PDA

View Full Version : Javascript to disable page and require password.



pxlcreations
07-24-2010, 02:29 PM
Hello all, I have a website that requires a static password to enter it (like a promo sections) and I am wanting the page to have a box that when you first go to the page, asks for that password. I imagine it looking a bit like those boxes that are always asking you something like, "Take the IQ test to continue", except that it requires a static password. If the password is wrong, it would just say so, if it was right, it would allow access to the page and store the pass in a cookie so they only had to login once.

I am using jQuery to set and retrieve cookies and the link to the script is here:

http://plugins.jquery.com/files/jquery.cookie.js.txt

Thank you, and if anyone can do it, its at Dynamic Drive.

jscheuer1
07-24-2010, 02:52 PM
This can sort of be done. But before we go into that, it might be a bad, even a very bad idea.

How important is it that this be secure? Is this just some sort of thing to prevent, on their honor, honest people from accessing the site if they don't have the password?

Because that's all it can be with javascript. With javascript there is always a way to find out what the script is looking for and/or for making it think it has received the proper password even when it has not and/or for bypassing the password detection routine and moving directly to the success routine.

And cookies are not secure, as they can persist on the user's computer and later be used by someone who is unauthorized to gain access to the site.

If security is an issue, use server side code for this. Even there, depending upon how secure it needs to be, it can get a bit complicated.

pxlcreations
07-24-2010, 03:09 PM
If security is an issue, use server side code for this. Even there, depending upon how secure it needs to be, it can get a bit complicated.

This is exactly why I want to use JS, less complicated.

The security factor isn't too important right now, I might upgrade it later on. I've got some other roadblocks along the way so it's just like another step.

jscheuer1
07-24-2010, 04:10 PM
Well, as I say, javascript isn't all that secure. Javascript cookies add another hole in security. And I don't think I ever said that a javascript password would be easy.

Server side passwords don't have to be all that complex to begin with. Doing one page with PHP is simple and secure. Doing all pages that way by setting a cookie for the other pages would be pretty simple but less secure because of the cookie. But it would be quite a bit more secure than anything javascript can do. Using a SESSION variable instead of a cookie would be more secure, and not at all complex.

The easiest thing would probably be to use .htaccess to password protect the folder:

http://tools.dynamicdrive.com/password/

To implement that requires a certain level of access for you on your host. Many hosts provide that level of access by default, others would be happy to grant it to you for free, yet others for a fee. Some might not be willing to grant it at all.

This script:

http://www.dynamicdrive.com/dynamicindex9/password.htm

Is about as secure as you can get with javascript, which isn't very.

You can remove the requirement for a username easily enough if you would like, as well as add a cookie to be set upon successful completion of the password. You can also add a check for the cookie at the beginning of the function so that it skips to the success part if the cookie is present.

What you do when folks successfully complete this process is another matter. You can't keep having them go to good.htm. I'm open to suggestion there.

pxlcreations
07-24-2010, 04:25 PM
Ok, I see what you mean there. I am open to using PHP if that would be better. I can access the .htaccess file so that won't be a problem. However, if I do it that way, can it still be in a popup window like thing where the page is disabled until you enter the password? And then how could it remember it securely?

jscheuer1
07-24-2010, 05:10 PM
It is my understanding, though I'm no expert at .htaccess, that you can set it for a folder. If you do, the first time a user gets to the folder, they are prompted for a username and password. The username field always appears, but you can set it up so that it may remain blank and only the password need be filled in.

Anyways, again - as I understand it, once this is completed by the user, they have access to all pages/files in the folder. This can also, I believe be setup to include sub-folders.

Once they leave that area and close the browser, they would need to login again. This also might be able to be set to expire after a certain amount of time being absent from the area.

To get all of these features, you may have to go a little beyond the .htaccess Password Generator I linked you to, but it appears to have most of the options I mentioned.

If that works like I think - again, I'm no expert at .htaccess - it's probably the most secure.

