We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

password protection

randyw
randyw asked
on
Medium Priority
355 Views
Last Modified: 2006-11-17
I need to have some sort of way to put password protection on my page.  Right now i have the index, and there are a couple links that I want to add passwords for.  Could someone tell me how to make it so a window will prompt for a password when the user clicks on the link, and how to make the password not viewable in the source code.

Thanks....

Randy
Comment
Watch Question

edl

Commented:
I think you are looking for something like experts-exchange when you log in.  It asks you for a password and userid.

To do this you need access to the webserver, and files such as htpasswd and .htaccess.  This is setup in the servers conf files. And really the only way to do it.

I don't know of anyway to do this securly with javascript
Commented:
In JavaScript it is not possible ...

You can do a CGI program that you pass values to him, like this:

- link = "somepage.html"
  (do not show to user)

- pass = "somepassword"
  (when user click on link, you ask for password and fill
   the pass variable with it.)

Then you call the CGI:

CGI?link=somepage.html&pass=somepassword

The CGI return:

- A ERROR default page, if the pass was incorrect.
- The right page, if the pass was correct


*** Hope it's help! ***


 Vitor Rodrigues
viro@pluriproj.pt
   Portugal

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Well...nobody answered my question well enough to get any puntos....so I went to the local library and learned java real fast, here's what I came up with.  As you can see, I've come up with an encryption method so that they don't even know what page it is they -might- goto, depending on whether or not their password is correct....

<script>

      var key1 = encode("66",7)
      var key2 = encode("98",key1)
      var key3 = encode("jg",key2)
      var key4 = encode("HA",key3)
      var key5 = encode("gg",key4)


      var password = window.prompt("Enter your Password.")
            if (password == null)
                  history.back()
            else (gopage())

function gopage() {
      var runone = encode(password,key5)
      var runtwo = encode(runone, key4)
      var newpword = encode(runtwo,key3)
      var page1 = encode("50ap21t50M6a12",key2)

      if (newpword == "QPxJXMJ~")
            {
            location.href = page1
            history.back()
            }
}


function encode (OrigString, CipherVal) {
      Ref="0123456789abcdefghijklmnopqrstuvwxyz._~ABCDEFGHIJKLMNOPQRSTUVWXYZ"
      CipherVal = parseInt(CipherVal)
      var Temp=""
      for (Count=0; Count < OrigString.length; Count++) {
            var TempChar = OrigString.substring(Count, Count+1)
            var Conv = cton(TempChar)
            var Cipher=Conv^CipherVal
            Cipher=ntoc(Cipher)
            Temp += Cipher
      }
      return (Temp)
}

function cton (Char) {
      return (Ref.indexOf(Char));
}

function ntoc (Val) {
      return (Ref.substring(Val, Val+1))
}

</script>

All Those Answers Went Right Through Me IE:"Je Ne Comprends Pas!" Here Try This It's The Simpleist Password Protection Thing I Know Here Are The Steps...
1)Make A Incorrect Password Page
2)Make A Correct Password Page
3)Make A Page That Lonks To The Long-In Page Via A Form Button
4)Make A Page That Look's Like This:

<HTML>
<!-- Password Log-in JavaScript Copyright 1996-1997, Smallfri Inc. -->
<!--                        http://www.nsis.com/~coadydk/            -->
<HEAD>
<TITLE>Password Log-in</TITLE>
<!-- Log-in Scrip Start -->
<SCRIPT language="JavaScript"><!-- Script Segment
// Autho Long-In(Main)JavaScript, Copyright 1996-1997 Smallfri Inc.
        password = "correct-password";        // Password Needed To Enter
The Web Page
        relocateloc = "http://www.url.com/myname/wrongpasswodpage.html"  //
Location You'll Be Pushed To If Your Password Is Inncorrect
        if (prompt("What Message I Want To Be Displayed When Someone Try's
To Log-in ie, Please Enter Your Correct Password", "") != password) {
location.href=relocateloc}
// End Script -->
</SCRIPT>
<!-- Log-in Script End -->
</HEAD>
<BODY BGCOLOR=#FFFFFF>
<!-- Begin Axcess Granted Push -->
<!-- This "Push" Is Extreamly Important
     For The Password Log-in To Work The
     Page Called "axcess_granted_page.html'
     Is The Page That They Goto If The
     Password Is Correct Make The Page Name
     Complacated So It Won't Be An Easey Guess! -->
<META HTTP-EQUIV=REFRESH CONTENT="1; URL=axcess_granted_page.html">
<!--  End Axcess Granted Push  -->
</BODY>
</HTML>

You Can Edit Almost Anything But Don't Add Things To The Body Section Execept What's Allready There, Ie:Text, Images, Extra HTML, Ext.

This One Also Has A Couple Of Comments So You Can Easly Understand Where Your Adding This Service.



                                                 Hope It Works,
                                                            SmallfriX

Author

Commented:
uhhh....thats so gay.  the whole idea of password protection is to have a *secure* page.  with what you just showed me they can just view the source and see the password in clear text.  at least encrypt it...


Randy
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.