PDA

View Full Version : Log in to a website page with a password



ostcalling
09-01-2004, 02:20 PM
Hi, I am a small amateur and I make a website for my club but we would like that the members can view some webpage’s only via a login with password, lets say I have a report that only the members can read, so to read this report a login and password would be filled in by the member, the password would be supplied by me.
Can someone please provide me with the data to use, I still have a lot to learn, thanks that this site provide me the support
Thanks in advance for your great support

Al :p

cr3ative
09-02-2004, 05:01 PM
Here's a script which prompts the user, and gives them 3 chances to get it right.





<!-- THREE STEPS TO INSTALL THREE TRIES:

1. Put the first code into the HEAD of your HTML document
2. Change protectedpage.html to your protected page
3. Add the final code to the BODY of your HTML document -->

<!-- STEP ONE: Copy this code into the BODY of your HTML document -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin
function password() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password','');
while (testV < 3) {
if (!pass1)
history.go(-1);
if (pass1 == "password") {
alert('You Got it Right!');

<!-- STEP TWO: Change protectedpage.html to your protected page -->

// Change the following URL to your protected filename

window.open('protectedpage.html');
break;
}
testV+=1;
var pass1 =
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1!="password" & testV ==3)
history.go(-1);
return " ";
}
// End -->
</SCRIPT>
</head>

<!-- STEP THREE: Copy the last code into the BODY of your HTML document -->

<BODY>

<CENTER>
<FORM>
<input type="button" value="Enter Password Protected Area" onClick="password()">
</FORM>
</CENTER>



Copyright javascript.internet.com

Chronos
09-03-2004, 02:42 AM
Slight problem, anybody could look at the source code and easilly figure out the password. They got an encrypted one here (http://www.dynamicdrive.com/dynamicindex9/password.htm) though. Either way, I find it easier just to look at destination of the login and bypass it altogether, not that I'd do that kind of thing.

ostcalling
09-03-2004, 03:37 PM
thanks for quick reply, it will help I am shure of that, but watt I want is that all the differend menbers have there one password, so the members have to log-in with there one password, name ans password to see the other webpages
Anyway Thanks again for your great support
p.s I will buy you a beer

cr3ative
09-03-2004, 04:06 PM
Do you just want all the members logins to point to the same page, or do you want to point to different pages when different logins are entered? I could probably create or find a script to suit either need.

p.s I already have beer. ;)

ostcalling
09-03-2004, 04:19 PM
I just want that the members use there naam and a password ho is selected by me to go to one webpage, all the members go to the same page, once this page is left thy have to log in again, i want to put information on this page ho is only for the members.
Because you give me a good idee, it would great that you can acces three pages with three different passwords
again thanks ad by the way thats three beers ....sheers

Al :p

cr3ative
09-03-2004, 04:23 PM
Here's a script found at javascript.internet.com which should suit your needs.




<!-- TWO STEPS TO INSTALL MULTIPLE USERS PROMPT:

1. Add the first code into the HEAD of your HTML document
2. Copy the last coding into the BODY of your HTML document -->

<!-- STEP ONE: Add code to HEAD of login HTML document -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
if (username=="guest" && password=="login") {
loggedin=true;
window.location="home-page.html";
}
if (username=="guest2" && password=="login2") {
loggedin=true;
window.location="home-page2.html";
}
if (loggedin==false) {
alert("Invalid login!");
}
}
// End -->
</SCRIPT>

<!-- STEP TWO: Put this code in BODY of your HTML document -->

<BODY>

<center>
<form><input type=button value="Login!" onClick="LogIn()"></form>
</center>

<p><center>
<font face="arial, helvetica" size="-2">Free JavaScripts provided<br>
by <a href="http://javascriptsource.com">The JavaScript Source</a></font>
</center><p>

<!-- Script Size: 1.29 KB -->



If you need me to explain anything in the code, just shout

Hope this helps
cr3ative

ostcalling
09-03-2004, 04:38 PM
Thanks this will help a lot,
So if I have 100 members I have to put 100 pasw in the HEAD section.
is there no way to use a database ??? sorry to ask, you help is very greatfull for me
wat woould be nice is that like on some website like this one dynamicdrive.com you also have to log in the same system and shape would be fantastic
anyway thaks 100x

Al :p

cr3ative
09-03-2004, 04:43 PM
Yes, you would have to put that many passwords in the header, unless you put the script in an external file (may be more secure as well).

cr3ative

ostcalling
09-03-2004, 04:45 PM
and how do I do that ??
can you help me with that ??

thats four beers now ...nearly a 6-pack
Thanks again
al :)

cr3ative
09-03-2004, 04:54 PM
Ok, take all the code (the javascript) from the header and save it to a file called login.js.

