Password protecting a website

[Katja]

What's your hosting company that you're using?
Oh, doesn't matter much anyway. With free hosting sites you tend to get what you pay for. In this case you probably have very limited functionality on that site. No Perl or PHP and probably no ASP either. Maybe not even JSP or other server-side functionality. So SSL security either so just assume this website is just unsafe.

If you want to just test your webbuilding skills, install either Apache or IIS on your own system and start hosting your site on your own computer. Then you can play with this a bit more.

In general, free webhosts will prefer to not host websites that have limited access, simply because that would limit the number of visitors. Those free hosts tend to include small advertisements in your webpages because that's where they get their revenue from. Thus they profit more if your site has more visitors. They won't be happy with those secure pages...

[J_K9]

Thanks valhallen! I've set it up on the web hosting site and it works like a charm! Many, many thanks!

Katja: I know how to use Apache (even though I didn't know things like the .htaccess file), but it would be impossible for me to host my own site because my ISP is so crap that my router is disconnected from it at least once a day, for a period of (on average) 30 mins. I think that settles it

Oh, the web host is SiteBurg.com and they allow much more than you would think in terms of languages and features. Hell, they even allow MySQL databases! Oh, and I don't mind if they kick me off webhosting, because the site's only temporary until I buy a proper domain and have my site hosted by a proper company.

Peace out,

J_K9

[theorpheus]

If your website is develomental stages, then I recommend you use javascript for the time being. Sometimes Javascript can be too revealing if the user looks up the source code.. but there are simple mathematical formulae that could help you disguise your password.. for example..

I used the code below to password protect a website that I was building.

<script>
var pass=new Array()
var t3=""
var lim=8
pass[0]="bW2p8VNKLckHSxp"
pass[1]="LjtBBAPWyzBCVbt"
pass[2]="7PHtDhlEftbicoO"
pass[3]="BBIKGJAB798YA9D"
pass[4]="8gkJSUdqQc0TMmLy"
pass[5]="44gkJSUdqQc0TMmL"

var extension=".html"
var enablelocking=0
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
var temp3=''
var cur=0


function max(which){
return (pass[Math.ceil(which)+(3&15)].substring(0,1))
}

function testit(input){
temp=numletter.indexOf(input)
var temp2=temp^parseInt(pass[phase1-1+(1|3)].substring(0,2))
temp2=numletter.substring(temp2,temp2+1)
return (temp2)
}


function submitentry(){
t3=''
verification=document.password1.password2.value
phase1=Math.ceil(Math.random())-6+(2<<2)
var indicate=true
for (i=(1&2);i<window.max(Math.LOG10E);i++)
t3+=testit(verification.charAt(i))
for (i=(1&2);i<lim;i++){
if (t3.charAt(i)!=pass[phase1+Math.round(Math.sin(Math.PI/2)-1)].charAt(i))
indicate=false
}
if (verification.length!=window.max(Math.LOG10E))
indicate=false
if (indicate)
window.location=verification+extension
else
alert("Invalid password. Please try again!")
}
</script>

The password I disguised was 99026189. So when a user enters the right password, it directs the user to 99026189.html
So say for instance you want to use that above code to password protect your main page, your main page has to be named 99026189.html

See what you can do with this..

Also, look up Google.. you may be able to find some auto code generators.

[Soda_Popinsky]

Javascript authentication is so weak it shouldn't even be considered. If your server side script works, use it. If .htaccess files work, even better.

[J_K9]

val's little php script works amazingly, so thanks for the extra suggestion, but I think I'm gonna stick with his (no offence) .

J_K9

[theorpheus]

I agree. JavaScript is very weak. But its kinda useful when you dont have too many options and when your website is still in developmental phases. but If you've got any other options available, you should definitely choose them over Java.

[J_K9]

Thanks for the script anyway...I hope you didn't type that out just for me!

J_K9

[Katja]

J_K9, when I meant testing it on your local machine, I really meant it like that too! Doesn't matter if your ISP disconnects you for 30 minutes or maybe even for a whole day. You just install the server software locally and access your own computer locally! You don't even need any Internet connection! It's done all on your local system. At least, that's how I test my own webpages. Try it on your local system by browsing to http://localhost or http://127.0.0.1 or http://YourMachineName or whatever.
If you have two computers and they are connected with a network, you can even install the webhost on one computer and browse to it from the other. You could, for example, an old second-hand computer with not much memory and diskspace, install FreeBSD or Linux on it with Apache and use that one as host for your tests. It only has to be connected to your other system that you'll use to brose to ut.

The biggest advantage? This saves a lot of time uploading all your stuff to this webhost...

Besides, if you want to have a live test with others accessing your site, it shouldn't matter much if it's down even half the time... It's a test, remember?