As D-Mac said, .htaccess is a great solution, but some hosts don't allow it.
With PHP, you would need an index.php file in the directory with a form for the user to fill in their username and password (called "username" and "password") and a log in button. I also put a hidden field with a name of "action" and a value of "login".
Make the form post back to itself (ie the same page as the form is on), and add the following to the first line of the page, above the HTML:
PHP Code:
if($_POST['action'] == "login"){
if($_POST['username'] == "myusername" && $_POST['password'] == "mypassword"){
$_SESSION['user'] = $_POST['username'];
header("Location: protected_page.php";
}
}
If the username and password are correct (hard coded in the example above, but normaly pulled from a database), then it will put the username in a session variable called "user" and then redirect to "protected_page.php".
On each page that you want to protect, add the following to the top of each page at line 1 (again above the html).
PHP Code:
if(strlen($_SESSION['user']) < 1){
header("Location: index.php");
}
This checks for the prescence of the user session variable, and only allows the user to view the page if the session variable is set (meaning the user has logged in) otherwise they are redirected to the index page to login.
Simple to setup, but does work.
Linear Mode
