Simple Complete Script To Password Protect An Area On Your Site

[mike1023]

Hi,

I thought I would post a simple method to password protect an area on your website and include the files needed.

This can easily be done client side using JavaScript, however be aware that this should not be used for transactions and areas that should be forbidden in a heavy manner. The best use of this script is for a generic area that should be protected.

You can copy and paste the form anywhere you want in your page to provide the "user" and "pass" form. Edit the script where it is noted and change the URLs for the redirect pages.
--------------------------------------------------------------------------

<form>
<p><span class="formtextstyle">Enter User Name: </span><span class="formaccent">*</span>
 
    <input name="text2" type="text" class="formstyle" value="Login" size="20" maxlength="10"> 
    <span class="formtextstyle">Enter Password:</span>
    <span class="formaccent">*</span>    
<input name="text1" type="password" class="formstyle" value="password" size="20" maxlength="10"> 
  <input name="Submit" type="button" class="formstyle" onclick=javascript:validate(text2.value,"user",text1.value,"pass") value="Go  >>" > 
  
  <!-- changing the words "user" and "pass" above will modify the user name and password for login.-->
</p>
</form>
<script language="javascript">

function validate(text1,text2,text3,text4)
{
 if (text1==text2 && text3==text4)
 load('success.html'); <!--This is your page that the user is taken to when they have entered the correct login information. You can change it to whatever you want.-->
 else 
 {
  load('failure.html'); <!--This is the page the user is taken to when they have entered the incorrect login information. You can change it to whatever you want.-->
 }
}
function load(url)
{
 location.href=url;
}
</script>

--------------------------------------------------------------------------
Thats it! Enjoy!

 

[Daniel]

I don't mean to be rude but Javascript for a secure area is suicide :imho:.

 

[-NC-]

Anyone considering using this should be warned that it can be bypassed by anyone who knows how to view the html source of a page.

 

[mike1023]

right on i agree! Maybe i didn't make my warning clear enough on it

Everyone please know that this is ALL client side so anyone with knowledge of pretty much anything development related could look at the source and see the code to enter the access area.

I would only use it for friendly sites that are not needed to be protected in a "unaccessible" way. Otherwise use a server side script PHP or something similar.

 

[Daniel]

Here's a half-assed attempt by me. You'd need to check on the page it goes to that the details are correct.

<?php 

define("ADMIN", "danltn");
define("PASSWORD", "password");
define("CORRECTPAGE", "randomfile.php");

$page = $_SERVER['PHP_SELF']; 
if(isset($_GET['out'])) { setcookie("pass","NULL"); setcookie("admin","NULL"); header("Location: $page"); exit();  }
if(isset($_POST['pass'])) { setcookie("pass",md5($_POST['pass'])); setcookie("admin",md5($_POST['admin'])); header("Location: $page?fail"); }
if($_COOKIE['pass'] == md5(PASSWORD) && $_COOKIE['admin'] == md5(ADMIN)) { header("Location: ".CORRECTPAGE); } 

?>
<div align="center">
<div style="width:400px;background-color:#DDA;padding:25px;" align="center">

<form action="login.php" method="POST">
<h1 style="font-size:20px;">Login</h1>
<?php if(isset($_GET['fail'])) { echo '<span style="padding:10px;"><u>Username</u> or <u>password</u> were incorrect.</span> <br /><br />'; } ?>
Username: <input style="font-size:18px;" type="text" name="admin" /><br /><br />
Password: <input style="font-size:18px;" type="password" name="pass" /><br /><br />
<input type="submit" name="submit" value="Login"  style="font-size:18px;" />
</form>
</div>
</div>

 

[mike1023]

nice one!