Skip to main content
johnf3870857
johnf3870857
New Participant
September 10, 2016
Answered

How can I password-protect a text-field button?

  • September 10, 2016
  • 4 replies
  • 8212 views

Using Adobe Acrobat DC.

A final button on page one is titled: 'Next Page: ADMIN only'.

How can I password protect the button to where if a student clicks on the button, a password box would pop up (so that access to the next page is restricted to admin personnel only)?

Thanks in advance!

This topic has been closed for replies.
Correct answer johnf3870857

Thank you ALL for you insightful wisdom and input to this.

And thank you, gkaiseril, for throwing in a sample script. Indeed, I will commence my Great Experiment and see what I see.

FYI to all: this is not a sensitive or confidential security matter in that the admin page simply duplicates the students Content-area entries from page one (so that our admin person can review the content for final save/printout/distribution)....so even if a student somehow got around the password protection of the hidden page template, for example, no harm no foul, lol.

Thanks again to ALL of you for your wonderful assistance on this!

John

4 replies

T
Test Screen Name
Brainiac
June 29, 2019

What would stop the student just scrolling to the next page and ignoring your button? And what would happen if the student turned off JavaScript?

T
Test Screen Name
Brainiac
September 11, 2016

Yes, but the JavaScript used when the password is entered is also going to be in the PDF... I'm not going to elaborate on hacking techniques though.

G
gkaiseril
Inspiring
September 12, 2016

Here is a sample scrip that uses the hashString encoded password.

var cTest = app.response({cQuestion: "Enter password:", cTitle: "Password Request", bPassword: true, cLabel: "Password:"});

if(cTest != null) {

var cTestPassword = Collab.hashString(cTest);

if("f1Ez7o1plZdHDei34K4zZC" == cTestPassword)

{

app.alert("valid password", 3, 0);

}

else

{

app.alert("Invalid password", 0, 0);

} // end cTest;

} // end cResponse not null;

One could add a check for the login  name to add another layer of protection and add a password to lock editing of the form.

The string "f1Ez7o1plZdHDei34K4zZC" is obtained by running the Collab.hashString() method in the JavaScript console and it is unique to the required password.

Additional security could be added by not adding the template until the form is returned or moving the data from the returned form to a copy of the form with the template.

    try67
    try67
    Community Expert
    July 2, 2019

    Wow, how great, @try67! THANK you! That little line of code did a great job! I'm halfway there, now.

    Here's a screenshot of what I have:

    <— your % is working!

    What I want to be able to do is password protect the "Score" field so that a failed password challenge does not allow an entry into the field (rejects it), <or> hide the fact that it IS a field as far as the student taking the test is concerned, but allow the instructor to unhide it, enter a score, and leave it visible. IF he decides to print the form, the Score field should print, as well.

    As long as it is not OBVIOUS that it can be hacked, I'm not too worried about that, since the instructor will be the last one to see them. Also, these will be school classroom computers that are locked down except for the capabilities needed to take tests and such, so I doubt editing capabilities would be available.

    As stated above, I have used the script in reply #8, adding it to the "Properties—>Validate—>Run custom validation script" tab, and it does, in fact, ask for and accept a password, but even if the password test fails, the number entered before the password challenge is still placed in the field. So, if I put 50% in the field and fail the password challenge, 50% is still placed in the field; i.e., anyone can modify the entry with or without the password.  >pulling my hair out!<

    Thanks!


    The code above is missing the most crucial part: The command to reject the newly entered value if the wrong password is entered.

    Basically, you can do it with this code (as the field's custom validation script):

    event.rc = (app.response("Enter the password:","","")=="1234");

    (The password in the line above is "1234")

    G
    George_Johnson
    Inspiring
    September 11, 2016

    You can set up the form so that the admin-only page is a hidden template and spawn it when the correct password is entered so that is creates a new page. Whether this is a viable approach depends on how secure it needs to be.

    johnf3870857
    johnf3870857Author
    New Participant
    September 11, 2016

    Fascinating work around, thanks for your suggestion. I setup the admin page as a hidden template (which I just did) and will now try to figure out how to create a JavaScript so that it spawns the hidden template as a visible new page, once the document password is entered....is that what you are saying?

    G
    George_Johnson
    Inspiring
    September 11, 2016

    Yes. The button would have a script that prompts the user for a password and spawns the template if it matches.

    You can use the undocumented Collab.hashString method so you don't have to store the actual password in the document.

    G
    gkaiseril
    Inspiring
    September 10, 2016

    You cannot. You can use JavaScript to lock it, but JavaScript can turned off. Also one can use JavaScript in Reder to list all form fields.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices