hi,
i need help to place a password in webpage so that when user enters pop up window should ask password to enter in to website...........plz help me....
Printable View
hi,
i need help to place a password in webpage so that when user enters pop up window should ask password to enter in to website...........plz help me....
what type of server is the website running???
If its apache, you need to create a .htaccess file
Here's a detailed explanation on how to do it:
Quote:
1. Create the ".htaccess" access control file
Create this file using Notepad or SimpleText or some other plain text editor. When complete, transfer the file using your favourite FTP program to the directory to be protected WEBPOST web account. Here is a sample of the ".htaccess" file used to protect directory:
AuthUserFile /usr/local/ns-home/docs/webpost/help/PasswordProtection/.htpass
AuthName My Web Site
<Limit GET POST>
require valid-user
</Limit>
Leave a blank link at the end of your file.
Note: If you can not create a file called ".htaccess" on your PC, give it a different name such as "htaccess.txt" When you transfer this file to your WEBPOST account, use your FTP program to rename this file as ".htaccess". Your directory will not be protected unless a valid ".htaccess" and password file are present.
--------------------------------------------------------------------------------
2. Create the ".htpass" user/password file
The ".htpass" file is a list of usernames and encrypted passwords that may look like the following:
PHIL1010:9AFcmybXs1JV2
SOCRATES:o8d8I.6b.hwWg
PLATO:wizDR5wi.JkYc
Each username and password is separated by a colon. You can create this file on any DOS, Windows 3.x/95/98/NT system using the following utility: htpass.exe
Download htpass to your local drive and store it in a directory such as "C:\WEBPASS"
Open a DOS shell window and change into the WEBPASS directory.
Enter the following command to create a password file and add your first user:
htpass -c htpass.pwd myclass
You will first be prompted for a password for "myclass" (or whatever username you choose). You will be prompted to re-type the password a second time. Here is what the session would look like:
C:\webpass>htpass -c htpass.pwd myclass
Adding password for myclass.
New password:
Re-type new password:
C:\webpass>
The "-c" switch creates the specified password file. After the file has been created, you can add new users or change existing passwords with the following command:
htpass htpass.pwd nextuser
C:\webpass>htpass htpass.pwd nextuser
Adding password for nextuser.
New password:
Re-type new password:
C:\webpass>
The simplest approach is to create a single login for your site and share that password with anyone authorized to get in. If you prefer, you can create dozens of passwords -- enough for each member of your class. It you choose to use this service, it will be up to you manage these passwords.
--------------------------------------------------------------------------------
3. Transfer ".htaccess" and ".htpass" to the protected directory in your WEBPOST accound.
In order to work, your protected directory must contain valid .htaccess and .htpass files. On some systems (DOS, Windows 3.x), you can not create file names such as ".htaccess". However, you can transfer these files to your WEBPOST account using FTP. Once the files have been transferred, you can also use your FTP program to rename them.
Security note: we have configured our web server so that ".htaccess" and ".htpass" files can not be viewed by any browser over the web. If you make frequent changes to your ".htpass" file, you can also call it "htpass.pwd". "htpass.pwd" files can not be view by browsers on www.yorku.ca
--------------------------------------------------------------------------------
4. Additional Information:
There are a number of key words and sections that make up ".htaccess" files.
Keyword/Section Explanation
AuthUserFile the fullpath to the protected directory (as seen from www.yorku.ca). In other words, to protect http://www.yorku.ca/faculty/academic/professor/myclass you would need to specify:
AuthUserFile /usr/local/ns-home/docs/webpost/faculty/academic/prof/myclass/.htpass
AuthName is simply the name of your protected area. It will appear in the login prompt.
<Limit GET POST> </Limit> se the Limit tag to specify the HTTP actions you wish to permit. GET and POST will allow users to get pages and post forms on your site.
require valid-user This directive allows all users in the specified .htpass file to log into the directory
require user user1 user2 user3 Allows a list of specific users to log into the directory.
The following Appendix is from Netscape's "Using .htaccess instead of .nsconfig"
Appendix A - Supported .htaccess Directives
The following .htaccess directives are supported in this release:
--------------------------------------------------------------------------------
Allow
Syntax:
allow from host host ...
where host is all, to allow access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address.
Must be enclosed within a <Limit> range.
Effect:
Allows access to the specified hosts. Normally appears inside a <Limit> range.
--------------------------------------------------------------------------------
AuthGroupFile
Syntax:
AuthGroupFile filename
where filename is the name of file containing group definitions in the form:
groupname: user user ...
Must not appear within a <Limit> range.
Effect:
Specifies that the named group file is to be used for any group definitions referenced in a require group directive.
--------------------------------------------------------------------------------
AuthUserFile
Syntax:
AuthUserFile filename
where filename is the name of file containing user definitions in the form:
username:password
where username is a user login name, and password is the crypt()-encrypted password.
Must not appear within a <Limit> range.
