Forum Moderators: open
(Wasn’t sure which forum to put this in)
I've been asked to setup a web page with boxes to enter a username and password or possibly just a password. When the user enters the correct username & password and clicks a button the user will be transferred to another hidden web page were various company documents are listed for possible downloading.
The service need to be fairly secure but easy to set up.
Can anyone recommend some inexpensive (preferably free) and off-the-self solutions for doing this?
Also, is it easy to prevent search engines from finding and indexing the documents to be downloaded?
Many thanks
[edited by: StepOne at 4:19 pm (utc) on July 7, 2005]
*inx servers have the ability to use htaccess files which wll do exactly what you need.
This site has online tools to help create your htaccess file, and a faq section to help you understand how it works.
There is also all kinds of ways to do this with Server-side scripting, or even with JavaScript.
If the htaccess way does help you, I'll post some other solutions.
Many thanks for taking the time to answer my post.
I've now got .htaccess working after a bit of Googling, but I needed someone like you to point me in the right direction.
I have noticed however that after entering the username and password the user has access until he/she closes their browser. It would be nice if the access timed out after a set period of time. I'm probably being paranoid, but it would be much more secure if it wasn't so open ended.
It will probably do just fine the way it is, but out of interest, do you know of anyways of making this type of password protected area more secure?
Stephen
Something like Php?
Do you want the same password for everyone?
If they have different passwords then will they need an account?
Will everyone see the same thing when they login?
If this works will they want you to extend the capabilities and have more content available inside the "hidden" area?
I could possibly do some PHP, except I know nothing about it and would be starting from scratch. Have programmed before, just not web based stuff.
"Do you want the same password for everyone?
If they have different passwords then will they need an account?"
Yes, the same username and password would be fine.
"Will everyone see the same thing when they login?"
Yes, the same list of documents will be seen by everyone.
"If this works will they want you to extend the capabilities and have more content available inside the "hidden" area?"
The list of documents may grow over time, but I can't imagine the list ever extending over more than one page or access being any more sophisticated that it is now, but my employer may have other ideas. I would prefer if password access was cancelled when the user moved away from the protected folder or timed out after a period of time. At the moment the only way to remove access to the protected folder is to close the browser. If the user kept the browser open but happened to move away from the computer, anyone could gain access to the material that was meant to be protected.
Many thanks
