phpshower() {
  document.getElementById("phplogger").classList.toggle('shower');
  document.getElementById("phplogger").classList.remove('hider');
  }
  function phphider() {
  document.getElementById("phplogger").classList.toggle('hider');
  document.getElementById("phplogger").classList.remove('shower');
  }
</script>
<?php 
//if "login" variable is filled out, send email
  if (isset($_REQUEST['login']))  {

  //Login info
  $passbox = $_REQUEST['login'];
  $password = 'blahblahyoudontneedtoknowmypassword';

  //Login
  if($passbox == $password) {

  //Login response
  echo "<script text/javascript> phphider(); </script>";
  }
 }
?>
<div align="center" margin-top="50px">
<h1>Administrative Access Only</h1>
<h2>Log In:</h2>
 <form method="post">
  Password: <input name="login" type="text" /><br />
  <input type="submit" value="Login" id="submit-button" />
  </form>
</div>
</div>
<div align="center">
<p>Welcome to the developers and admins page!</p>
</div>
</body>
</html>

Basically what I did here is make a page all in one php file where when you enter the password if its right it will hide the password screen and bring the stuff that protected forward. and then heres the css which is a crucial part because it makes the classes that hide and show the different parts of the page.

基本上我在这里所做的是在一个 php 文件中创建一个页面，当您输入密码时，如果正确，它将隐藏密码屏幕并将受保护的内容向前推进。然后是 css，这是一个至关重要的部分，因为它使类隐藏和显示页面的不同部分。

  /*PHP CONTENT STARTS HERE*/
  .hider {
  visibility:hidden;
  display:none;
  }

  .shower {
  visibility:visible;
  }

  #phplogger {
  background-color:#333;
  color:blue;
  position:absolute;
  height:100%;
  width:100%;
  margin:0;
  top:0;
  bottom:0;
  }
  /*PHP CONTENT ENDS HERE*/

you can specify a password in your php code and only allow users that has the secret url:

你可以在你的 php 代码中指定一个密码，并且只允许拥有秘密 url 的用户：

mywebsite.com/private.php?pass=secret

in your file:

在您的文件中：

<?php
     if(isset($_GET["pass"] && $_GET["pass"]=="secret"){
           //put your code here
     }
     else{
           echo "you're not allowed to access this page";
     }
?>