With PHP (this I know quite a bit more about, but am not an expert) you can setup a prologue to the page, like:


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php

// Define your username and password
$username = "Some Name";
$password = "somepassword";
$theName = isset($_POST['txtUsername'])? $_POST['txtUsername'] : '';
$thePass = isset($_POST['txtPassword'])? $_POST['txtPassword'] : '';
if ($theName != $username || $thePass != $password) {

?>
<title>Login for Whatever</title>
<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>Username:
<br><input type="text" title="Enter your Username" name="txtUsername"></p>

<p>Password:
<br><input type="password" title="Enter your password" name="txtPassword"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

<?php

}
else {

?>

After that, place the entire rest of the actual page code, starting with the <title> tag, up to but not including the closing </body> tag. Just before that tag put:


<?php

}

?>

Working in a SESSION var or cookie shouldn't be too hard.

pxlcreations
07-25-2010, 01:31 AM
Ok, so I'm a little confused as to how the .htaccess will work, but I think it works like this (correct me if I'm wrong)

I make an .htaccess file in the folder that I want to protect (so if I want to protect the "Secret" folder which is located inside the "Website" folder, I would place it in the "Secret" folder?

Also, the .htaccess links to the .htpasswd, and I think the password would be stored in the .htpasswd file. However, will it still work if I don't want to use a username?


Working in a SESSION var or cookie shouldn't be too hard.

Would this save it so that the user doesn't have to always authenticate themselves?

jscheuer1
07-25-2010, 07:26 AM
Ok, so I'm a little confused as to how the .htaccess will work, but I think it works like this (correct me if I'm wrong)

I make an .htaccess file in the folder that I want to protect (so if I want to protect the "Secret" folder which is located inside the "Website" folder, I would place it in the "Secret" folder?

Also, the .htaccess links to the .htpasswd, and I think the password would be stored in the .htpasswd file. However, will it still work if I don't want to use a username?

Yes. I just tried this out. I had to put .htpasswd in the server root for some reason (I'm using WAMP). I put .htaccess in the folder I wanted to protect. My .htaccess looks like so:


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /wamp/.htpasswd
AuthGroupFile /dev/null
require valid-user

My .htpasswd file is:


:Gobi Dessert

When I try to navigate in the browser to that folder, I'm still prompted for a username and a password, but I just leave the username field blank, enter:


Gobi Dessert

into the password field, click OK, and I'm in.

As to the other question (about the PHP SESSION), Yes to that as well.

pxlcreations
07-25-2010, 02:28 PM
Ok, so would my page structure look like this:


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" language="javascript" src="javascript.js"></script>
<link rel="stylesheet" type="text/css" href="css.css" />

<?php

// Define your username and password
$username = "Some Name";
$password = "somepassword";
$theName = isset($_POST['txtUsername'])? $_POST['txtUsername'] : '';
$thePass = isset($_POST['txtPassword'])? $_POST['txtPassword'] : '';
if ($theName != $username || $thePass != $password) {

?>
<title>Login for Whatever</title>
<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>Username:
<br><input type="text" title="Enter your Username" name="txtUsername"></p>

<p>Password:
<br><input type="password" title="Enter your password" name="txtPassword"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

<?php

}
else {

?>


<title>Secret Area</title>
</head>
<body>

<p>Hello, this is the content.</p>

<?php

}

?>
</body>
</html>

jscheuer1
07-25-2010, 03:42 PM
Perhaps, depends upon what you're doing. In all likelihood though you don't want the:


<script type="text/javascript" language="javascript" src="javascript.js"></script>
<link rel="stylesheet" type="text/css" href="css.css" />

where it is, rather here:


<title>Secret Area</title>
<script type="text/javascript" language="javascript" src="javascript.js"></script>
<link rel="stylesheet" type="text/css" href="css.css" />
</head>

I'm still playing with the SESSION thing, but I have a thread open on it here:

http://www.dynamicdrive.com/forums/showthread.php?t=56167

where you can see the structure for using the SESSION. It defaults to 180 minutes on most servers (configurable in the php.ini file). That seems like a little too much for me, and I'd want it to be more if the person kept doing things, that's what I'm still looking into. The SESSION part works though for extending access to other pages with the same prologue without the need to login again.

