Simple Complete Script To Password Protect An Area On Your Site

mike1023 · 10-08-2007, 12:07 PM

Hi,

I thought I would post a simple method to password protect an area on your website and include the files needed.

This can easily be done client side using JavaScript, however be aware that this should not be used for transactions and areas that should be forbidden in a heavy manner. The best use of this script is for a generic area that should be protected.
????: NamePros.com http://www.namepros.com/code/382647-simple-complete-script-password-protect-area.html

You can copy and paste the form anywhere you want in your page to provide the "user" and "pass" form. Edit the script where it is noted and change the URLs for the redirect pages.
--------------------------------------------------------------------------

Code:

<form>
<p><span class="formtextstyle">Enter User Name: </span><span class="formaccent">*</span>
 
    <input name="text2" type="text" class="formstyle" value="Login" size="20" maxlength="10"> 
    <span class="formtextstyle">Enter Password:</span>
    <span class="formaccent">*</span>    
<input name="text1" type="password" class="formstyle" value="password" size="20" maxlength="10"> 
  <input name="Submit" type="button" class="formstyle" onclick=javascript:validate(text2.value,"user",text1.value,"pass") value="Go  &gt;&gt;" > 
  
  <!-- changing the words "user" and "pass" above will modify the user name and password for login.-->
</p>
</form>
<script language="javascript">

function validate(text1,text2,text3,text4)
{
 if (text1==text2 && text3==text4)
 load('success.html'); <!--This is your page that the user is taken to when they have entered the correct login information. You can change it to whatever you want.-->
 else 
 {
  load('failure.html'); <!--This is the page the user is taken to when they have entered the incorrect login information. You can change it to whatever you want.-->
 }
}
function load(url)
{
 location.href=url;
}
</script>

--------------------------------------------------------------------------
Thats it! Enjoy!

Daniel · 10-08-2007, 12:20 PM

I don't mean to be rude but Javascript for a secure area is suicide

.

-NC- · 10-08-2007, 12:22 PM

Anyone considering using this should be warned that it can be bypassed by anyone who knows how to view the html source of a page.

mike1023 · 10-08-2007, 12:27 PM

right on i agree! Maybe i didn't make my warning clear enough on it :-|

Everyone please know that this is ALL client side so anyone with knowledge of pretty much anything development related could look at the source and see the code to enter the access area.

I would only use it for friendly sites that are not needed to be protected in a "unaccessible" way. Otherwise use a server side script PHP or something similar.

Daniel · 10-08-2007, 12:38 PM

Here's a half-assed attempt by me. You'd need to check on the page it goes to that the details are correct.

PHP Code:

  <?php 

 
define("ADMIN", "danltn");

define("PASSWORD", "password");

define("CORRECTPAGE", "randomfile.php");

????: NamePros.com http://www.namepros.com/showthread.php?t=382647
 
$page = $_SERVER['PHP_SELF']; 

if(isset($_GET['out'])) { setcookie("pass","NULL"); setcookie("admin","NULL"); header("Location: $page"); exit();  }

if(isset($_POST['pass'])) { setcookie("pass",md5($_POST['pass'])); setcookie("admin",md5($_POST['admin'])); header("Location: $page?fail"); }

????: NamePros.com http://www.namepros.com/showthread.php?t=382647
if($_COOKIE['pass'] == md5(PASSWORD) && $_COOKIE['admin'] == md5(ADMIN)) { header("Location: ".CORRECTPAGE); } 

 
?>

<div align="center">

<div style="width:400px;background-color:#DDA;padding:25px;" align="center">

 
<form action="login.php" method="POST">

<h1 style="font-size:20px;">Login</h1>

<?php if(isset($_GET['fail'])) { echo '<span style="padding:10px;"><u>Username</u> or <u>password</u> were incorrect.</span> <br /><br />'; } ?>

Username: <input style="font-size:18px;" type="text" name="admin" /><br /><br />

Password: <input style="font-size:18px;" type="password" name="pass" /><br /><br />

<input type="submit" name="submit" value="Login"  style="font-size:18px;" />

</form>

</div>

</div>

mike1023 · 10-08-2007, 03:01 PM

nice one!

10-08-2007, 12:20 PM	#2 (permalink)
Daniel Danltn.com Join Date: May 2007 Location: Danltn.com / Nottingham, UK Posts: 1,201	I don't mean to be rude but Javascript for a secure area is suicide . __________________ :lala: *VERY CHEAP ADVANCED* BULK DOMAIN-STATISTICS LOOKUP** :kickass: Danltn's Blog - Daniel Neville's Site Spoof your links! Submit your blog NOW! Putting bloggers on the map!

10-08-2007, 12:22 PM	#3 (permalink)
-NC- Traveller Join Date: Mar 2007 Location: Yet another city Posts: 1,419	Anyone considering using this should be warned that it can be bypassed by anyone who knows how to view the html source of a page. __________________ NameCooler.com

10-08-2007, 12:38 PM	#5 (permalink)
Daniel Danltn.com Join Date: May 2007 Location: Danltn.com / Nottingham, UK Posts: 1,201	Here's a half-assed attempt by me. You'd need to check on the page it goes to that the details are correct. PHP Code: <?php define("ADMIN", "danltn"); define("PASSWORD", "password"); define("CORRECTPAGE", "randomfile.php"); ????: NamePros.com http://www.namepros.com/showthread.php?t=382647 $page = $_SERVER['PHP_SELF']; if(isset($_GET['out'])) { setcookie("pass","NULL"); setcookie("admin","NULL"); header("Location: $page"); exit(); } if(isset($_POST['pass'])) { setcookie("pass",md5($_POST['pass'])); setcookie("admin",md5($_POST['admin'])); header("Location: $page?fail"); } ????: NamePros.com http://www.namepros.com/showthread.php?t=382647 if($_COOKIE['pass'] == md5(PASSWORD) && $_COOKIE['admin'] == md5(ADMIN)) { header("Location: ".CORRECTPAGE); } ?> <div align="center"> <div style="width:400px;background-color:#DDA;padding:25px;" align="center"> <form action="login.php" method="POST"> <h1 style="font-size:20px;">Login</h1> <?php if(isset($_GET['fail'])) { echo '<span style="padding:10px;"><u>Username</u> or <u>password</u> were incorrect.</span> <br /><br />'; } ?> Username: <input style="font-size:18px;" type="text" name="admin" /><br /><br /> Password: <input style="font-size:18px;" type="password" name="pass" /><br /><br /> <input type="submit" name="submit" value="Login" style="font-size:18px;" /> </form> </div> </div> __________________ :lala: *VERY CHEAP ADVANCED* BULK DOMAIN-STATISTICS LOOKUP** :kickass: Danltn's Blog - Daniel Neville's Site Spoof your links! Submit your blog NOW! Putting bloggers on the map!

10-08-2007, 12:27 PM	THREAD STARTER #4 (permalink)
mike1023 Account Closed Join Date: Jul 2007 Posts: 349	right on i agree! Maybe i didn't make my warning clear enough on it :-\| Everyone please know that this is ALL client side so anyone with knowledge of pretty much anything development related could look at the source and see the code to enter the access area. I would only use it for friendly sites that are not needed to be protected in a "unaccessible" way. Otherwise use a server side script PHP or something similar.

10-08-2007, 03:01 PM	THREAD STARTER #6 (permalink)
mike1023 Account Closed Join Date: Jul 2007 Posts: 349	nice one!

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)