Password Protect

[fpecka]

Hello there, hope this is going into the right section.

In my webpage that I've made I have one page that has sensetive information on it that I only want certain people to access. Is there someway I can put like a password on it? So like that when you click on the link that takes you to that certain page it well ask the user for a password in order to access it.

Many thanks in advance for any and all help.

(If you have step-by-step, I need like the idiots version, I'm a very techy person, but I lack a little in the area of web development and have just recently started on it.)

[Twinkie]

Try to password protect the folder which this sensitive information is located in at cPanel->Password Protect Directories. You could also search for a password protecting php script. You will need some server assistance in protecting your files.

[drf1229]

Okay, heres the idiots guide for password protecting a page manually.

First of all, you need two files.
1. The file that has the form (Doesn't need to be PHP)
2. The file that the form gets send to (Must be PHP)

So first you want to create the form in the first file, like so:

Code:

<form method="post" action="The url of the second file">
All of your boxes for inputting data
</form>

Using post is more secretive and doesn't show the input in the URL. If you use get then your inputs will show in the URL.

Moving on...

Next, you need to make the script of the receiving file, like so:

Code:

<?
$password=$_POST["The name of the input you want to read"];
If ($password=="Whatever password "){
//Do this.... and that....

}
?>

Note: To assign an input a name you just do <input name="whatever name" />

Once all is in place it SHOULD work. If you have any further questions feel free to reply. Enjoy!

[ah-blabla]

Okay, heres the idiots guide for password protecting a page manually.

First of all, you need two files.
1. The file that has the form (Doesn't need to be PHP)
2. The file that the form gets send to (Must be PHP)

So first you want to create the form in the first file, like so:

Code:

<form method="post" action="The url of the second file">
All of your boxes for inputting data
</form>

Using post is more secretive and doesn't show the input in the URL. If you use get then your inputs will show in the URL.

Moving on...

Next, you need to make the script of the receiving file, like so:

Code:

<?
$password=$_POST["The name of the input you want to read"];
If ($password=="Whatever password "){
//Do this.... and that....

}
?>

Note: To assign an input a name you just do <input name="whatever name" />

Once all is in place it SHOULD work. If you have any further questions feel free to reply. Enjoy!

That stores the password in plaintext -- not very secure. I would at least use crypt() on it. However the standard method, which you can use to protect all types of files is through htaccess. The cpanel method presumably uses this method to password protect directories. (I'll try put together a tutorial on this soon.)

[drf1229]

That stores the password in plaintext -- not very secure.

What do you mean not very secure? Who could possibly access the code? That scares me :O

[ah-blabla]

What do you mean not very secure? Who could possibly access the code? That scares me :O

Ok, it isn't really "unsecure", but it isn't a good idea to store passwords in plaintext, since there is always a slight chance that someone could *somehow* (you don't run the server, so you don't know how secure it is) get to see the password. If it is encrypted, they can't do much with it, if it isn't, they could cause much more damage. E.g. you might not know they saw the password. In that case, if they have the plaintext password, they can use it to authenticate without you knowing, whereas if they saw the encrypted version, they can't do much. And if you use the same password for other things and they see it you are really %&^*£. (It's basically a damage limitation exercise not to store passwords in plaintext.)

[stpvoice]

I have a html script somewhere that you could actually specify the usernames and passwords in the script, then encrypt it so it can't be read via. view source. That worked well for me until I moved on to a full on CMS system.

[ah-blabla]

I have a html script somewhere that you could actually specify the usernames and passwords in the script, then encrypt it so it can't be read via. view source. That worked well for me until I moved on to a full on CMS system.

I assume you mean javascript, since html isn't a scripting language? That is another method, however such systems can be quite easy to circumvent: my school had something similar, if you didn't know the password you could look at the source to check what page it redirected you to when you got the password correct. Whether or not the password is visible isn't really important, since you can access the actual "secured" content without password.

On a sidenote: I tried using htaccess protection, and it seems to be broken, at least any combinations I tried gave error 404 for any files that were protected, despite the same setup having worked on other servers.