Alternatively, you could have all the pages but one only check for the SESSION. Then have those send the user back to the login page if the SESSION isn't in effect.

pxlcreations
07-25-2010, 04:05 PM
Ok, I changed that info to where it should go but would I also put the META tags there?

I saw your thread, and I want the user to stay on the page for a long time. I don't know if its possible to set it for a long time. Also, if the person is doing something that sets a cookie in the protected page, then they have to login again, will the cookie still be set?

jscheuer1
07-25-2010, 04:19 PM
What happens is that everything before:


<?php

// Define your username and password
$username = "Some Name";
$password = "somepassword";
$theName = isset( . . .

Gets rendered/used no matter what. So only put things there that are required for the page if it is just the login form and if it is the actual page.

So the meta tag for character encoding should go there. If there are other meta tags, like for keyords, descriptions, etc., if you want the page indexed then it would be good to include them there too. But meta tags alone won't get a page indexed. And the search engines will never be able to login, so you could put some stuff in this area as well:


<title>Login for Whatever</title>
<h1>Login</h1>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>Username:
<br><input type="text" title="Enter your Username" name="txtUsername"></p>

<p>Password:
<br><input type="password" title="Enter your password" name="txtPassword"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

Like in the title and h1 tags that could help search engines index the page.

But if that isn't a concern, or you would rather they not index it, put everything that can identify what the page is about after this:


. . . t type="password" title="Enter your password" name="txtPassword"></p>

<p><input type="submit" name="Submit" value="Login"></p>

</form>

<?php

}
else {

?>

pxlcreations
07-25-2010, 04:30 PM
I get it now, the bottom is for more specific tags. Anyways, how long could I set the time for it to expire? What about a week?

jscheuer1
07-25-2010, 04:59 PM
Well, you are getting less secure then. It would mean that a user could access the area one day, and his kid brother could too 6 days later without logging in. That's up to you. You would probably have to edit the php.ini for that:


; Document expires after n minutes.
; http://php.net/session.cache-expire
session.cache_expire = 180

I'm working on the opposite sort of idea, limiting it to 20 minutes, except if the user stays active, moving from page to page, then it continues to extend it.

It's not clear to me though what happens if - say the user closes the browser before the session.cache_expire time, it is a session, right? You'd think that would also make it expire, but I'm not sure. I haven't tried that yet.

Also, since all pages begin with:


session_start();

Does that reset the session.cache_expire counter each time it's invoked? I'll get around to testing these two things at some point, probably later today or tomorrow.

pxlcreations
07-25-2010, 05:14 PM
Right, well your idea works nicely... if it is set to keep the user logged in for one hour, then would increase if the user was still on the page after the hour was over it would add a second hour on.

jscheuer1
07-25-2010, 05:27 PM
I tried out the first two ideas:


I'm working on the opposite sort of idea, limiting it to 20 minutes, except if the user stays active, moving from page to page, then it continues to extend it.

It's not clear to me though what happens if - say the user closes the browser before the session.cache_expire time, it is a session, right? You'd think that would also make it expire, but I'm not sure. I haven't tried that yet.

For the first, it does work. I'm not clear what happens after the session.cache_expire expires though, if it keeps getting extended or not. If not, I can extend to a maximum of 180 minutes. If so, I can extend it indefinitely. I'll be testing that later. But this is only via moving from page to page, not as you typed:


would increase if the user was still on the page

That could only be accomplished (possibly) via a cron job, or a periodic javascript request to a PHP page that would extend it - assuming that session.start() resets session.cache_expire.

As to the second, if the user closes the browser, the session ends, regardless of the time elapsed. Except in Firefox (possibly others that can save open pages) if when closing the browser the page is open and the user elects to save open pages.

pxlcreations
07-25-2010, 05:31 PM
Ok, so what do you suggest is the best idea for this? I mean, any way will work fine, I just don't want to the user to keep having to enter their credentials every time they load the page.

jscheuer1
07-26-2010, 04:33 AM
The .htaccess is the easiest. You just set it for the folder. The user gets access to the entire folder and sub-folders. If they time out, which would take awhile, not sure how long, or if they close the browser, they will have to login again.

