Password in HTML?

[BigBen_DK]

Hi.

I maintain a homepage for a fond, and have a question. Hope someone can help me. :-)

 

I have added a link on one of the pages to open a new site - no problem. But only those with a password should be able to open the page. Therefore i have made this HTML in the body:

<form action="vedtaegt.html" method="post" autocomplete="off">

<input type="password" name="test" required="required" maxlength="15"></form>

If i choose not to write any password i can´t access the page vedtaegt.html - as it should be. But if i enter any text, i can access the page, witch only should be the password "test".

What am i doing wrong?

Thank you for your help. :-)

[dsonesuk]

If a server-side scripting language is not used to process the password value sent using post it won't do anything but take you to the page used in action, using javscript would be piontless for javascript can be read by user to retrieve password required to access page.

[BigBen_DK]

Thank you. What should i do then? :-) Password and javascript isnt my strongest side.

[dsonesuk]

Learn server-side script language such as php, if user have individual passwords, you will have to store password to user in database, compare with what user name and password before sending to specific page.

 

If the page it will go to, is owned accessible by you, the server-side script used on that site must be the server-side language learned to process/validate form data before allowing access.

[BigBen_DK]

Hum. Thank you. I can see im way out of my league. Think ill just drop it. But thank you. :-)

[thescientist]

Why not just share the file via something like Google Drive or Dropbox?

[typomaniac]

Seriously, you should give thought to learning a server-side language. Don't be intimidated by it. It might seem a bit uncomfortable at first but once concept starts to fall in place the rest is history. Don't expect to understand everything overnight because it probably won't happen. Don't be afraid to ask questions--the dumbest question is the one that isn't asked and besides, that's what places like this are for. If it weren't for forums I'd be lost. PHP would probably be the easiest for openers and believe me, alot can/has been done with php.

[Rebecca]

IF you do not know any server side language like PHP, then do not worry, you can validate this password in Javascript too.

[dsonesuk]

IF you do not know any server side language like PHP, then do not worry, you can validate this password in Javascript too.

 

NO! not a good idea as you might as well NOT have a password using JavaScript, its insecure, and relies on JavaScript being enabled.

[davej]

I have added a link on one of the pages to open a new site - no problem. But only those with a password should be able to open the page.

 

How do they get this password? If you only need a simple protection scheme where only a few passwords are used (which perhaps you e-mail to users) the code could be a simple Php wrapper.

[Ingolme]

The simplest password protection scheme is just an if() statement. It's effective, but not flexible.

<?php
$username = 'Person';
$password = 'Password';

if(isset($_POST) && $_POST['username'] == $username && $_POST['password'] == $password) {
?>
  Protected content goes here
<?php } else { ?>
<form method="POST">
  <fieldset>
    <legend>Please log in to view content</legend>
    <label>Username: <input type="text" name="username"></label>
    <label>Password: <input type="password" name="password"></label>
    <input type="submit" value="Log In">
  </fieldset>
</form>
<?php } ?>

If you use Javascript for password protection I will personally break into your site. Javascript is 100% ineffective at password protection and what's worse, if you have one of your own passwords as the login, the person breaking in now also knows your password and if you use that password on other sites you're going to get hacked.

[davej]

If this is a website with several pages or pages that need to reload...

<?php
session_start();
$u1 = 'ernie';$p1 = '123';
$u2 = 'bert';$p2 = '321';
$u3 = 'grouch';$p3 = '111';
if (!isset($_SESSION["loggedin"]))
{
    if (isset($_POST["username"]) && isset($_POST["password"]))
    {
        $usr = $_POST["username"];
        $pwd = $_POST["password"];
        
        if (($usr == $u1 && $pwd == $p1)||($usr == $u2 && $pwd == $p2)||($usr == $u3 && $pwd == $p3))
        {
            $_SESSION["loggedin"] = time();
        }else{
            $msg = "<h3>Login attempt failed.</h3>";
        }
    }
}
if (!isset($_SESSION["loggedin"]))
{
?>
<!DOCTYPE html>
<html>
<head><title>LOGIN</title></head>
<body>
<?php echo $msg; ?>
<h1>LOGIN</h1>
<form method="POST">
Username:<br/>
<input type="username" name="username"/><br/><br/>
Password:<br/>
<input type="password" name="password"/><br/><br/>
<input type="submit" value="Submit"/>
</form>
</body>
</html>

<?php
}else{
?>

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>my web page</title>
<style>
h1{color:red;}
</style>
</head>

<body>

<h1>This is the protected content</h1>
     
</body>
</html>

<?php
}
?>

[dsonesuk]

Small point, opening body tag, and there's more, required title element.

[davej]

Oops.... fixed now....