• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Simple Password Protection on DW page

New Here ,
Dec 17, 2009 Dec 17, 2009

Copy link to clipboard

Copied

Hi, I am trying to employ a simple password-only protection to some pages on a website I'm building.  I've found what should be the appropriate code at this site: http://javascriptkit.com/script/cut10.shtml

Here is their sample code, password only with a simple popup window to enter the password:

<SCRIPT>
function passWord() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password',' ');
while (testV < 3) {
if (!pass1)
history.go(-1);
if (pass1.toLowerCase() == "letmein") {
alert('You Got it Right!');
window.open('protectpage.html');
break;
}
testV+=1;
var pass1 =
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1.toLowerCase()!="password" & testV ==3)
history.go(-1);
return " ";
}
</SCRIPT>
<CENTER>
<FORM>
<input type="button" value="Enter Protected Area"     onClick="passWord()">
</FORM>
</CENTER>

The difference is that instead of the centered input = button their sample has on the javascriptkit.com page, I'd like the form to be launched from the click of my Log In button I have in my design – or from clicking on the links for the three pages named: 'membermeetings.htm', 'boardmemberscommittee.htm', 'news_n_photos.htm'.  Am I missing a <Form> wrap?

I could also use some tips on where and how much code to put into my <body> section; all of it, part of it?

Here is the code I entered in by adding "Call JavaScript" in behaviors:

onclick="MM_callJS('(\'function passWord() { var testV = 1; var pass1 = prompt(\\\'Please Enter Your Password\\\',\\\' \\\'); while (testV &lt; 3) { if (!pass1) history.go(-1); if (pass1.toLowerCase() == \\&quot;community\\&quot;) { alert(\\\'Welcome!\\\'); window.open(\\\'membermeetings.html\\\',\\\'boardmemberscommittee.htm\\\',\\\'news_n_photos.htm\\\'); break; } testV+=1; var pass1 = prompt(\\\'Access Denied - Password Incorrect, Please Try Again.\\\',\\\'Password\\\'); } if (pass1.toLowerCase()!=\\&quot;password\\&quot; & testV ==3) history.go(-1); return \\&quot; \\&quot;; }

Thanks in advance for your help!  Brent

Views

25.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

LEGEND , Jun 21, 2018 Jun 21, 2018

Password protecting a folder is done on the webserver.  The JavaScript at the top of this thread is insecure, as osgood_ pointed out that anyone can see the password by simply using "View Source".

If you want a secure login for a site, or a section of a site, you need a server-side solution (ie, ColdFusion/Lucee, PHP, JSP, etc.)

V/r,

^ _ ^

Votes

Translate

Translate
New Here ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

Well... osgood... thank you again!  I was able to copy / paste and adjust the text... and now have a two username / password system!

Thanks much!

Linette

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

I spoke too soon.  I had my husband type in the URL directly (the volunteers only page that is to be password protected) and the browser loaded the page.

I do have the following code at the very beginning of the page:

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

What do I look for, what isn't right?  Would appreciate your help!

Linette

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

redtail_SOAR wrote:

I spoke too soon.  I had my husband type in the URL directly (the volunteers only page that is to be password protected) and the browser loaded the page.

I do have the following code at the very beginning of the page:

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

What do I look for, what isn't right?  Would appreciate your help!

Linette

Did your husband sign in - get taken to the protected page - then type the protected pages url in the browser?

The session would still be live until the browser is completely closed down and rebooted.

I've just done a dummy test in a 'fresh' browser and get taken to your login page.

HINT: You also want to change the usernames and passwords (which I'm sure you were going to do in good time) right?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

He doesn't think so...

So, it sounds like you got the page to behave as it should.  I had tested the page in Chrome... so I closed Chrome and relaunched.  I typed in the volunteer's URL directly and could see the page... I did not get redirected to the sign-in screen.

I just launched IE (which I don't use unless I have to) and typed the VolunteersOnly URL and it went directly to the page.

Husband just got done working... I opened IE on his computer and typed the VolunteersOnly URL and it went directly to the page.

Why, when we use a fresh / different browser we do not get rerouted to the login page?

Thanks for your help.  I'm going to unload step away from technology for a bit and let the 0s and 1s dribble out my ears.

Linette

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

Something is not right at the top of your 'protected' page.

Try just inserting the below first. It must be right at the top before any other code on the page and no spaces between the lines.

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

Duh.......your protected page is not a php page it's an html page. It has to be a .php page. Just change the .html to .php and update any links to it then try gaining access directly again.

(php code won't work in an .html page)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

I just changed the file type and uploaded... and closed out Chrome and

tried the direct URL and it went there, not to the login. Could it be that

I've not restarted the entire computer? Husband was across the hall...

we're using the same internet connection...

Shutting down and will look at this later. Thanks again.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

AFAIK, Chrome does not clear session cookies on close unless you explicitly set it this way in advanced settings. IE probably does too. I believe this behavior was added to allow you to resume where you left off if your browser crashes.