As for PHP, I'm still learning how that would work best. The thread I mentioned earlier, combined with my remarks about the PHP approach in this thread give all the info you need to set that up if you like. I'm not prepared at this time to make any specific recommendations on that, as the level of security you want, combined with other factors should guide you in determining exactly how you want to deal with that. I'm currently favoring an approach that would send the user back to a single login page if they expire. That seems to require less code on each page.

pxlcreations
07-26-2010, 03:43 PM
Right, so if I use .htaccess, it would require a password for a specific folder and would then gain access to the folder after entering the right password and or username. Then, after a certain amount of time (can this be set? I think you mentioned something above on how to set it...) they have to enter their password/username again.

That option is fine for now, however the option where the user has to login to a specific page might be cooler however not as secure since the user could try and view the source code.

pxlcreations
07-26-2010, 06:46 PM
This is bugging me. I've set up two files, one .htpasswd file and one .htaccess files like this:

.htaccess


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/content/**********/.htpasswd
AuthGroupFile /dev/null
<Files index.php>
require valid-user
</Files>


.htpasswd


user:EyJdPLm4o5WkY


Username: user Password: password

I get the following error after uploading and trying to view the restricted area with the correct password and username included:


The user name or password you entered for this area on *******:80 was incorrect. Make sure you’re entering them correctly, and then try again.

jscheuer1
07-26-2010, 06:54 PM
I don't know how long .htaccess grants authorization. You can probably Google that. From my experience in logging on to areas so protected is that it's ample, but not excessive.

As for having a specific page, if it's PHP, the user cannot look at the source code for any information to help them login. The browser only sees what the server serves. Without the password, they can only see the source code for the login form. They can't see any of the PHP code (including where the password is defined) that determines if the password is valid, nor any of the protected content source code.

Regardless of whether .htaccess or PHP are used, once a user successfully logs in, they can see the source code of the protected content. But they still cannot see any of the code that's used to protect it.

With either method there is the usual risk of a third party intercepting the data. Currently only IE has a method to prevent that with .htaccess. All browsers can protect the PHP type of connection, but only if an ssl is used (https). These layers usually cost money to establish and to maintain. The more secure they are the more they cost. If you have your own, you can make it more secure via how you deploy it. You can often get a shared ssl for free, but the security there is less, though still greater than with no ssl. This third party security issue is like where someone is monitoring internet traffic and intercepts the password. Not something I think you need to worry about yet, and basically what I was referring to when I said it can get complicated.

Both .htaccess and PHP are far more secure than javascript. With javascript the user can just look at the source code. Javascript is also vulnerable to third party attack unless an ssl is used. If it's just one page, javascript isn't so bad. With more pages, the likelihood that someone would just guess one of the pages increases and that there is no way to really protect more than one page with just one login.

jscheuer1
07-26-2010, 06:57 PM
This is bugging me. I've set up two files, one .htpasswd file and one .htaccess files like this:

.htaccess


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/content/**********/.htpasswd
AuthGroupFile /dev/null
<Files index.php>
require valid-user
</Files>


.htpasswd


user:EyJdPLm4o5WkY


Username: user Password: password

I get the following error after uploading and trying to view the restricted area with the correct password and username included:

We cross posted, you were posting this while I was writing my last response. Anyways, that part is confusing:

EyJdPLm4o5WkY

is the password, not password. If you want the password to be password, use:

.htpasswd


user:password

pxlcreations
07-26-2010, 09:27 PM
Ok, so the user only sees what the server is giving it. Good to know...

And ok, see I thought that the server read the normal password when it was entered and encrypted it and saw if it matched the file. My bad.

However it still doesn't work when I change it to:


user:password

jscheuer1
07-27-2010, 12:40 AM
Works for me here.

But I thought you wanted to protect the entire folder. If so, do it like:


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/content/**********/.htpasswd
AuthGroupFile /dev/null
require valid-user

Just make extra sure you are entering the exact correct username/password pair. Upper and lower case letters matter, as do underscores, etc.

