FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Password Protecting a webpage





**Timbuk2**
Hi,

On my website, there is a certain page that I only want people with a password to view. Its family photos, so I only want my family to be able to view them

Can anybody give me the code to do this, either in vbscript or javascript, but I would prefer vbscript

I don't plan on learning much scripting because I won't need it for anything else apart from this

I plan to have an input box where the user can type the password and it will come up in stars, and then I plan on having a Submit button, and then I would like to write the script (I would prefer vbscript)

Is the script for handling the click of that submit button
[code]
<script type="text/vbscript">
sub button1_onClick()
if text1.text = <password> then
'not sure how i would open the web page now
else
msgbox("You entered a wrong password, acces denied")
end if
</script>

Thank you for the help in advance
Timbuk2
SamiTheBerber
You should learn php, because if you use javascript and in browser is turned javascript off, then protection doesn't work. PHP is always sure.
**Timbuk2**
I don't know any php, it seems like alot to learn just to password protect one page.

Is there code I could write that if javascript is turned off that it won't display the pictures at all? It will just say that there was an error or something

And if people have javascript turned off does that count for vbscript?

Its a pity that frihost don't do ASP.NET 2.0, so then I could write code really easy (I know alot of Visual Basic.NET and C#.NET)

Thanks for the help in advance,
Timbuk2
**Timbuk2**
I have written this code so far, but it does not seem to work, so I think that I am doing something wrong

var password = prompt("Please enter the password:""");
if (password == "pass")
{
location = "Pics.htm";
else
{
location = "error.htm";
}
}

Can anyone tell me what is wrong here. Is the syntax wrong?
Nyizsa
So here's what you wanted in vbscript:
Code:
if text1.value="password" then window.navigate("family_photos.html")

The rest of the code is OK as you wrote.
If a browser has Javascript turned off, it means all scripting, including vbscript. Plus vbscript only works with IE for sure. (It may work in other browsers also, but it is unlikely.)
And one more thing: if you use client-side validation, you can be sure that ANYONE can view your family photos! The user simply goes to View - Page source, and he can read the password easily. Or he can even enter the URL www.yoursite.com/family_photos.html, and he will go straight to your "protected" page...
So consider learning PHP!
mj_loc_nl
**Timbuk2** wrote:
Hi,

On my website, there is a certain page that I only want people with a password to view. Its family photos, so I only want my family to be able to view them

Can anybody give me the code to do this, either in vbscript or javascript, but I would prefer vbscript

I don't plan on learning much scripting because I won't need it for anything else apart from this

I plan to have an input box where the user can type the password and it will come up in stars, and then I plan on having a Submit button, and then I would like to write the script (I would prefer vbscript)

Is the script for handling the click of that submit button
[code]
<script type="text/vbscript">
sub button1_onClick()
if text1.text = <password> then
'not sure how i would open the web page now
else
msgbox("You entered a wrong password, acces denied")
end if
</script>

Thank you for the help in advance
Timbuk2



As I do not know what kind of operating system / web server we are talking about I just imagine you are using Apache webserver… if so take a look at the .htaccess options. You can find more information on this subject at: http://httpd.apache.org/docs/1.3/howto/htaccess.html

It will give you the password protection of Apache and you do not have to code a restriction system yourself with all the possibilities of risking that it can brake if a knowledgeable user is taking a closer look at it.

Would use this standard option if it is possible but he,… it is up to you Wink


Regards,
Johan Louwers
afracsass
it'd be better to use php code. javascript is hard to protect its source code on the web.

here's simple example codes.

you need several files to write.

1. login page : login.html

Code:

<html>
<body>
<form name="login" action="logincheck.php" method="post">
password :<input type="password" name="mypasswd">
<input type="submit" value= "click">
</form>
</body>
</html>


2. logincheck page : logincheck.php

Code:

<?php

$password = $_POST["mypasswd"];
$targetURL1 = "http://www.myfamilyphoto.com/admin.html";
$targetURL2 = "http://www.myfamilyphoto.com/index.html";
$targetURL3 = "http://www.myfamilyphoto.com/error.html";


if($password){
  if($password==admin)
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL1\">";
  elseif($password==family)
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL2\">";
  else
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL3\">";

}

?>



3. you may create your own pages to be relocated after login.

good luck!
Stubru Freak
afracsass wrote:
it'd be better to use php code. javascript is hard to protect its source code on the web.

here's simple example codes.

you need several files to write.

