If you need to lock down a number of web server pages, you can use this file to check for an authenticated user on any php page. This doesn't use the user/pass combination - only a single static passcode for simplicity. So this is by no means a production level solution.

Here is the PHP code:

<?php

session_start();

function redirect_to($location){  
    if ($location){
   header("Location: {$location}");
   exit;
}else{

    }

}

function logged_in(){  
    return isset($_SESSION['access_allowed']);
}

function confirm_logged_in(){

     if (!logged_in()){

         if(isset($_POST['access_key'])){

            check_access_key($_POST['access_key']);

         }else if(isset($_GET['access_key'])){

            check_access_key($_GET['access_key']);

         }else{
            denied_redirect();
         }


    }else{

         $_SESSION['access_allowed'] = 'yes';
         $_SESSION['access_key'] = 'PUT_YOUR_PASSWORD_HERE';

        granted_redirect();
    }
}

function check_access_key($key){

    if($key=='PUT_YOUR_PASSWORD_HERE'){

         session_set_cookie_params(86400000);
         ini_set('session.gc_maxlifetime', 86400000);
         $_SESSION['access_allowed'] = 'yes';
         $_SESSION['access_key'] = 'PUT_YOUR_PASSWORD_HERE';
         granted_redirect();


     }else{

         denied_redirect();
     }

}

function denied_redirect(){

    if($_SERVER['PHP_SELF']!='/access_screen.php'){

        if(isset($_POST['redirect'])){

        redirect_to("access_screen.php?redirect=" . $_POST['redirect']);   

        }else if(isset($_GET['redirect'])){

        redirect_to("access_screen.php?redirect=" . $_GET['redirect']);    

        }else{

         redirect_to("access_screen.php?redirect=" . 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);

        }
    }else{

    }

}

function granted_redirect(){

    if(isset($_POST['redirect'])){

        redirect_to($_POST['redirect']);
    }else if(isset($_GET['redirect'])){

        redirect_to($_GET['redirect']);
    }
}                                          

confirm_logged_in();

?>

Just make sure you replace "PUT_YOUR_PASSWORD_HERE" with the password that you want your user's to enter. You will then need to create a page called "access_screen.php" which is where any non logged-in users can authenticate with the password you specified.

<?php

require('login_check.php');

?>

<!DOCTYPE html>

<html>  
<head>  
<title>Kanemouke V8</title>  
</head>  
<body>

<form action="login_check.php" method='post'>  
  Access Key: <input type="text" name="access_key"><br>
  <input type="hidden" name="redirect" value="<?php if(isset($_GET['redirect'])){ echo $_GET['redirect']; }else if(isset($_POST['redirect'])){ echo $_POST['redirect']; } ?>"/>
  <input type="submit" value="Submit">
</form>  
<br/><br/>  
<?php 

if(isset($message)){

echo $message; 

}

?>

</body>  
</html>  

Now all you need to do is add this code to the top of any page you want to protect:

require('login_check.php');

And they will be redirected to the access_page if required. Upon authenticating successfully, they should then be redirected to the page they originally wanted to visit.

Let me know if this works for you ok or if you have any questions!

Thanks for reading!