I've been considering creating password-protected pages to maintain an archived list of articles I've written for specific clients. The idea would be to give the clients a username and password as an extra perk so that they would have access to backup copies of any work I've done for them. I found the following script with a quick Google search and I understand enough about PHP to know how this works, but I don't understand enough about PHP to know its vulnerabilities. If I create the passwords based on random strings and just email them to my clients to keep for their records, and there is no personal information on any of the pages being protected, what problems can I run into with using this?
Code:
<?php
// Define your username and password
$username = "someuser";
$password = "somepassword";
if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {
?>
<h1>Login</h1>
<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p><label for="txtUsername">Username:</label>
<br /><input type="text" title="Enter your Username" name="txtUsername" /></p>
<p><label for="txtpassword">Password:</label>
<br /><input type="password" title="Enter your password" name="txtPassword" /></p>
<p><input type="submit" name="Submit" value="Login" /></p>
</form>
<?php
}
else {
?>
<p>This is the protected page. Your private content goes here.</p>
<?php
}
?>
