Help with a Password Box to redirect users to another page

[ValicornTheAlicorn]

I want to make a website which contains nothing except:

"Welcome...Please Insert Your Password To Continue! Password: ________________"

I have found a script which seems to make something similar to what i want, but it only seems to give me the 'Login' button, im using Microsoft Expression Web, here is the code which i copied from another Password/User thread.

Code:

<html>
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
if (username=="guest" && password=="login") { 
loggedin=true;
window.location="home-page.html";
}
if (username=="guest2" && password=="login2") {
loggedin=true;
window.location="home-page2.html";
}
if (loggedin==false) {
alert("Invalid login!");
}
}
</SCRIPT> 
<BODY>
<center>
<form><input type=button value="Login!" onClick="LogIn()"></form>
</center>
</body>
</html>

As i said, it only seems to give me a button with 'Login' and nothing else...i hope someone would please be able to guide be into making a password lock which will ONLY have Password, and not username...as the only people who would access the website would be about 3 people, and we would all have the same password.

Thanks Guys!

EDIT: I have played around with the code and have found that the first "If Username=... Password=..." will redirect me, whereas the second will give me invalid login...can someone please post a correct code to create just a password box in order to take me to another site, and if someone tried to type the URL for the second website, it would take them to the login site.

If anyone can actually understand what im asking for (as ive asked multiple people i know in reality and they dont seem to understand... -_-) please help

[Beverleyh]

Javascript is very insecure - you can just view the source code to grab the password - so it will be best to use a server-side language, such as PHP.

Very simple example...

"admin-login.php" (include the PHP and HTML)

PHP Code:

<?php 

session_start(); // must go right at the top of the page - to track login

$logins = array('myUsername' => 'myPassword'); // your username and password

if($_POST['Submit'] == 'Submit') { // check for form submit
    $user = $_POST['user']; 
    $pass = $_POST['pass']; 
    if (isset($logins[$user]) && ($logins[$user] == $pass)) { // check login and compare credentials
        $_SESSION['username'] = $user; // set the session
        header('Location: another-page.php'); // redirect to protected page
        } 
    }
?>

HTML Code:

<form name="loginform" method="post" action="admin-login.php">
Username :<input type="text" name="user" /><br />
Password :<input type="text" name="pass" /><br />
<input type="submit" name="Submit" value="Submit" />
</form>

Then in your protected page...

"another-page.php"

PHP Code:

<?php 

session_start(); // must go right at the top of the page - to track login
 
if($_SESSION['username']) { // check that session 
    if($_POST['Logout'] == 'Logout') { // check for form submit
        session_destroy(); // destroy the session to logout
        header('Location: admin-login.php'); // redirect back to login page
    }
?>

<!-- START - put all your content to be protected here -->
Another page.
<br/><br/>
<form name="logout" method="post" action="another-page.php">
<input type="submit" name="Logout" value="Logout" />
</form>
<!-- END - put all your content to be protected here -->

<?php } else {
echo "Access Denied";
header('Location: admin-login.php'); // redirect back to login page
}
?>

I've included a logout button for your convenience.



If you want to carry the login session across other pages of your website you must include

PHP Code:

<?php session_start(); ?>

right at the top and end with the .php extension too

[Beverleyh]

PS - to change the form into a password-only field, you could just do;

Code:

<form name="loginform" method="post" action="admin-login.php">
<input type="hidden" name="user" value="myUsername" />
Password :<input type="text" name="pass" /><br />
<input type="submit" name="Submit" value="Submit" />
</form>

The value="myUsername" should match the username in the $logins array.

[Beverleyh]

And a further afterthough...

If you want, you can use the $logins array for multiple users too - each with their own username and password. Just do this;

PHP Code:

$logins = array( // your usernames and passwords - in pairs
'myUsername' => 'myPassword',
'Bobby' => 'bibbityboo',
'Garfield' => 'rascalcat',
'Jimbo' => 'squeakyplane' // IMPORTANT - no comma after last pair
);