Password Protect

[...678]

Is there a code that makes a page password protectedSo like you go on the page and it comes up with a prompt box saying enter password. Then if its right it redirects to the page selected and if its wrong it redirects to a page with Wrong PasswordIf there is please tell me

[croatiankid]

Yes.

[...678]

Yes.

Do you know what it is???

[boen_robot]

Funny. It all depends on what method you want to use for authentication. For a promt box, you need to have access to the server settings. For example, in Apache, you could use .htaccess files. Read this article as to how to do this with Apache's configuration files.

[PrateekSaxena]

You can also check if a cookie exists or not and then display or not display the page!

[...678]

You can also check if a cookie exists or not and then display or not display the page!

how do you do that?

[smiles]

it refers to database, you have a password in it and compare with the password that guest entered, if similar then guest can enter ...

[Kevin M]

You would have to use either a Browser Scripting language (JavaScript etc) or a Server Scripting Language (PHP,ASP(.NET),ColdFusion etc). Then check if the user has a cookie set that would allow them to view the page. If they do, show the page, and if not, don't show the page.

[...678]

You would have to use either a Browser Scripting language (JavaScript etc) or a Server Scripting Language (PHP,ASP(.NET),ColdFusion etc). Then check if the user has a cookie set that would allow them to view the page. If they do, show the page, and if not, don't show the page.

how do i make that cookie?

[MrAdam]

No one's actually told him what a cookie is, or how t ouse them...To set 'cookies' in PHP: http://www.w3schools.com/php/php_cookies.asp-----As boen_robot said, that prompt box with the username + password fields have to be set up on the server, read the link he sent.To determine if someone's logged in on your website, after they supply there username and password (in what ever method) and your PHP script has recieved these values, if through whatever security checks you impose, they are successful - you could set a cookie to store a piece of data, so that you can later check for this data as a means of checking if they are logged in.Sounds kinda confusing put like that ..you'll need to know PHP and possibilly MySQL if you are thinking of using a database to store their user data?http://www.w3schools.com/phphttp://www.w3schools.com/php/php_mysql_intro.asp

[...678]

Ok..Im not sureso..If i have a form that looks like this :

<form name="input" action="logintest2.htm" method="get"><br>Password<input type="password" name="LastName" value="" size="20"><br><input type="submit" value="Submit">

How do i make it so there is a set password and if they get it right they go to one pageif they get it wrong they go to another?

[boen_robot]

First stop, the get method on the form means all values from it will be visible in the URL and you wouldn't want users to be able to see other's passwords in plain text.Second, cookies are really unsecured for various reasons I won't go into detail explaining. Use cookies only for personal preferences that aren't that critical, such as prefered template, language, format, etc.If you really want ONE username and ONE password, you can do it with something like this in PHP:

<?phpif (POST['LastName'] == "Whatever password you want") {echo "Correct password";}else {die("Wrong password");}?>

The action attribute of the form must point to the PHP file containing this.

[PrateekSaxena]

What does die do??

[...678]

ki really dont understandEither if you could give me the whole code...or i just dont bother

[Skemcin]

All these answers are too vague and some are showing very little respect (croatiankid - don't give those type of answers again).Password protection should never be done using a client side scripting language (like javascript) if you want anything to be protected. Because that code is processed on the client side, it can easily be deciphered and broken. So, you have two options for protecting content:a.) use a server side scripting language like php, asp, or coldfusionb.) user server side authentication through the operating system and webserver.Unless you have access to the server itself, or the hosting provider has controls to configure your space, you will not be able to user server side authentication. Therefore, I'll give a quick overview to the server side scripting options.First, it doesn't matter which language you use, the principle is the same. You have login-form.cfm which is a form that asks the user to enter their username and password. That page uses the post method to send the information submitted to login-action.cfm (for instance). This page takes the information in the form scope (scope is where information is stored - form, cookie, session, url, etc.) and runs a query to a database. If the database finds a match, then you can label the user as logged in - otherwise it fails and you are not able to authenticate the user.That is the general process you must go through. No one is going to outright post your solution. The references to the tutorial are your place to start. Generally speaking, it is best to become familiar with storing information in a session. Information is a cookie is only good for the PC and browser the person is visiting on - and if you are in a public environment, you run the risk of the next user of the computer to have access to something they should not.Do some work on your own and come back with some specific questions - you will not get answers all over the map like you are now.

[Kaoru]

I wanted to password protect a few of my pages too, and although everyone told me it's better to do it with php, I did it with javascript. It's secure enough for me considering the info behind the password protection script isn't sensitive stuff:Here's the javascript code:

function protect(form) { if (document.passform.password.value == "password here") {  alert("Password correct, forwarding...");  document.location.href="members.html"; } else {  alert("Password Incorrect"); }

The document.passform.password.value would be the <input type="text"> field on the form (in this case the form is named "passform")Here's the form:

<form name="passform"> Password: <input type="password" name="password" /> <BR> <input type="submit" value="Submit" onClick="protect(form)"></form>

So that's it. Useful if you're not protecting any sensitive stuff (credit card details and such).

[justsomeguy]

Javascript protection is almost entirely useless. For one, someone can just disable Javascript. For two, they can read the password directly in the source code. If I saw that Javascript was popping up an alert box that the password was wrong, the first thing I would do would be to check the code for the password. For three, you can read the location where they are being redirected (members.html) and just go there anyway.If something is worth password-protecting, no matter what it is, it's worth doing right.

[PrateekSaxena]

If you do want to use JS for cheking the password you can first send an XMLHttpRequest to ask for the password from a PHP file that has encrypted it and is sending it. Use the same alogrithm to then decrypt it in JS. It would be better if it is Private Key Encryption so that even if someone knows the Algorithm you are using they wontbe able to crack the password!!

[aspnetguy]

If you do want to use JS for cheking the password you can first send an XMLHttpRequest to ask for the password from a PHP file that has encrypted it and is sending it. Use the same alogrithm to then decrypt it in JS. It would be better if it is Private Key Encryption so that even if someone knows the Algorithm you are using they wontbe able to crack the password!!

but if you are going to send a request to a php page why not just validate, set sessions, and cookies all on the same php page?

[justsomeguy]

Or disable Javascript and just type the URL where it would redirect you.

[PrateekSaxena]

I said that if you are a stubborn person who wants to use JS no matter whatthat is why I made the word "do" bold

[justsomeguy]

Well.. if you're a stubborn person and you are going to use a certain tool for the job regardless of what the best tool is, then you probably don't have any business programming in the first place. It's like telling someone you need a screwdriver to remove a couple screws and they show up with a hammer just because they insist on using it.

[PrateekSaxena]

Arre I am not stubborn...I just meant that those who do want to do it like that.i too would do everything on the PHP page as everyone else!!

[justsomeguy]

I know, I wasn't referring to you. I'm just saying that a programmer needs to have the ability to be able to adapt to whatever the best tool for the job is.

[PrateekSaxena]

Yup...I agreeIt is kind of hard to catch up with sarcasm and similar figures of speech when you can not actually hearing the person speak!