Edit: attached below

Then all you need in the header is...

<script src="login.js"></script>

And the code in the body will work as if nothing had changed.

--
cr3ative

cr3ative
09-03-2004, 04:57 PM
Sorry, forgot to be helpful enough... :)

Here's the script.js file (rename to .js), all you need to put in your website is this:

Edit: it now works!

In the header:
<script src="script.js"></script>

In the body:
<FORM>
<input type="button" value="Enter Password Protected Area" onClick="password()">
</FORM>

ddadmin
09-03-2004, 05:05 PM
Another solution you should consider if your server supports it is server side based pasword protection. They are much more secure and infinitely more robust, especially for multiple users support. See: http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Password_Protection/

ostcalling
09-03-2004, 05:35 PM
thanks again to all for your help, I will try this item and let you know the outcome
Have a nice day and thanks again
if you should have some other advice, thanks for posting this

Al :p :)

cr3ative
09-03-2004, 07:19 PM
Sorry, but the original script file didn't actually work... ;)

I've edited the post and re-uploaded a version which works on all browsers.

Apologies
cr3ative

ostcalling
09-04-2004, 11:55 AM
thaks again, it works fine
but can it also be made for different users/logins like these you sent before
but now with the file .js on the computer, you know yesterday I changed the extension in .js it work, today i cannot change the file to .js again, i don't know wy, normaly it is just click right and rename

thanks again

AL :cool:

cr3ative
09-04-2004, 04:39 PM
I've made the code simpler and less annoying, here it is:

For passwords only:



function password() {
var pass1 = prompt('Please Enter Your Password','');
if (pass1 == "code1","code2","code3","code4") {
window.location="http://www.protectedpage.com/protectedpage.htm";
}
}



For a login and a password:


function password() {
var login = prompt('Please Enter Your Login ID','');
var pass1 = prompt('Please Enter Your Password','');
if (pass1 == "pass1","pass2","pass3","pass4") {
if (login == "login1","login2","login3","login4") {
window.location="http://www.afpsupport.r8.org/access/id2.htm";
}
}
}


Unfortunately, without me spending a lot of time on the script, I can't link the logins and passwords, so with the second one, you could use the login "login1", but the password "pass4".
Shouldn't be a problem if no-one shares their passwords!

If your server does support it, ddAdmin's post has a very valid point.
Anyway...

Simply save that text into script.js (replacing the old script file), and change code1, code2, code3 etc to your desired passwords, and the protectedpage to wherever you want it to go.

I haven't got the faintest idea why you can't rename a file. :p

Enjoy!
cr3ative

(how many beers is that now?)

ostcalling
09-05-2004, 09:05 AM
Thanks again,
I made a copy-paste of some diferent files and it works fine, hoop it stay like that
So now i have the file.js and the login file with no other fill field ho comes up.
attached you will find wat I did
Thanks again for your great support
it's a 12-pack i own you
Best regards AL :) :p

cr3ative
09-05-2004, 09:08 AM
That script looks great.
Good luck with the website.

cr3ative
(where's my beer?) :p

ostcalling
09-05-2004, 12:27 PM
Hi me again,

Is there a way to secure a webpage ??
In my excample the secured webpage redirected by the login, if I wright the webpage url you go directly to this page, is there no automatic redirection that, if you wright directly the secure webpage url, you go first to the login page before gooing to the secure page.
hoop you understand my point

Thanks

AL :p

cr3ative
09-05-2004, 01:30 PM
I get your point - if you find a script that has to find the prescence of a cookie set by a successful login to show a page, that'd sort it out, but i'm no expert in javascripting cookies (try googling it).

Cheers
cr3ative

Shattered Plastic
09-07-2004, 09:23 PM
Here's a script which prompts the user, and gives them 3 chances to get it right.





<!-- THREE STEPS TO INSTALL THREE TRIES:

1. Put the first code into the HEAD of your HTML document
2. Change protectedpage.html to your protected page
3. Add the final code to the BODY of your HTML document -->

<!-- STEP ONE: Copy this code into the BODY of your HTML document -->

<HEAD>

<SCRIPT LANGUAGE="JavaScript">

<!-- Begin
function password() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password','');
while (testV < 3) {
if (!pass1)
history.go(-1);
if (pass1 == "password") {
alert('You Got it Right!');

<!-- STEP TWO: Change protectedpage.html to your protected page -->

// Change the following URL to your protected filename

window.open('protectedpage.html');
break;
}
testV+=1;
var pass1 =
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1!="password" & testV ==3)
history.go(-1);
return " ";
}
// End -->
</SCRIPT>
</head>

<!-- STEP THREE: Copy the last code into the BODY of your HTML document -->

<BODY>

<CENTER>
<FORM>
<input type="button" value="Enter Password Protected Area" onClick="password()">
</FORM>
</CENTER>



Copyright javascript.internet.com

I used that code, and it redirected to the page, but the same window opened in a seperate one as well, so to make it short, I end up with two of the same windows

cr3ative
09-08-2004, 01:26 PM
Oo. Interesting.

Replace window.open with window.location if this happens.

cr3ative

Shattered Plastic
09-08-2004, 05:39 PM
Maybe the problem was that I was using the code in an Iframe...
So window.location just opened it just in the Iframe and the extra window didn't appear, so that worked, but I need it to open in another window and the Iframe stay the same

cr3ative
09-08-2004, 05:42 PM
Quite possibly.

*wins competition for shortest post ever*

cr3ative

Shattered Plastic
09-08-2004, 05:46 PM
Do you know how to do that?

cr3ative
09-08-2004, 05:49 PM
Blargh, its a variable somewhere, it needs to be told to open in either _new or _parent.

I'll find out.

cr3ative

edit: try this, i haven't tested it, but it might work

window.open('protectedpage.html' target="_parent");

Also, lookie at my post count! :D

Shattered Plastic
09-08-2004, 05:51 PM
ok, thanks ^_^

Yay! Good Job :)

Shattered Plastic
09-08-2004, 05:54 PM
Hmm...that makes the need for a password disappear though

cr3ative
09-08-2004, 05:58 PM
eh? can you attach an htm with this iframe conundrum please.

cr3ative

Shattered Plastic
09-08-2004, 06:12 PM
Alrighty here is a link: LINK! (http://www.geocities.com/buncit_boo/problem.html)

cr3ative
09-08-2004, 07:10 PM
*hits head against wall*

i guess it just can't be used in an iframe. how odd.

cr3ative

cr3ative
09-08-2004, 07:14 PM
your link code:

[<a href="http://www.geocities.com/buncit_boo/problem2.html" onClick="password()">click here</a>]<br>
The password is 'password' if you need it.

Spot the problem: link should be #, not the protected page i thinks

do that, then you get a java error.
simply confused? I sure am...

cr3ative

Shattered Plastic
09-10-2004, 08:04 PM
yeah, I have to say, I am confused

gigabites
09-20-2004, 09:48 AM
I strongly suggest You try server side scripting! Javascript is client side scripting language. It means that the script is downloaded form the server to your (and my, and everyelses) computer. If I want to, I can view the javascripts you made in Your site! Even a newbie hacker can find the javascript file where you put your userID+password and log in as one of the user.

If one can view the source code of a script, then One might trace a source code for an encoding script. Then the encoded password will be useless because one can decode it by looking at the encoding algorithms.

A server side script is run in the server and the result (not the source) is sent to a client's browser. It means that You (and I, and everyone else) cannot see the source code. Well... maybe the server admin can :p

Client side scripting is good for a lot of things, but not for password as someone can freely view the source code.