1. login page : login.html

Code:

<html>
<body>
<form name="login" action="logincheck.php" method="post">
password :<input type="password" name="mypasswd">
<input type="submit" value= "click">
</form>
</body>
</html>


2. logincheck page : logincheck.php

Code:

<?php

$password = $_POST["mypasswd"];
$targetURL1 = "http://www.myfamilyphoto.com/admin.html";
$targetURL2 = "http://www.myfamilyphoto.com/index.html";
$targetURL3 = "http://www.myfamilyphoto.com/error.html";


if($password){
  if($password==admin)
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL1\">";
  elseif($password==family)
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL2\">";
  else
    echo "<meta http-equiv=\"refresh\" content=\"0;url=$targetURL3\">";

}

?>



3. you may create your own pages to be relocated after login.

good luck!


Correction to your code:

Code:

<?php

$password = $_POST["mypasswd"];
$targetURL1 = "http://www.myfamilyphoto.com/admin.html";
$targetURL2 = "http://www.myfamilyphoto.com/index.html";
$targetURL3 = "http://www.myfamilyphoto.com/error.html";


if($password){
  if($password==admin)
    header("Location: " . $targetURL1);
  elseif($password==family)
    header("Location: " . $targetURL2);
  else
    header("Location: " . $targetURL3);

}

?>

roeenoy
the best way to protect your own page is Sessions!

in sessions you can control on the people who has logged to your page
yjwong
Server-side authentication and sessions are the best. Javascript is very insecure because people can just see your source code. The industry standard of protecting a web page is sessions. cPanel uses server-side authentication. IPB, phpBB and lots of the major forums which uses web-page based login use sessions. Cookies are also very insecure, especially on a shared computer. Some people have scripts that can decrypt MD5 passwords, so even using them in your cookies are also useless. You can also use Apache authentication using .htaccess files.
leos4h
u can make an encrypted password by clicking the link below!

http://www.dynamicdrive.com/dynamicindex9/password.htm
mtorregiani
Stubru Freak wrote:


Correction to your code:

Code:

<?php

$password = $_POST["mypasswd"];
$targetURL1 = "http://www.myfamilyphoto.com/admin.html";
$targetURL2 = "http://www.myfamilyphoto.com/index.html";
$targetURL3 = "http://www.myfamilyphoto.com/error.html";


if($password){
  if($password==admin)
    header("Location: " . $targetURL1);
  elseif($password==family)
    header("Location: " . $targetURL2);
  else
    header("Location: " . $targetURL3);

}

?>



Sorry for bumping, but I'm having a question

To put your password you must go to the login.html... and if you put the right password you get redirected to index.html ... What's happens if I just go to the index.html and no to the login page, what can you do to evite that???

Thanks
Stubru Freak
mtorregiani wrote:
Stubru Freak wrote:


Correction to your code:

Code:

<?php

$password = $_POST["mypasswd"];
$targetURL1 = "http://www.myfamilyphoto.com/admin.html";
$targetURL2 = "http://www.myfamilyphoto.com/index.html";
$targetURL3 = "http://www.myfamilyphoto.com/error.html";


if($password){
  if($password==admin)
    header("Location: " . $targetURL1);
  elseif($password==family)
    header("Location: " . $targetURL2);
  else
    header("Location: " . $targetURL3);

}

?>



Sorry for bumping, but I'm having a question

To put your password you must go to the login.html... and if you put the right password you get redirected to index.html ... What's happens if I just go to the index.html and no to the login page, what can you do to evite that???

Thanks


Two options:
Use cookies/sessions to remember the password and check at the top of the index.php page. (Best way)
Give the index.php page a name like fcakkflapbmaega.php that noone will ever find. (Easiest way)
mtorregiani
how to do those cookies thing???
Stubru Freak
At the top of login.php (before any output or redirect), place this:
Code:
$password = $_POST["password"];
setcookie("password", md5($password));

Then at the top of all protected pages do this:
Code:
$cookiepassword = $_COOKIE["password"];
$rightpassword = "e99a18c428cb38d5f260853678922e03"; // md5 for abc123, the ideal password! http://b-con.us/pages/md5.php
if($cookiepassword != $rightpassword){
header("Location: http://www.myfamilyphoto.com/login.php");
exit;
}
Continue your page here


The md5() is to encrypt the passwords using md5, so that even when someone finds the code of your page, they still don't know the password.
This is optional.
uslhoops
The above post is good very useful. But can we put the password and username on a database like mysql or any other db? Then the codes will fetch the password and username.
Stubru Freak
uslhoops wrote:
The above post is good very useful. But can we put the password and username on a database like mysql or any other db? Then the codes will fetch the password and username.


Maybe read this tutorial: http://www.phpfreaks.com/tutorials/40/0.php
Related topics
Password Protecting Directories?
My site and Questions about it
password protecting a directory
Protecting folders
Maxthon - powerful web browser
PHP scripts
General .htaccess tutorial.
Password Protected Directories
PHP + .htaccess
Trick on XP
Home Server
Protect Your Page With Simple Login But Yet Powerful Script
How to email exe files?
How to password protect a zip file
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.