how to place password in webpage.....

[spyblasters]

hi,
i need help to place a password in webpage so that when user enters pop up window should ask password to enter in to website...........plz help me....

[Cybr1d]

what type of server is the website running???


If its apache, you need to create a .htaccess file


Here's a detailed explanation on how to do it:

1. Create the ".htaccess" access control file
Create this file using Notepad or SimpleText or some other plain text editor. When complete, transfer the file using your favourite FTP program to the directory to be protected WEBPOST web account. Here is a sample of the ".htaccess" file used to protect directory:



AuthUserFile /usr/local/ns-home/docs/webpost/help/PasswordProtection/.htpass
AuthName My Web Site
<Limit GET POST>
require valid-user
</Limit>
Leave a blank link at the end of your file.

Note: If you can not create a file called ".htaccess" on your PC, give it a different name such as "htaccess.txt" When you transfer this file to your WEBPOST account, use your FTP program to rename this file as ".htaccess". Your directory will not be protected unless a valid ".htaccess" and password file are present.

--------------------------------------------------------------------------------

2. Create the ".htpass" user/password file
The ".htpass" file is a list of usernames and encrypted passwords that may look like the following:

PHIL1010:9AFcmybXs1JV2
SOCRATES8d8I.6b.hwWg
PLATO:wizDR5wi.JkYc
Each username and password is separated by a colon. You can create this file on any DOS, Windows 3.x/95/98/NT system using the following utility: htpass.exe



Download htpass to your local drive and store it in a directory such as "C:\WEBPASS"

Open a DOS shell window and change into the WEBPASS directory.

Enter the following command to create a password file and add your first user:

htpass -c htpass.pwd myclass

You will first be prompted for a password for "myclass" (or whatever username you choose). You will be prompted to re-type the password a second time. Here is what the session would look like:

C:\webpass>htpass -c htpass.pwd myclass
Adding password for myclass.
New password:
Re-type new password:

C:\webpass>


The "-c" switch creates the specified password file. After the file has been created, you can add new users or change existing passwords with the following command:
htpass htpass.pwd nextuser

C:\webpass>htpass htpass.pwd nextuser
Adding password for nextuser.
New password:
Re-type new password:

C:\webpass>




The simplest approach is to create a single login for your site and share that password with anyone authorized to get in. If you prefer, you can create dozens of passwords -- enough for each member of your class. It you choose to use this service, it will be up to you manage these passwords.



--------------------------------------------------------------------------------

3. Transfer ".htaccess" and ".htpass" to the protected directory in your WEBPOST accound.
In order to work, your protected directory must contain valid .htaccess and .htpass files. On some systems (DOS, Windows 3.x), you can not create file names such as ".htaccess". However, you can transfer these files to your WEBPOST account using FTP. Once the files have been transferred, you can also use your FTP program to rename them.

Security note: we have configured our web server so that ".htaccess" and ".htpass" files can not be viewed by any browser over the web. If you make frequent changes to your ".htpass" file, you can also call it "htpass.pwd". "htpass.pwd" files can not be view by browsers on www.yorku.ca



--------------------------------------------------------------------------------

4. Additional Information:
There are a number of key words and sections that make up ".htaccess" files.

Keyword/Section Explanation
AuthUserFile the fullpath to the protected directory (as seen from www.yorku.ca). In other words, to protect http://www.yorku.ca/faculty/academic/professor/myclass you would need to specify:
AuthUserFile /usr/local/ns-home/docs/webpost/faculty/academic/prof/myclass/.htpass

AuthName is simply the name of your protected area. It will appear in the login prompt.
<Limit GET POST> </Limit> se the Limit tag to specify the HTTP actions you wish to permit. GET and POST will allow users to get pages and post forms on your site.
require valid-user This directive allows all users in the specified .htpass file to log into the directory
require user user1 user2 user3 Allows a list of specific users to log into the directory.



The following Appendix is from Netscape's "Using .htaccess instead of .nsconfig"

Appendix A - Supported .htaccess Directives

The following .htaccess directives are supported in this release:



--------------------------------------------------------------------------------

Allow

Syntax:

allow from host host ...

where host is all, to allow access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address.

Must be enclosed within a <Limit> range.

Effect:

Allows access to the specified hosts. Normally appears inside a <Limit> range.





--------------------------------------------------------------------------------

AuthGroupFile

Syntax:

AuthGroupFile filename

where filename is the name of file containing group definitions in the form:

groupname: user user ...

Must not appear within a <Limit> range.

Effect:

Specifies that the named group file is to be used for any group definitions referenced in a require group directive.





--------------------------------------------------------------------------------

AuthUserFile

Syntax:

AuthUserFile filename

where filename is the name of file containing user definitions in the form:

usernameassword

where username is a user login name, and password is the crypt()-encrypted password.

Must not appear within a <Limit> range.

Effect:

Specifies that the named user file is to be used for any user names referenced in a require user or require valid-user directive.





--------------------------------------------------------------------------------

AuthName

Syntax:

AuthName authentication realm

where authentication realm is a string identifying an authorization realm to be associated with any request for user authentication.

Must not appear within a <Limit> range.

