how to place password in webpage.....
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: how to place password in webpage.....

  1. #1
    Banned
    Join Date
    Feb 2004
    Posts
    5

    how to place password in webpage.....

    hi,
    i need help to place a password in webpage so that when user enters pop up window should ask password to enter in to website...........plz help me....
    Share on Google+

  2. #2
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    what type of server is the website running???


    If its apache, you need to create a .htaccess file


    Here's a detailed explanation on how to do it:

    1. Create the ".htaccess" access control file
    Create this file using Notepad or SimpleText or some other plain text editor. When complete, transfer the file using your favourite FTP program to the directory to be protected WEBPOST web account. Here is a sample of the ".htaccess" file used to protect directory:



    AuthUserFile /usr/local/ns-home/docs/webpost/help/PasswordProtection/.htpass
    AuthName My Web Site
    <Limit GET POST>
    require valid-user
    </Limit>
    Leave a blank link at the end of your file.

    Note: If you can not create a file called ".htaccess" on your PC, give it a different name such as "htaccess.txt" When you transfer this file to your WEBPOST account, use your FTP program to rename this file as ".htaccess". Your directory will not be protected unless a valid ".htaccess" and password file are present.

    --------------------------------------------------------------------------------

    2. Create the ".htpass" user/password file
    The ".htpass" file is a list of usernames and encrypted passwords that may look like the following:

    PHIL1010:9AFcmybXs1JV2
    SOCRATES8d8I.6b.hwWg
    PLATO:wizDR5wi.JkYc
    Each username and password is separated by a colon. You can create this file on any DOS, Windows 3.x/95/98/NT system using the following utility: htpass.exe



    Download htpass to your local drive and store it in a directory such as "C:\WEBPASS"

    Open a DOS shell window and change into the WEBPASS directory.

    Enter the following command to create a password file and add your first user:

    htpass -c htpass.pwd myclass

    You will first be prompted for a password for "myclass" (or whatever username you choose). You will be prompted to re-type the password a second time. Here is what the session would look like:

    C:\webpass>htpass -c htpass.pwd myclass
    Adding password for myclass.
    New password:
    Re-type new password:

    C:\webpass>


    The "-c" switch creates the specified password file. After the file has been created, you can add new users or change existing passwords with the following command:
    htpass htpass.pwd nextuser

    C:\webpass>htpass htpass.pwd nextuser
    Adding password for nextuser.
    New password:
    Re-type new password:

    C:\webpass>




    The simplest approach is to create a single login for your site and share that password with anyone authorized to get in. If you prefer, you can create dozens of passwords -- enough for each member of your class. It you choose to use this service, it will be up to you manage these passwords.



    --------------------------------------------------------------------------------

    3. Transfer ".htaccess" and ".htpass" to the protected directory in your WEBPOST accound.
    In order to work, your protected directory must contain valid .htaccess and .htpass files. On some systems (DOS, Windows 3.x), you can not create file names such as ".htaccess". However, you can transfer these files to your WEBPOST account using FTP. Once the files have been transferred, you can also use your FTP program to rename them.

    Security note: we have configured our web server so that ".htaccess" and ".htpass" files can not be viewed by any browser over the web. If you make frequent changes to your ".htpass" file, you can also call it "htpass.pwd". "htpass.pwd" files can not be view by browsers on www.yorku.ca



    --------------------------------------------------------------------------------

    4. Additional Information:
    There are a number of key words and sections that make up ".htaccess" files.

    Keyword/Section Explanation
    AuthUserFile the fullpath to the protected directory (as seen from www.yorku.ca). In other words, to protect http://www.yorku.ca/faculty/academic/professor/myclass you would need to specify:
    AuthUserFile /usr/local/ns-home/docs/webpost/faculty/academic/prof/myclass/.htpass

    AuthName is simply the name of your protected area. It will appear in the login prompt.
    <Limit GET POST> </Limit> se the Limit tag to specify the HTTP actions you wish to permit. GET and POST will allow users to get pages and post forms on your site.
    require valid-user This directive allows all users in the specified .htpass file to log into the directory
    require user user1 user2 user3 Allows a list of specific users to log into the directory.



    The following Appendix is from Netscape's "Using .htaccess instead of .nsconfig"

    Appendix A - Supported .htaccess Directives

    The following .htaccess directives are supported in this release:



    --------------------------------------------------------------------------------

    Allow

    Syntax:

    allow from host host ...

    where host is all, to allow access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address.

    Must be enclosed within a <Limit> range.

    Effect:

    Allows access to the specified hosts. Normally appears inside a <Limit> range.





    --------------------------------------------------------------------------------

    AuthGroupFile

    Syntax:

    AuthGroupFile filename

    where filename is the name of file containing group definitions in the form:

    groupname: user user ...

    Must not appear within a <Limit> range.

    Effect:

    Specifies that the named group file is to be used for any group definitions referenced in a require group directive.





    --------------------------------------------------------------------------------

    AuthUserFile

    Syntax:

    AuthUserFile filename

    where filename is the name of file containing user definitions in the form:

    usernameassword

    where username is a user login name, and password is the crypt()-encrypted password.

    Must not appear within a <Limit> range.

    Effect:

    Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive.





    --------------------------------------------------------------------------------

    AuthName

    Syntax:

    AuthName authentication realm

    where authentication realm is a string identifying an authorization realm to be associated with any request for user authentication.

    Must not appear within a <Limit> range.

    Effect:

    The authentication realm string typically appears in the prompt for username and password on the client side. It may affect caching of username and password on the client.





    --------------------------------------------------------------------------------

    AuthType

    Syntax:

    AuthType Basic

    Must not appear within a <Limit> range.

    Effect:

    Specifies the user authentication method as HTTP Basic Authentication, the only method currently supported.