Effect:
Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive.
--------------------------------------------------------------------------------
AuthName
Syntax:
AuthName authentication realm
where authentication realm is a string identifying an authorization realm to be associated with any request for user authentication.
Must not appear within a <Limit> range.
Effect:
The authentication realm string typically appears in the prompt for username and password on the client side. It may affect caching of username and password on the client.
--------------------------------------------------------------------------------
AuthType
Syntax:
AuthType Basic
Must not appear within a <Limit> range.
Effect:
Specifies the user authentication method as HTTP Basic Authentication, the only method currently supported.
--------------------------------------------------------------------------------
Deny
Syntax:
deny from host host ...
where host is all, to deny access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address
Must be enclosed within a <Limit> range.
Effect:
Denies access to the specified hosts. Normally appears inside a <Limit> range.
--------------------------------------------------------------------------------
<Limit>
Syntax:
<Limit method method ...> allow, deny, order, or require directives </Limit>
where method is a HTTP method such as GET, POST, or PUT.
Effect:
Applies the enclosed directives only for requests using the specified HTTP methods.
--------------------------------------------------------------------------------
Order
Syntax:
order ordering
where ordering is one of:
allow,deny
deny,allow
mutual-failure
Must be enclosed within a <Limit> range.
Effect:
allow,deny evaluates allow directives and then deny directives. deny, allow evaluates deny directives and then allow directives.
mutual-failure denies access for a host listed in both allow and deny directives, regardless of their ordering.
--------------------------------------------------------------------------------
Require
Syntax:
require group groupname groupname ...
require user username username ...
require valid-user
Must be enclosed within a <Limit> range.
Effect:
require group requires the authenticated user to be a member of one of the specified groups.
require user requires the authenticated user to be one of the specified users.
require valid-user requires an authenticated user.
--------------------------------------------------------------------------------
Here is a sample .htaccess file, so you can see what it looks like.
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mxyzptlk.kawaii.com
AuthUserFile /DocRoot/mxyz-docs/_vti_pvt/service.pwd
AuthGroupFile /DocRoot/mxyz-docs/_vti_pvt/service.grp
I'm assuming you are using angelfire, or something of the like...geocities? If so, I have a JAVA script which is very insecure, but keeps the morons out. All they have to do is View Source of the page, but if you make the password equal a numerical formula, and the formula equals a number, then the password is that number, a little more complicated for the idiots.
Code:<script language="javascript">
<!--
/*This should be the only thing in index.html, it will redirect you to another page if
the password is right.*/
var RIGHTANSWER = 1;
var pwd = prompt("Password Please:", "Enter It Here");
var password="Enter"; //Change what's in the quotes to your password
if (pwd != password){
RIGHTANSWER = 2;
}
if (RIGHTANSWER != 1);{
location.href = 'http://www.javacoffeebreak.com/java101/java101.html'; /*the URL to send them to if they are wrong (CHANGE IT) */
}
if (pwd == password){
location.href = "index2.html"; //URL to send them to if they are right
}
You need to give us some more information on what type of server/website you're using so that we can find the right script for you.
Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is LovePHP Code:
<script Language="JavaScript">
function password (pass) {
var password = ''
if (password != null){
location.href= pass + ".html";
}
}
</script>
<FORM name="login">
<table border=0 width="50%">
<tr>
<td>Password:</td>
<td><INPUT type="password" NAME="pass"></td>
</tr>
<tr>
<td></td>
<td><INPUT TYPE="button" VALUE="Enter" onClick="password(form.pass.value)"></td>
</tr>
<tr>
</table>
<!--Please press the 'Enter' button if you want this to work.-->
</form>
Look at this thread for how to make a php application with passwords/logins stored in a database.
http://www.antionline.com/showthread...hreadid=247222
i was on a site a few days ago...cant really remember what it was called but it has a bunch of different codes...um search google for something like password coding shared programs thats what i did but sorry i cant remember the name...if i find it i will edit this post with the site name.
The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.Quote:
Originally posted here by SDK
Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is LovePHP Code:
<script Language="JavaScript">
function password (pass) {
var password = ''
if (password != null){
location.href= pass + ".html";
}
}
</script>
<FORM name="login">
<table border=0 width="50%">
<tr>
<td>Password:</td>
<td><INPUT type="password" NAME="pass"></td>
</tr>
<tr>
<td></td>
<td><INPUT TYPE="button" VALUE="Enter" onClick="password(form.pass.value)"></td>
</tr>
<tr>
</table>
<!--Please press the 'Enter' button if you want this to work.-->
</form>
Perhaps.. but I could use a program like wget to download the page or something like proximitron or archilles to act as a go-between to get source and then go through the source and figure it out. The ideal would be to get the password from a location other than the HTML files.Quote:
The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.
Just thought.... If it's an IIS server set the permissions to not allow anonymous access.... Create a username/password combination for the access and "Bob's your uncle"......