Newbie question: A web page with a password protected??

[Jennyucf]

Hi, there

I want to apply the "username" and "password" to a web page so only the
authorized people can get access. Can I use dreamweave to achieve this? Or what is the usual way to do this by writing javascript?

Thanks a lot in advance!

Cheers
Jenny

 

[onpnt]

Hi there, the best approach would be server side scripting like ASP with the use a a DB holding the usernames and passwords. The only other alternative you have with javascript is the use of cookies to accomplish this. Going via server side is far more secure though admin@onpntwebdesigns.com

 

[Jennyucf]

Thanks a lot Onpnt. I don't have the access to the server, so I think it's better to do it by javascript? Would you mind telling me more about it? Or is there any good website that I can refer to?

Cheers
Jenny

 

[starway]

It is not possible to do with javascript. There are some similar things done with JS but none of them is real protection as all data is stored on client side.

A good way to do what you want is htaccess.
Here's a rather good reference how to do it:

http://www.javascriptkit.com/howto/htaccess3.shtml

 

[onpnt]

a little confused on you not having access tot he server. Do you know if it supports asp? admin@onpntwebdesigns.com

 

[Jennyucf]

Since it's not a top secret website, I think I will just use javascript and keep the amateurs out..I also don't know if it support asp (poor web designer, ain't i?)

thanks for your time!

 

[onpnt]

try this one out.

http://javascript.internet.com/passwords/cookie.html

admin@onpntwebdesigns.com

 

[trollacious]

Actually, if you gather the logins and passwords, create a function to turn them into a number that can't be reverse engineered (like a hash value), you can store those on the page without worrying much about someone hacking into it.

 

[jockm]

If you want a rough and ready way to password protect a page, you might want to look at how I do it at

http://www.kalikalos.org/navbar.htm

The link FACILITATORS ONLY is password protected. It is not very strong, but it will keep all but the sophisticated from finding the page. It depends on the page being protected being in the same directory as the default.htm (index.htm)file and having the same name as the password. The average surfer cant find the contents of that top level directory.

As youll notice, the code is very simple and it works fine. Not only that, by creating different passwords, I can take people to different protected pages.

The whole thing depends on the password being the first part of the file name, eg,

password.html

Simple enough, but it works.

jock

 

[trollacious]

If you wish to provide only one password per page, then this works fine. However, if you choose later on to exclude someone who previously had access, this becomes a problem. Allowing users to set logins/passwords, you can add to or delete from the list without this kind of problem. By using a function that returns a numerical value derived from the password, you can store the number itself on the page in plain site and be assured that the only way to crack this is by brute force methods. Passing a login and/or password through the mathematical formula and then comparing it to the numbers on the list that has already been put together never exposes the original plain text.

 

[mflancour]

Um, for the newbi java person do you have an example code trollacious?

 

[trollacious]

You need to set up a page to get the numbers for yourself using text inputs, then put them in an array on the page and check through the array:

function createnumber(onestring)
{
var mult=1, number=0;

for (var oi=0;oi<onestring.length;oi++)
{
var onenumber=onestring.charCodeAt(oi);
number += (onenumber * mult);
mult*=3;
}
return number;
}

Now, you have to use your imagination and programming skills to figure out how to set this up for yourself and on the web page. Once you have the password someone wants to use, run it through the function to get the number, and put the numbers in an array on the web page. When someone logs in, you'll need a function to run through the array and check the result of the password against those already processed. There are variations that would be more secure, but on a website with no server side processing, security isn't really much of a possibility. Keeping people out once they know a page name or looked in your source code to see the page name is another story, and you'd have to use cookies for that.

 

[RichardEdwards]

Here's how I implemented a javascript-based login page:

function imgError() 
{ alert('Sorry, that is not correct.');

:-(

  document.enter.password.value='';
}
function imgLoad() { window.location=this.password+'.html'; });

function tryit()
{ var I = new Image(1,1)
I.onerror=imgError;
I.onload= imgLoad;
I.password=document.enter.password.value;
I.src='images/'+I.password+'.gif';
}
document.write('<form name=enter action=&quot;javascript:tryit()&quot;><input type=password name=password id=password><input type=submit value=Login id=sub0></form>');

This simple form has a password field and a submit button. When the form is submitted,

tryit()

creates an Image, assigns onerror and onload handlers, and tries to path the image source as named by the user. If it successful, a like-named page is loaded. Otherwise, an alert informs the user that their entry is not correct. I think that an apologetic alert is more graceful than a rude javascript error.

Note that the image can be anywhere... even on a different domain! However, it is advisable not to allow directory browsing where the image resides, because someone can hack your secured page simply by trying the name of every image in your image directory. Even so, this is about as good as security gets from a client-side script. :

mailto:richard.renfrow@juno.com

 

[sundemon]

Trollacious,
That is an interesting approach to allow individual passwords. Do I understand correctly that, in a purely &quot;client-side&quot; setting, you would need to update the page containing the array of valid password numbers with each new or deleted user?

 

[trollacious]

Yes, as new users are added, or old ones deleted, you have to add or delete the numbers from the list on the page. You also need to keep a list on your computer of which user's password calculates to which number. There's really a limit to how secure you can make something with client side Javascript only, and the more secure you want things, the more complex it gets.