    --------------------------------------------------------------------------------

    Deny

    Syntax:

    deny from host host ...

    where host is all, to deny access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address

    Must be enclosed within a <Limit> range.

    Effect:

    Denies access to the specified hosts. Normally appears inside a <Limit> range.





    --------------------------------------------------------------------------------

    <Limit>

    Syntax:

    <Limit method method ...> allow, deny, order, or require directives </Limit>

    where method is a HTTP method such as GET, POST, or PUT.

    Effect:

    Applies the enclosed directives only for requests using the specified HTTP methods.





    --------------------------------------------------------------------------------

    Order

    Syntax:

    order ordering

    where ordering is one of:

    allow,deny
    deny,allow
    mutual-failure

    Must be enclosed within a <Limit> range.

    Effect:

    allow,deny evaluates allow directives and then deny directives. deny, allow evaluates deny directives and then allow directives.
    mutual-failure denies access for a host listed in both allow and deny directives, regardless of their ordering.





    --------------------------------------------------------------------------------

    Require

    Syntax:

    require group groupname groupname ...
    require user username username ...
    require valid-user

    Must be enclosed within a <Limit> range.

    Effect:

    require group requires the authenticated user to be a member of one of the specified groups.

    require user requires the authenticated user to be one of the specified users.

    require valid-user requires an authenticated user.





    --------------------------------------------------------------------------------

    Here is a sample .htaccess file, so you can see what it looks like.

    <Limit GET POST>
    order deny,allow
    deny from all
    allow from all
    </Limit>
    <Limit PUT DELETE>
    order deny,allow
    deny from all
    </Limit>
    AuthName mxyzptlk.kawaii.com
    AuthUserFile /DocRoot/mxyz-docs/_vti_pvt/service.pwd
    AuthGroupFile /DocRoot/mxyz-docs/_vti_pvt/service.grp
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351
    I'm assuming you are using angelfire, or something of the like...geocities? If so, I have a JAVA script which is very insecure, but keeps the morons out. All they have to do is View Source of the page, but if you make the password equal a numerical formula, and the formula equals a number, then the password is that number, a little more complicated for the idiots.

    Code:
    <script language="javascript">
    <!--
    /*This should be the only thing in index.html, it will redirect you to another page if
    the password is right.*/
    
    var RIGHTANSWER = 1;
    var pwd = prompt("Password Please:", "Enter It Here");
    var password="Enter"; //Change what's in the quotes to your password
    
    if (pwd != password){
    	RIGHTANSWER = 2;
    }
    
    if (RIGHTANSWER != 1);{
    	location.href = 'http://www.javacoffeebreak.com/java101/java101.html'; /*the URL to send them to if they are wrong (CHANGE IT) */
    }
    
    if (pwd == password){
    	location.href = "index2.html"; //URL to send them to if they are right
    }
    Geek isn't just a four-letter word; it's a six-figure income.
    Share on Google+

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    You need to give us some more information on what type of server/website you're using so that we can find the right script for you.
    Share on Google+

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    PHP Code:
    <script Language="JavaScript">

    function 
    password (pass)  {

    var 
    password ''


    if (password != null){
            
    location.hrefpass ".html";
    }
    }

    &
    lt;/script>
    &
    lt;FORM name="login">
    &
    lt;table border=0 width="50%">
    &
    lt;tr>
     &
    lt;td>Password:</td>
     &
    lt;td><INPUT type="password" NAME="pass"></td>
    &
    lt;/tr>
    &
    lt;tr>
     &
    lt;td></td>
     &
    lt;td><INPUT TYPE="button" VALUE="Enter"  onClick="password(form.pass.value)"></td>
    &
    lt;/tr>
    &
    lt;tr>
    &
    lt;/table>
    &
    lt;!--Please press the 'Enter' button if you want this to work.-->
    &
    lt;/form&gt
    Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is Love
    -Simon \"SDK\"
    Share on Google+

  6. #6
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,121
    Look at this thread for how to make a php application with passwords/logins stored in a database.

    http://www.antionline.com/showthread...hreadid=247222
    Share on Google+

  7. #7
    Banned
    Join Date
    Jun 2003
    Posts
    23
    i was on a site a few days ago...cant really remember what it was called but it has a bunch of different codes...um search google for something like password coding shared programs thats what i did but sorry i cant remember the name...if i find it i will edit this post with the site name.
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    351

    Source Code...

    Originally posted here by SDK
    PHP Code:
    <script Language="JavaScript">

    function 
    password (pass)  {

    var 
    password ''


    if (password != null){
            
    location.hrefpass ".html";
    }
    }

    &
    lt;/script>
    &
    lt;FORM name="login">
    &
    lt;table border=0 width="50%">
    &
    lt;tr>
     &
    lt;td>Password:</td>
     &
    lt;td><INPUT type="password" NAME="pass"></td>
    &
    lt;/tr>
    &
    lt;tr>
     &
    lt;td></td>
     &
    lt;td><INPUT TYPE="button" VALUE="Enter"  onClick="password(form.pass.value)"></td>
    &
    lt;/tr>
    &
    lt;tr>
    &
    lt;/table>
    &
    lt;!--Please press the 'Enter' button if you want this to work.-->
    &
    lt;/form&gt
    Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is Love
    The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.
    Geek isn't just a four-letter word; it's a six-figure income.
    Share on Google+

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.
    Perhaps.. but I could use a program like wget to download the page or something like proximitron or archilles to act as a go-between to get source and then go through the source and figure it out. The ideal would be to get the password from a location other than the HTML files.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Share on Google+

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Just thought.... If it's an IIS server set the permissions to not allow anonymous access.... Create a username/password combination for the access and "Bob's your uncle"......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides