Passwording an HTML page with PHP...

[LifeInBinary]

My information isn't very sensitive lol - it's only a gaming clan for an online game. However, we do not want info in certaint sections of our website to be made public (tricks and secrets etc.).I have heard that PHP is the way to go - but I don't know anything at all about PHP - only XHTML/CSS.So here is my question: How do I set up a username/password on a single HTML page?It's as simple as this: The page has a form for username and pass, then if it is right it links to another page with the secret info on it - and if it's wrong, it links to a page that says it's wrong. Nothing fancy needed lol. Let's say the page with the password prompt is 'index.html' - the page if the pass is right is 'correct.html' - and the page if the pass is wrong is 'wrong.html'Could someone with a little spare time on their hands please help me set this up? I would be very greatful :)Thanks,Life In Binary.

[zppblood]

JavaScript is insecure because it's a client-side language meaning that the user can see the code when they view the source. You can use .htaccess/.htpasswd to create password protection, but your description says you want a form (this one will be a prompt for user/pass). Also, will be inserting the username/passwords in the file or in a database?

[LifeInBinary]

Since I don't know much at ALL about this lol - I have no idea where I would be storing the username/pass - I was hoping maybe 'you' could tell 'me' this ^^To be honest - just one single username and one password will be fine.So would you be able to help me out here or? Lol, not to be pushy - I'm just trying to get this done as soon as possible.If it helps any, here is the website that I am talking about: http://www.iribbit.net/i/lifeisbinary/me/I will be passwording the 'Secrets' page. Perhaps 'Screen Shots' and 'Chat' as well...It doesn't even have to be a form - just some sort of password protection. It could even be a text link on a page that says 'enter here' and then a password prompt pops up. I'm easy to please lol - anything that gives me that password protection will do just fine :)Thanks for all your help,Life In Binary.

[Synook]

Do your server have PHP with MySQL support? If so, then you can create a user/password table and use PHP to check form information. http://www.w3schools.com/php/

[LifeInBinary]

Well I just found out that the host 'supports' PHP/MySQL databases - but I am using a friends account. He only get's one MySQL database and he uses it lol. (He says it supports ColdFusion too - if that helps).He 'did' mention that I could set this up with XML, but that it would be less secure. Does anyone know the level of security you get with XML? Is XML server-side? And does anyone know how to set this up with XML?I do realize that we are still on the PHP category - so if I don't find help here, maybe I should post a link to this in the XML forum?Thanks All,Life In Binary.

[justsomeguy]

You don't need to store the password at all if you don't want to. You also don't need a username. You can do this on the form processing page:

<?phpsession_start();if ($_POST['password'] == "the secret password"){  $_SESSION['logged_in'] = true;  $url = "correct.php";}else{  $_SESSION['logged_in'] = false;  $url = "login.php";}?><html><head><title>Thank You</title><meta http-equiv="refresh" content="1;url=<?php echo $url; ?>"></head><body>Thank You</body></html>

On each page that you want to protect you can use this:

<?phpsession_start();if (!$_SESSION['logged_in']){  header("Location: login.php");  exit();}?>

[Juddling]

No Javascript isn't secure.I use PHP & MySQL Authentication with sessions on my website.You could also lookup HTTP Authentication.