Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

The best way to create a password protected page(s) is...?

dx_myrddraaldx_myrddraal Member Posts: 22
Yes, I know there's no way JavaScript can create foolproof password protected areas/pages, with password logins. But I'm sure there are still ways to at least protect the areas/pages from casual net users.

If you do have a way to offer some sort of security, either:

i) password login
ii) protecting the area/page(s)

will be VERY glad if you'll kindly post a solution/comment. Loads of people can benefit form this. NO codes in detail needed, but of course you'll need to explain it...

PLEASE name/describe your method briefly in the Subject. And PLEASE add the word (comment) or (solution) at the end of it instead of "re:... " !! THANKS a lot.

Comments

  • ayanroyayanroy Member Posts: 15
    try this script:-

    while(prompt("Enter password","")!="password_here")
    {
    alert("Wrong Password")
    }

    but still this is not a fool proof way to protect your page, you have to use some server side scripts , eg- ASP/PHP





  • dx_myrddraaldx_myrddraal Member Posts: 22
    I've figured out a way to make sure the user has logged in properly to view certain pages instead of typing the page address (thus, bypassing the password):

    1) create a frameset
    2) one of the frames (call it security) has a textbox that's invisible ( this.style.visibility="hidden" )

    3) when the user logs in, a value is inserted to that textbox.
    4) the content pages constantly checks for that values (manipulates it if there's a need)

    5) if there isn't a value or a frameset, change the location of the page...(it's best to check at the bsginning of the page and stop the loading )

    you may want to change the location of the page to about:blank in case the user stops the loading manually...

    the code can get messy but it can be considered an option to expensive server-side stuff.

    if there's away around this, PLEASE post a message...thanks!!

  • gaspardgaspard Member Posts: 14
    : I've figured out a way to make sure the user has logged in properly to view certain pages instead of typing the page address (thus, bypassing the password):
    :
    : 1) create a frameset

    : 2) one of the frames (call it security) has a textbox that's invisible ( this.style.visibility="hidden" )

    YEAH, or:
    [code][/code]


    :
    : 3) when the user logs in, a value is inserted to that textbox.
    : 4) the content pages constantly checks for that values (manipulates it if there's a need)
    :
    : 5) if there isn't a value or a frameset, change the location of the page...(it's best to check at the bsginning of the page and stop the loading )

    : you may want to change the location of the page to about:blank in case the user stops the loading manually...
    :
    : the code can get messy but it can be considered an option to expensive server-side stuff.
    :
    : if there's away around this, PLEASE post a message...thanks!!


    Unfortunatly, if the user has JavaScript turned off, this will not block the loading, but there is a way:

    Use document.write(); to write the whole page, so if the user has scripting turned off, they only see what is in the
  • mac_doggiemac_doggie Member Posts: 488
    When I made my first Intranet application I used the following:

    [code]









    [/code]

    Also create a file named: John_IAMJOHN.html wich automatically opens the first Intranet page (document.location.href=...;) You could also let it create a cookie and let every next page check for cookievalues...

    If you place these username files in a separate directory make sure to also add a document named index.html so that noone will get a directory overview if just typing the directoryname...

    It's not the savest way and your passwords can be found in the temporary internet files folder but if you clean up these files when done it's a usefull method. Nobody can get round this password check without knowing username and password... or an exact URL to the next page. This URL is not written in your login page code so they can't find it out...

    of course it is much saver to use a server side scripting language like PHP, ASP or Perl



    : Yes, I know there's no way JavaScript can create foolproof password protected areas/pages, with password logins. But I'm sure there are still ways to at least protect the areas/pages from casual net users.
    :
    : If you do have a way to offer some sort of security, either:
    :
    : i) password login
    : ii) protecting the area/page(s)
    :
    : will be VERY glad if you'll kindly post a solution/comment. Loads of people can benefit form this. NO codes in detail needed, but of course you'll need to explain it...
    :
    : PLEASE name/describe your method briefly in the Subject. And PLEASE add the word (comment) or (solution) at the end of it instead of "re:... " !! THANKS a lot.
    :

    ;-)
    -mac-
    mailto:programmersheaven@mac-doggie.nl
    the Netherlands...


  • daradara Member Posts: 1
    if your interested in protecting your pages you need to use some form of server side authenication. for your post i understand you don't want to go down the road of using a server side language like ASP,JSP,PHP or CGI for your website.

    the next best thing is to use htaccess. htaccess uses two files, settings file and user/password file, on the server in the directory you wish to protect and has a very simple setup procedure once you understand it. It is basically a series of commands to the webserver software to do an authenication check using a given password file. When accessing files from a directory the webservers (provided they support this and most do) will check for the presence of a .htaccess file. This is reasonably secure, the only way you can be any securer is using it over a secure connection. I would suggest than anyone who wants to make any part of their site protected and doesn't want to use any of the server side web languages to use this method and avoid using JavaScript for solving this problem.

    check out the link below.
    http://www.javascriptkit.com/howto/htaccess.shtml
  • compuchipcompuchip Member Posts: 273
    [b][red]This message was edited by compuchip at 2003-1-22 12:39:32[/red][/b][hr]
    This is also - as was mentioned by the way - not foolproof, but at somewhat safer because the password isn't anywhere in the code. The only problem is it won't look very nice if you enter the wrong password, but: who cares? If you do, don't use this :)

    You make a directory of which the name equals the password to use.

    [code]

    function PasswordCheck
    location.href = document.f.pw + "/index.html";
    }






    [/code]

    For example, if you enter the correct password you will go to /thecorrectpassword/index.html but if you submit the wrong password - e.g. 'hello', you will be taken to /hello/index.html


    [b]Edit:[/b] BTW, this solution is similar to macdoggies, which I just read after posting :)
Sign In or Register to comment.