Using Javascript To Password Protect A Webpage

Forum Moderators: open

Message Too Old, No Replies

Using Javascript To Password Protect A Webpage

Help - Guys

newborn

1:59 pm on Mar 21, 2008 (gmt 0)

Guys I really need some urgent help.

I want to password protect a webpage, how do I do this. I have looked on coffeecup and some others, but thats not exactly what I want.

Like Dmoz.Org when you click the editor login a password applet pops up and you cant login unless you login correctly.

If its a software i would love to be able to create the usernames and password and on the page allow the person to get a password reminder.

Some help here guys.

httpwebwitch

2:13 pm on Mar 21, 2008 (gmt 0)

that's not done with Javascript. What you have there is called HTTP Authentication.

To do it, you need to send some special HTTP Headers along with the page. The browser is responsible for collecting your password and sending it back to the server; if the password is correct then Authentication is established and the page content may be shown.

Here's how to do it on an Apache server [httpd.apache.org], or you can add the headers using PHP [ca3.php.net]:


<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
 header('WWW-Authenticate: Basic realm="My Realm"');
 header('HTTP/1.0 401 Unauthorized');
 echo 'Text to send if user hits Cancel button';
 exit;
} else {
 echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
 echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

eelixduppy

2:14 pm on Mar 21, 2008 (gmt 0)

What you have seen at that site is not done with javascript, I'm afraid. What you saw is HTTP Authorization. Refer to the following document for details: [httpd.apache.org...]

If you'd like to do something like this with PHP, php.net has nice documentation on it: [us2.php.net...]

[edit]
few seconds too late ;)

httpwebwitch

2:21 pm on Mar 21, 2008 (gmt 0)

If its a software i would love to be able to create the usernames and password and on the page allow the person to get a password reminder

HTTP Authentication is often called "Basic Authentication" since it's so easy to implement. The downside is, you can't style the login prompt, you can't embed the form on a page, and it doesn't allow the user to register a new account like a membership.

You probably want to use Session Authentication, in which the user's password is looked up in a table on the server; if the password is correct then a Session variable is created (the session is stored in a cookie). Then on every page you first check if the session variable exists, and if it does then the user's credentials are presumed to be authentic.

newborn

6:37 pm on Mar 21, 2008 (gmt 0)

Guys, i have no idea how to implement this, plus how many users can i add. Is there a software that automates this process that someone can recommend, thanks web.. and others..

DrDoc

3:42 am on Mar 22, 2008 (gmt 0)

How many users do you need to add?

alex95_bg

8:09 pm on Mar 24, 2008 (gmt 0)

This is an apache function.It's made with .htaccess You don't need any software
Search in Javascriptkit for javascript password protection.Here is the .htaccess source to do this:


AuthName "My Password Protected Page" 
AuthType Basic 
AuthUserFile /server root relative to .htpasswd(not site root)(without slashes)/
AuthGroupFile /dev/null 
require valid-user

And .htpasswd


youruser:password
user2:pass2
user3:pass3

You can also encode the passwords inside(suggested)(Google for it)