So, make sure you keep your session timeout to a minimum.

>Could it be that I've not restarted the entire computer?

no

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

I had shut down the computer and just fired up again.  I opened Chrome and cleared data for the last four weeks... and entered the page URL that should be password protected and the page loaded... I did not clear data on Firefox... but hadn't used that browser to check this issue... and the page loaded...

<sigh>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 03, 2014 Nov 03, 2014

Copy link to clipboard

Copied

redtail_SOAR wrote:

I had shut down the computer and just fired up again.  I opened Chrome and cleared data for the last four weeks... and entered the page URL that should be password protected and the page loaded... I did not clear data on Firefox... but hadn't used that browser to check this issue... and the page loaded...

<sigh>

It can get pretty confusing when testing because once you login the session is set. What you are most concerned about is 'external' people - those who won't have been able to login so the session will never be set.

I don't see anything wrong with the  'redirect' code that takes you to the login page IF the username  and password session variables have NOT been set. I tested the code in Firefox and Safari and it works for me. I haven't tested in Chrome but it would be no different - all browsers will treat this block of php code the same.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Nov 04, 2014 Nov 04, 2014

Copy link to clipboard

Copied

Regarding the landing page (VolunteersOnly)... I simply renamed the file

from a *.html to *.php in the My Documents area as opposed to going into DW

and doing a Save As. Is that okay to do it that way?

Thanks again for everyone's help. It's times like this that I realize that

I don't know what I don't know...

L.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Nov 04, 2014 Nov 04, 2014

Copy link to clipboard

Copied

redtail_SOAR wrote:

Regarding the landing page (VolunteersOnly)... I simply renamed the file

from a *.html to *.php in the My Documents area as opposed to going into DW

and doing a Save As.  Is that okay to do it that way?

Yes that's fine.

What's happened to your login page - have you disabled it?

http://www.soarraptors.org/passtest.php

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

Oh my... help, please.

Now that I'm ready to add the Volunteer Login button to my DW template and upload... now I can no longer see the signin page...

In the DW template for my site... I added a button to the bottom of the vertical menu and linked that button to passtest.php  I also changed the password in the passtest.php page from the example 'elephant.'

I saved the template and applied to all my pages, but only uploaded one page of the site with the updated menu.  I uploaded to the server the password.php page.

I click on the Volunteers Only menu button and the browser takes me directly to VolunteersOnly.php and by-passed the login page.

Here is the code copy/pasted from the password.php page.  I'm about to scream... Is there something wrong with the code now?

When I type the direct url for the login page in Chrome... the error message says "the webpage has a redirect loop"  Please help me find that.

Thank you, thank you!

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

<?php  session_start() ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>SOAR Login</title>

<?php

if (array_key_exists('ewTest' , $_POST)) {

$username = trim($_POST['username']);

$password = trim($_POST['password']);

if (($username == "SOAR_Volunteer") && ($password == "6bc_ieDw"))

{

$response = "Thank you! <a href='VolunteersOnly.php'>Enter Here</a>";

}

else {

$response = "Sorry, you do not have permission to access this webpage!";

}

}

?>

<style type="text/css">

#wrapper {

width: 250px;

padding: 40px;

margin: 40px auto;

background-color:#EADCAE;

font-family: verdana, arial, helvetica, sans-serif;

font-size: 12px;

}

#wrapper p {

margin: 0 0 0 0;

padding: 0;

text-align: center;

}

input {

width: 250px;

}

input#submit {

width: 100px;

margin: 15px 0 0 0;

}

</style>

</head>

<body>

<div id="wrapper">

  <h3><img src="Images/SOARAvatar_PP.jpg" width="100" height="100" hspace="75" vspace="10" />

  </h3>

  <h2>Please enter your Username & Password below. (Case sensitive)  </h2>

  <form id="form1" name="form1" method="post" action="passtest.php">

<label>Username</label><br />

<input type="text" name="username" id="username" value=""/><br />

<label>Password</label><br />

<input type="text" name="password" id="password" value=""/><br />

<input type="submit" name="ewTest" id="submit" value="Submit" />

</form>

<p style="margin-top: 10px;">

<?php if(isset($response)) echo $response;?>

</p>

</div>

</body>

</html>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

We'd need to see the code on the page:  http://www.soarraptors.org/passtest.php

If the code you posted is from that page, then there's your answer. You are redirecting to the page that contains the redirect, causing a loop.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

Please show me where I'm redirecting back to that page... I am incredibly naive with php...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

?>

There's the redirection.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

Okay... I removed this chunk of code from the top of passtest.php:

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.soarraptors.org/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

Now I see the screen prompt for username and password. I enter the correct username and password and get the "please enter" but when I click on the link I am not redirected to the VolunteersOnly.php (protected) page but am sent back to the login.  The code above IS at the top of VolunteersOnly.php.

