Very quick & dirty way to password protect PHP page content

I definitely don’t recommend using this technique for hiding anything at all sensitive, but if you have a situation where you want certain content to be available or presented in a certain way to people who have a password but not the general public, this one line of code will do the trick:

$hidden_stuff = 'This could be text, data obtained from a database or whatever else you like or simply used to format the page in a certain way...';

echo (strpos($_SERVER['QUERY_STRING'], 'sneakypassword') !== false ? '<p>' . $hidden_stuff . '</p>' : '<p>Stuff that anybody can see.</p>');

People who are allowed to view the hidden content don’t need to log in – all they need to do is add the password to the URL as a querystring.


There are plenty of good reasons not to do this:

  • The password is visible in the URL so can be seen by others nearby
  • It is more susceptable to brute force password attacks than a posted password
  • The password will be bookmarked if the page is
  • The password will be cached or logged if the page is

On the other hand, it can have it’s uses. I personally use this exact technique for dummy lorem ipsum text generation for website testing. I have a page that generates random words in a format suitable for pasting straight into a visual text editor, if I add a ?p to the url, it wraps the paragraphs in <p> elements, if I add ?ul or ?ol it outputs it as an unordered or ordered list.

I may post the code for this in a future post.


Leave a Reply

Your email address will not be published. Required fields are marked *