Also, try cancel. You should get an:

Authorization Required

or some similar page, not an error page. If you get an error page, it probably means that .htpasswd is in the wrong place.

pxlcreations
07-27-2010, 02:05 AM
I tried it again, moving the .htpasswd to the root directory and changing the link in my htaccess file but I'm still getting the error. I type "user" in for the username and "password" in for the password but I still get the message saying that it's incorrect.

On another note, I am using Safari to test this and when I press cancel it just doesn't let me continue, giving me a blank screen. I can set up a test folder for you to try it out if you'd like.

jscheuer1
07-27-2010, 03:29 AM
Wherever you put the .htpasswd file you have to reference it correctly in the .htaccess file.


On another note, I am using Safari to test this and when I press cancel it just doesn't let me continue, giving me a blank screen. I can set up a test folder for you to try it out if you'd like.

I just tried with Safari, and it works fine. But it's like you say. If I hit cancel, I get a blank screen. All others show the server's 'Authorization Required' page. Try Firefox, or give me the address.

pxlcreations
07-27-2010, 03:41 AM
I'm probably not referencing it correctly, however it tells me to use the root url so I checked with a php test (using phpinfo()) and it gave me the root url, I then just changed the filename to .htpasswd.

Here's the link:
http://pxlcreations.com/secure/secret/

Username: user
Password: password

.htaccess file (located inside the "secret" folder):

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/content/p/x/l/pxlcreations/html/secure/.htpasswd
AuthGroupFile /dev/null
require valid-user

.passwd file (located in the "secure" folder):

user:password

Still getting the same error as before.

jscheuer1
07-27-2010, 04:12 AM
I'm getting the correct Authorization Required message when I click cancel. This would tend to indicate you have everything right, but obviously something is wrong.

In your post you have:


.passwd file (located in the "secure" folder):

This is probably just a typo, but it should be:


.htpasswd

Other than that, make sure there are no spaces or line breaks that don't belong. This applies to both files.

Also, I'd try putting .htpasswd in the home folder and changing .htaccess to reflect that:


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/.htpasswd
AuthGroupFile /dev/null
require valid-user

pxlcreations
07-27-2010, 04:25 AM
Yeah, it was a typo...

As for putting it in my home folder, I thought that was what I was doing?

EDIT: I meant I thought placing it here: /home/content/p/x/l/pxlcreations/html/ was considered the home folder, since I don't have an actual folder named home.

jscheuer1
07-27-2010, 01:55 PM
No folder named home? What's this:


/home/content/p/x/l/pxlcreations/html/

I guess you don't have access to that folder.

When you log to the site to ftp, telnet, whatever you do to upload files. What's the closest you can get to the root of the server? That's where .htpasswd should probably go. You may have to experiment until you get it right. Whenever you change the location of .htpasswd, make sure to change its path in .htaccess as well.

Additionally, .htpasswd should not be in a public folder. That html folder looks public to me.

Try moving it down to the pxlcreations folder, make sure to change the path reference in the .htaccess file.

pxlcreations
07-27-2010, 02:09 PM
It seems like I can get down to the root, I mean I can get to "/" so that's the root I thought. The url is the server root I got after doing the phpinfo thing, I also checked with godaddy and it told me the same thing.

jscheuer1
07-27-2010, 02:21 PM
I'd try putting .htpasswd there then. Just make sure to change the path reference in the .htaccess file.

As I say, you may have to experiment. It may work in any of the non-public folders, or just in one of them.

Don't leave copies of .htpasswd lying around. If it doesn't work in a given folder, remove that copy.

pxlcreations
07-27-2010, 02:30 PM
Ok, so if it was just in the root, couldn't I just use "/.htpasswd" for the url?

jscheuer1
07-27-2010, 03:03 PM
Might be, or might be:


/home/.htpasswd

It might possibly be something else. You have to think in terms of what you see in your ftp program or whatever, vs. what the actual path is on the server. It's the actual path on the server that you want to put in the .htaccess file.

Since you are on godaddy, perhaps if you specifically asked them if they know the best place to put the .htpasswd file would be, and what the path to it should be in the .htaccess file. Either ask them directly or in a forum for godaddy.

I'm sure other folks have done this before, and that godaddy's setup for this may have its quirks.

One thing though, godaddy isn't a one size fits all host. So before you get discouraged following other people's advice, or if different people swear by different methods, make sure your godaddy setup is the same as what the advice you are being given is tailored for.

Still, through trial and error, you should be able to arrive at the right folder and the right way of referring to the path.

pxlcreations
07-27-2010, 03:20 PM
Here's something interesting... http://help.godaddy.com/article/1641

So it looks like putting it in the root directory should work... I'll try it out again.

EDIT: Ok, so I put the .htpasswd file in the root, and linked to it correctly in the .htaccess file, /home/content/p/x/l/pxlcreations/html/.htpasswd, yet for some reason I'm still getting the error. Weird huh?

jscheuer1
07-27-2010, 04:17 PM
Well, I'm finding out that some of what I thought was wrong about the tool for this here on Dynamic Drive, was actually right. The article you link to says:


The .htpasswd file contains a list of users who have access to a protected directory and their hashed passwords

so maybe you have to go back to the tool and start from scratch now that you know all of the other info.

The hashed password will be different depending upon the other information.

pxlcreations
07-27-2010, 04:35 PM
Ok, I re-did the process using the tool here, and my new password file looks like this:

user:ABRCL9ijBr2LY

Except now when I try and view the webpage, it doesn't even show me a login box, just the index.html page which should be protected. However, if I delete the "user:ABRCL9ijBr2LY" and make it "user:password" it will ask for a password, even though it won't take it.

Maybe I just have to quit my browser and reload the page to see if it thinks i'm logged in or not?

Aha! quitting my browser and reloading the webpage works. Also, the ABRCL9ijBr2LY equals password when you enter it in.

Now that it's working, is there any way to set the time it takes before the person gets booted out by the server?

jscheuer1
07-27-2010, 05:12 PM
Now that it's working, is there any way to set the time it takes before the person gets booted out by the server?

I told you I was no expert at this. Now that it's working though, pretty simple when you think about it.

To answer your question, I think there must be. But as to whether that can be done in .htaccess and/or in the host configuration, I just don't know. If it can be done in .htaccess it might need to be in a different .htaccess file in a different folder. If it can and were done in the same .htaccess file, it might change the value of the hash.

In playing with it here though, it seems to grant access for an awfully long time, or until the browser is closed. In some browsers I had to close the page, clear the cache and close the browser.

I imagine security might be a little tighter on godaddy. Before you go trying to change things, why not do a some experimentation to see what the existing limits are.

pxlcreations
07-27-2010, 05:44 PM
Ok, so I know that:

Once logged in, you can continue to use the page and reload it without having to login again. I'll reload it later tonight to see if it sticks.

If you quit the browser it logs you out (safari).

It should keep you logged in forever if you save the password in your keychain.

The only reason why I would want to set the expire time is just so I have more control over it, but it seems that what's going on now works fine.

Any more news on the PHP part? If it doesn't work out like that, what we've got going now is fine.

Thanks for all the help!

jscheuer1
07-29-2010, 02:39 AM
Sounds good, and you're welcome. I've been busy with other things. But the PHP thing does work, it's just that it could use more refinement. For now feel free to refer to the information about it in this thread and in the other thread:

http://www.dynamicdrive.com/forums/showthread.php?t=56167

I mentioned about this. In that thread, I think that djr33 has the best take (though unfortunately his information is pretty general). But the other posters also make some good contributions. A careful reading is required to get all of what is being discussed. Just to be clear, though more good info may follow in that thread as it develops (assuming it does), I'm currently only speaking of that thread up to and including post #6.

pxlcreations
08-20-2010, 10:11 PM
Ok. Now I know it's less secure, but is there any way I can have the login information saved in a cookie? I have a jQuery cookie script (that jscheuer1 helped me with) which I post here. Let me know.