I’m trying to learn something about password protecting webpages, or directories, or whatever. I’ve found a few javascripts that require one to enter a user name and password in order to access another page, but if one views the source code, the user name and password are right there in plain sight. Sort of seems to negate the benefit. Plus, the javascripts I’ve seen so far limit the protection to only one user and one password whereas I hope to eventually need thousands, or at least two or three.
Can someone point me to a place where I might learn what I need to know? Like a discussion group? Or a message board? Better yet, can someone just tell me how to do it?
I never dreamed I would be so dern bored in retirement.
You can also use you htaccess to block evil IPs, redirect pages, and create anti-leeching scripts (for weasel who still your bandwidth by linking to your graphics).
Check with your ISP first. Sometimes you’re not allowed to use htaccess, often it’s okay though.
It’s important to note that .htaccess is only for Apache webservers. Other types of servers have simliar methods, though I’m not familiar with them. You’ll want to check with your webhost or ISP to determine the capabilities of the particular server in question.
At this point, I’m just playing with pages on my own computer; I don’t have anything on the web. I really don’t want to pay someone to do something I can do for myself—on the other hand, when mistakes happen, it is nice to have someone else to blame. Anyway, thanks for the suggestion and I will check it out. Keep 'em coming, save me from terminal boredom.
Q.E.D. is correct! <insert presently-broken smackie here>.
Many website hosts have utilities that help you password protect folders. Often these ulitilities create the .htdocs for you, or soemthing similar, but they do it through easy to use forms that don’t require any real knowledge!
So first step: Log in toyour website’s control panel (the one that has your site stats and e-mail administration and all that jazz). There may be a password protection utility that you don’t even know about!
You might want to check with your ISP to find out their policies about running a personal webserver, if that’s what you have in mind. Most ISPs don’t allow normal user accounts to run webservers. If the traffic is very low, you might get away with it, but if they catch you they can cancel your account. There’s tons of free webhosts if limited bandwidth and filespace is good enough for you. And many ISPs provide free webspace to their customers, so you might want to look into that, too.
There is no easy way to password protect files and directories, for the simple reason that if it’s easy to create, it’s probably easy to crack. The Javascript you mentioned is a prime example of this.
That said, the quickest way to do this is to find an ISP that runs Apache and use the .htaccess tutorials linked above. The beauty of .htaccess is that although it is pretty complex, all the hard work has been done for you and you can accomplish what you need with a couple of lines in a text file.
There are other ways to do password protection, such as storing username/passwords in a database and using sessions to control access to files, but that’s a whole other can of worms. I suppose if you’re really bored with retirement you can go pick up a copy of PHP and MySQL and have at it.
I run a website which has to have some password-protected areas. For this purpose I have some pages which run php scripts. The script prompts for the password and provides an input text box. Only if the input matches the password can you access the pages that lie beyond.
To set something like this up, you need to refer to whoever hosts your website and ask them what kind of scripts you can run - PERL, php or whatever. Then you need to get a suitable script, which either they will provide, or you can learn to write yourself, or you can get from someone else who knows how to code them.
The 'easy’way is this. The page you wish to protect is given a URL that goes something like this:
Where MAGICWORD is the password. On a prompt page, you provide this URL with asterisks in place of MAGICWORD, together some clues that will enable the right people to work out what MAGICWORD is. The clever part is devising a question to which only the right people will be able to figure out the answer. Anyway, they then enter the completed URL in their browser and gain access to the secret pages.
They put the password in the box and hit the button (enter doesn’t work, they have to click) and they go to a certain page. If the page is “elefant.html” then the password is elephant. It is not the most secure in the world, but it’s handy enough for a low security protection from the casually curious. Obviously a better page to redirect to would be i35jzp2.html or whatever.
A site I always like to reccommend is www.hotscripts.com they have lots of good scripts and tutorials and lots of stuff to give you ideas.
Interestingly enough, I ran across this code somewhere today and was playing with it this afternoon. I don’t remember it as being called PHP, but maybe it was.
To repeat what I said earlier, the pages I am playing around with are strictly a learning experience. They are housed on my machine and no one but me can see them, I hope. I am a long way away from having anything posted on the internet. I’m just trying to learn a few things like HTML, links, images, CSS, etc., etc. Everything I’m doing is done using Notepad as a generator. I just got curious about passwords, that’s all.
Thanks for all the suggestions—if anyone comes up with anything else, I hope they will continue to post to this thread.
If you’re just doing it on your own computer, you can try out Abyss Web Server.
It’s free, it’s amazingly small (~150kb), and incredibly simple to install. It includes an admin panel where you can configure password protected directories and pages, and create a list of user/passwords to grant access to.
Sorry about the confusion, that is plain old html with some javascript on the “submit” button. The boards call pasted code PHP no matter what is in the tags. You can just punch that into any old html page, you don’t need anything special, just a regular javascript enabled browser.
If you want to explore beyond password protection you should look into certificate based authentication. You’ll need OpenSSL and mod_ssl along with your Apache web server.
This is interesting. I downloaded it bright and early this morning but haven’t had time to really get into it. Thanks for the link. This just might be exactly what I need.