If type the protect page's url in directly... I get the login page (passtest.php)

Now there must be code missing on the protected page or the passtest.php?

Thank you!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jan 04, 2015 Jan 04, 2015

Copy link to clipboard

Copied

Well... thank you... I re-read a post from osgood from December 2011 on page 1 of this thread and compared to my passtest.php and I had two lines of code missing.  I added those, refreshed, saved, and uploaded.

It seems to work...

Cross your fingers.

Thanks again... I so appreciate all the help!

Linette

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 21, 2018 Jun 21, 2018

Copy link to clipboard

Copied

Hello, I have inserted the script that is at the top of this forum into my Dreamweaver html page. Question: Where exactly do I put the password that I want within the script? I am new to this and need a little hand-holding. Are you able to show me through a sample password where it should go within the script? Please help. Thank you.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 04, 2014 Apr 04, 2014

Copy link to clipboard

Copied

Hello,

--------- my answer was not needed, so I deleted it ---------

Hans-Günter

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 22, 2011 Dec 22, 2011

Copy link to clipboard

Copied

I copied and pasted the entire code and replaced the url in line $response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>"; with mine http://www.tri-pirates.com/pirates_only.html and after typing the user name and password all I get is a white screen with the message 'No input file specified'. What am I doing wrong?


Any suggestions?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 22, 2011 Dec 22, 2011

Copy link to clipboard

Copied

julioys wrote:

I copied and pasted the entire code and replaced the url in line $response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>"; with mine http://www.tri-pirates.com/pirates_only.html and after typing the user name and password all I get is a white screen with the message 'No input file specified'. What am I doing wrong?


Any suggestions?

Did you paste the entire code into a php page and save that page as passtest.php ? This is a php script and will only run if you have php either running on your remote server or your local server.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Dec 22, 2011 Dec 22, 2011

Copy link to clipboard

Copied

Also anyone using this php password page script should use the revised version below: Note the addition of <?php  session_start() ?> at the top of the script and $_SESSION['username'] = $username; and $_SESSION['password'] = $password; in the script. (scroll to end of script to reason of additions)

Also you need to save the login page as passtest.php as the form submits to itself.

<?php  session_start() ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Untitled Document</title>

<?php

if (array_key_exists('ewTest' , $_POST)) {

$username = trim($_POST['username']);

$_SESSION['username'] = $username;

$password = trim($_POST['password']);

$_SESSION['password'] = $password;

if (($username == "Pink") && ($password == "Elephant"))

{

$response = "Youre welcome! <a href='http://www.bbc.co.uk'>Enter Here</a>";

}

else {

$response = "Sorry, you do not have permission to access this webpage!";

}

}

?>

<style type="text/css">

#wrapper {

width: 250px;

padding: 20px;

margin: 20px auto;

background-color:#CCC;

font-family: verdana, arial, helvetica, sans-serif;

font-size: 11px;

}

#wrapper p {

margin: 0 0 0 0;

padding: 0;

text-align: center;

}

input {

width: 250px;

}

input#submit {

width: 100px;

margin: 15px 0 0 0;

}

</style>

</head>

<body>

<div id="wrapper">

<p style="margin-bottom: 10px;">Please enter your Username & Password below. (Case sensitive)</p>

<form id="form1" name="form1" method="post" action="passtest.php">

<label>Username</label><br />

<input type="text" name="username" id="username" value=""/><br />

<label>Password</label><br />

<input type="text" name="password" id="password" value=""/><br />

<input type="submit" name="ewTest" id="submit" value="Submit" />

</form>

<p style="margin-top: 10px;">

<?php if(isset($response)) echo $response;?>

</p>

</div>

</body>

</html>

Reason for additional code:

If anyone guesses the url of your protected php page and goes directly to it, without the additional code., they will be able to access the information.

At the very top of the page you are trying to protect insert the below. If the pasword and username has not been set in the login page then you will be returned to the login page - passtest.php. (just change the url below to YOUR domain name and where you keep the passtest.php page

<?php  session_start() ?>

<?php

if (!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

header("Location: http://www.yourDomainName.com/passtest.php");

}

if (isset($_SESSION['username'])) {

unset($_SESSION['username']);

session_destroy();

}

if (isset($_SESSION['password'])) {

unset($_SESSION['password']);

session_destroy();

}

?>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 03, 2014 Apr 03, 2014

Copy link to clipboard

Copied

Hi osgood,

Would this work for a Mobile app? I am creating an app for IOS and android. I am trying to password protect just one page of the app. Do you know if PHP is supported by IOS and android? I am using dreamweaver JQuery Mobile and phone gap to build my app. Please let me know.

Thank you so much!!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 03, 2014 Apr 03, 2014

Copy link to clipboard

Copied

Do you know if PHP is supported by IOS and android?

PHP is a server side language - there is no dependence on user agent type.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines