is there a code that forces someone to put in a pw in order to see a page (meanwhile hiding said page from being seen)

You can use this script here http://www.dynamicdrive.com/forums/showthread.php?73247-Help-with-a-Password-Box-to-redirect-users-to-another-page&p=292183#post292183

See a few posts down for password only adaptation.

Should work with everything on/redirecting to the same page (give or take a few tweaks). Have a play and see how it goes.

ok i am waaaaaaaaaaaaaaaaaaaaaaaayyyyyyyy past confused....lol
i want to have this page
http://bfvr.biz/neopets/Restockument%20Graph.html
unseeable w/o having the pw... this is all jibberish to me... lol i'm so lost... helllllllp... i'm sry if i'm sounding noobish... jus ya... lol

Ok - I'm on iPhone so I can't do much but basically, you would create the "admin-login.php" page from the other thread (include both the PHP and HTML parts with the PHP going right at the very top of the file, before absolutely anything else), and then for arguments sake, create the "another-page.php" file too, but paste the entire markup from your Restockument%20Graph.html page where it says to "put all your content to be protected". You can remove the sample code and just replace it with your own. When you try to view the "another-page.php" page in a browser, you will be prompted to login using the myUsername and myPassword details as defined in the PHP $logins array from the "admin-login.php" file (you can change these to whatever you like).

Once you've got that setup and can see it working you can change all references to "another-page.php" to some other file name, but you'd need to keep the .php extension so the login code works.

It's okay if you don't understand it - after all, none of us knew anything before we learned it.

If you want help, you need to give it a try and then explain which part(s) you don't understand (even if, at first, you only get as far as "what is PHP?") so we can help you figure it out. We're happy to help!

If, on the other hand, you want someone to "do it for you," you should say so and post in the Paid Work forum.

well see the thing is i will be posting said codeing into a pet page on neopets and i don't have the ability to create files on there servers... so i'm jus really confused... lol i tried to put all that into an almost finished product of said page but it didn't work, not sure what i'm doing wrong.

While you may not understand all of the details, here is a summary that you should be able to understand:

There are three options:
1. Restrict access to a location on the server overall. (This method uses something called ".htaccess", or similar tools.)
This requires direct access to the server (changing the configuration), so you cannot use this for your current goals.

2. Use a server-side language (like PHP) to alternatively hide the content or show it if the password has been sent.
This requires that you can use a server-side language (with at least limited access to files on the server, so this option is not available for you either.
Important: you can't use the PHP script that Beverley suggested. (And therefore, you can't actually make it impossible to access without a password.)

3. Use Javascript.
You can do this as long as you can access the HTML code for the page. Can you? Or can you access only text/content.
The real problem here is that Javascript does not provide security. It provides optional extra features. So your users might allow the 'extra feature' of hiding the content, but they could (if they were really motivated) disable it or somehow work around it. NEVER rely on Javascript for security. Assume it'll work 95% of the time, but be prepared to accept 5% failure. That's probably overestimating the failure rate. It would be less than .1% if it's something the users want and it is programmed well. But it might be 5% (or more) if it's something the users don't want-- maybe they have a popup blocker, or maybe they really want to steal your content without the password. (I have no idea what your content is, so you'd need to figure out their motivation on your own.)


In short, you can use the Javascript method if you want (unless you have no access to the HTML code). But it won't be guaranteed to work, so don't rely on it for security. Otherwise, just leave it as it is.

(There is also an alternative kind of Javascript password script, which works by using a second page that is not password protected but with an unknown address-- then the password script just takes you to that page if you know the password. But I don't think that will work for you because they already know your webpage address and you may not have two pages available. Either way, both this script and the other type are available on Dynamic Drive-- just take a look, then let us know if you have questions.)


The best answer: don't post sensitive information on neopets. (There are, however, free webhosting services out there, some of which would allow you to add passwords.) I should also mention: I have no idea how neopets accounts work. There is a possibility you could change a setting on your account (like on facebook) so that only some users could see your page, but you'd have to check with their tech support or help website for information about that.

well see the thing is i will be posting said codeing into a pet page on neopets and i don't have the ability to create files on there servers...

Do you know if you are even allowed to add javascript code to your page? You might be out-of-luck entirely. If the neopets site has an admin or tech staff, ask them.

As Daniel pointed out, even if you *can* use javascript, javascript is only for the user's convenience and cannot provide any real security.

it's moreless for a couple friends who keep shops on neopets... and i can access the HTML. each pet comes w/ a free page. not really sensitive info, jus wna try keep it so that other shop keepers don't pick up our tricks to stocking and pricing our shops. i can accept a 5% failure rate... i have coded a no highlight and no right click code into the page just trying to find a way to kinda have it pw'd. thanks for all the help you guys are giving me.

to test it out i'll try to put a default (non customized) copy of it on a page in neopets and see if the javascript coding i have will work like its supposed to :)

Is a neopet like a skinhead's dog?

it's moreless for a couple friends who keep shops on neopets... and i can access the HTML. each pet comes w/ a free page.
HTML and JavaScript are different things; javascript is often [rightly] prohibited for security reasons. But, to find out, add this (or similar):
<script>alert( 'it works!' );</script>


not really sensitive info, jus wna try keep it so that other shop keepers don't pick up our tricks to stocking and pricing our shops. i can accept a 5% failure rate

I think Daniel's "failure rate" might be better described as a "vulnerability rate" - it's not that n out of 100 attacks will be able to defeat it, it's that n out of 100 visitors will know enough about what they're doing to defeat it. These people are also the ones most likely to try, and their attacks will succeed every time. The knowledge barrier for defeating javascript password protection is really very low.

In this situation, the only valid litmus test for "acceptable risk" is "is it just for fun?" If not, then javascript is not an acceptable "solution" at all.

yes it's just for fun, and neopets is like a gaming site...
and i tried putting a default copy of it and everything just shows up white... nothing @ all. >.<

HTML and JavaScript are different things; javascript is often [rightly] prohibited for security reasons. But, to find out, add this (or similar):
alert( 'it works!' );

Don't you mean:


<script>
alert('It works!');
</script>

I'd be surprised, honestly, if you can add Javascript to the page. But I have no idea really. If the code from John's post works, then you can try a password script (they aren't very much more complicated than that, so if that works, the password script should probably work too).
And, yes, I should emphasize what traq said: I don't mean that it sometimes "won't work"-- I mean that it will always be vulnerable to people who want to get around it. There's no chance that it will stop someone who is motivated.

Don't you mean:


<script>
alert('It works!');
</script>


hehe, whoops... yes, that is what I meant.