Need website help

vaulter721 · 03-03-2006, 04:32 PM

I just designed my first website and it is nearly finished. I decided to create a password protected page so only certain people could view it. I used a javascript for the login page which links to a success page and a failure page. The problem I am running into is when someone is on the login page if they view the page source they can see the login and password information.

Is there a way I can make that section of the code invisible to everyone but myself??

I don't really want to create an .htaccess page like others have suggested, because I like the way this one works.

Thanks for any help!

cycledesign · 03-03-2006, 04:42 PM

I don't primarily work in the web area but couldn't you create a file that can only be read by the server and have the javascript load the username/password from that file so it's not available to the user?

If not, all I can recommend is a simple PHP solution or something.

Hagios · 03-20-2006, 11:00 AM

http://www.google.com/search?q=.htaccess

Hope you're using Apache. I have NO clue if IIS supports htaccess files (can't imagine that it doesn't, though...)

Maichena · 03-20-2006, 12:09 PM

Unfortunately, since you're using Javascript, there is no way of preventing the user from viewing the source. It's a client-side script, which means the source is downloaded onto the user's computer before it is executed. Unless you're using Ajax (that's another can of worms), it's probably not possible to prevent the user from viewing source.

Even if you use:
<script language=Javascript src="/login.js"></script>
users can view it by downloading the js script.

Disabling the right click to view source won't stop them from going to the menu bar and viewing the page source.

htaccess will be the easier and a more secure way to do it.

Mr. Lesbian · 03-20-2006, 12:14 PM

If your server doesn't have scripting... here is an easy but effective alternative.

http://javascript.internet.com/passw...keeper-in.html

Quote:

How to Determine Your Password:

The password for that password protection script isn't actually in the
code, it's just the filename of the protected page without the .html ending.

For example, if your protected file is called 'secret.html' the password
would be 'secret' (without quotes). It's relatively simple, but it works!

Also, make sure that that you have an 'index.html' page on your site, to
prevent people from defeating this script by getting your directly listing.

bush · 03-20-2006, 12:23 PM

.htaccess files and some elementary PHP scripting.

Hagios · 03-20-2006, 12:33 PM

Mr. Lesbian, that's the sort of protection that anyone intent on getting pas, can in a matter of moments.

One way to do it, if you are intent on using javascript, would be to check passwords the same way Unix systems do. Use a one-way hash, and check passwords, after having been hashed, against known values. Information on the most common algorithms (MD4, MD5, SHA-1) in JS can be found at http://www-adele.imag.fr/~donsez/cou...js_securehash/