Effect:

The authentication realm string typically appears in the prompt for username and password on the client side. It may affect caching of username and password on the client.





--------------------------------------------------------------------------------

AuthType

Syntax:

AuthType Basic

Must not appear within a <Limit> range.

Effect:

Specifies the user authentication method as HTTP Basic Authentication, the only method currently supported.





--------------------------------------------------------------------------------

Deny

Syntax:

deny from host host ...

where host is all, to deny access from all client hosts, or is all or the last part of a DNS host name, or is a full or partial IP address

Must be enclosed within a <Limit> range.

Effect:

Denies access to the specified hosts. Normally appears inside a <Limit> range.





--------------------------------------------------------------------------------

<Limit>

Syntax:

<Limit method method ...> allow, deny, order, or require directives </Limit>

where method is a HTTP method such as GET, POST, or PUT.

Effect:

Applies the enclosed directives only for requests using the specified HTTP methods.





--------------------------------------------------------------------------------

Order

Syntax:

order ordering

where ordering is one of:

allow,deny
deny,allow
mutual-failure

Must be enclosed within a <Limit> range.

Effect:

allow,deny evaluates allow directives and then deny directives. deny, allow evaluates deny directives and then allow directives.
mutual-failure denies access for a host listed in both allow and deny directives, regardless of their ordering.





--------------------------------------------------------------------------------

Require

Syntax:

require group groupname groupname ...
require user username username ...
require valid-user

Must be enclosed within a <Limit> range.

Effect:

require group requires the authenticated user to be a member of one of the specified groups.

require user requires the authenticated user to be one of the specified users.

require valid-user requires an authenticated user.





--------------------------------------------------------------------------------

Here is a sample .htaccess file, so you can see what it looks like.

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mxyzptlk.kawaii.com
AuthUserFile /DocRoot/mxyz-docs/_vti_pvt/service.pwd
AuthGroupFile /DocRoot/mxyz-docs/_vti_pvt/service.grp

[AxessTerminated]

I'm assuming you are using angelfire, or something of the like...geocities? If so, I have a JAVA script which is very insecure, but keeps the morons out. All they have to do is View Source of the page, but if you make the password equal a numerical formula, and the formula equals a number, then the password is that number, a little more complicated for the idiots.

Code:

<script language="javascript">
<!--
/*This should be the only thing in index.html, it will redirect you to another page if
the password is right.*/

var RIGHTANSWER = 1;
var pwd = prompt("Password Please:", "Enter It Here");
var password="Enter"; //Change what's in the quotes to your password

if (pwd != password){
	RIGHTANSWER = 2;
}

if (RIGHTANSWER != 1);{
	location.href = 'http://www.javacoffeebreak.com/java101/java101.html'; /*the URL to send them to if they are wrong (CHANGE IT) */
}

if (pwd == password){
	location.href = "index2.html"; //URL to send them to if they are right
}

[Cybr1d]

You need to give us some more information on what type of server/website you're using so that we can find the right script for you.

[SDK]

PHP Code:

<script Language="JavaScript">

function password (pass)  {

var password = ''


if (password != null){
        location.href= pass + ".html";
}
}

</script>
<FORM name="login">
<table border=0 width="50%">
<tr>
 <td>Password:</td>
 <td><INPUT type="password" NAME="pass"></td>
</tr>
<tr>
 <td></td>
 <td><INPUT TYPE="button" VALUE="Enter"  onClick="password(form.pass.value)"></td>
</tr>
<tr>
</table>
<!--Please press the 'Enter' button if you want this to work.-->
</form> 


Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is Love

[xmaddness]

Look at this thread for how to make a php application with passwords/logins stored in a database.

http://www.antionline.com/showthread...hreadid=247222

[dark dragon03]

i was on a site a few days ago...cant really remember what it was called but it has a bunch of different codes...um search google for something like password coding shared programs thats what i did but sorry i cant remember the name...if i find it i will edit this post with the site name.

[AxessTerminated]

Originally posted here by SDK

PHP Code:

<script Language="JavaScript">

function password (pass)  {

var password = ''


if (password != null){
        location.href= pass + ".html";
}
}

</script>
<FORM name="login">
<table border=0 width="50%">
<tr>
 <td>Password:</td>
 <td><INPUT type="password" NAME="pass"></td>
</tr>
<tr>
 <td></td>
 <td><INPUT TYPE="button" VALUE="Enter"  onClick="password(form.pass.value)"></td>
</tr>
<tr>
</table>
<!--Please press the 'Enter' button if you want this to work.-->
</form> 


Password will be the name of the HTML file protect. Example : Page Protect is Name "Love.html" then password is Love

The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.

[MrLinus]

The reason I used the prompt command, is that there is much less time available to actually hit esc, and then view source, you can't view source with that prompt window open, which opens upon the loading of the page.

Perhaps.. but I could use a program like wget to download the page or something like proximitron or archilles to act as a go-between to get source and then go through the source and figure it out. The ideal would be to get the password from a location other than the HTML files.

[Tiger Shark]

Just thought.... If it's an IIS server set the permissions to not allow anonymous access.... Create a username/password combination for the access and "Bob's your uncle"......