Username and Password Protected Page - How to make more secure

[m_hutchins]

Hello there,

I have a page that needs to be username and password protected. I currently have a link that goes to the "login" page and from there when logged in correctly, goes to the desired page. The issue is that is someone has the direct url, they can by pass the login page.  Is there a way to pass the typed in username and password and show the desired page if correct or show an error message if not???

Here's the code I'm using on the "login" page:

<form name"login">
                        <input type="text" placeholder="Username" name="userid">
                        <input type="password" placeholder="Password" name="pswrd">
                        <input type="button" onclick="check(this.form)" value="Login">
                    </form>    
                        
                    <script language="javascript">
                        function check(form)
                            {
                                
                                if(form.userid.value == "Perry" && form.pswrd.value == "P911erry")
                                {
                                    window.open("http://comprosinc.oiw11.com/ftp-clients/perry-county/index.htm", "_self")
                                }
                            else
                            {
                                alert("The username and password you entered are not correct")
                            }
                            
                            }
                    </script>

Any and all help would be greatly appreciated!

Thanks in advance,

m@

[justsomeguy]

The first step is to not use Javascript to authenticate people, because anyone can look at your code to see the username and password.  You need to use a server-side language like PHP to authenticate people and keep track of who is logged in.  On any page you can then check if someone is logged in.  You can use PHP's session for that.