Need help with password protection!

Hi,

I am making a homepage and a certain part of it should be password protected, I found some free JavaScripts that could help, but unfortunately I had to merge two to get a fairly good protection. (Well, the one I use had the actual password in the source code, which is pretty pointless if you ask me!!!)

But I don't know ANYTHING about JavaScript (all I did was put one and one together which got me quite far, although I don't really understood what I did) So, now here's the problem:

if (username=="test" && password=="test") { window.location="test.htm"; done=1; }

This is the command that then opens the new page. I need it to do two things, the "test.htm" should be the value of a form field called "url" and it should only affect a frame.

PLEASE HELP ME!!!

And always remeber, I know NOTHING about JavaScript!

------------------

When you want good protection of your pages, CGI or ASP-scripting is almost inevitable. However, there's a way protect specific pages with some simple JavaScript. I used it once my self and I seems to be quiet effective.

just make a page (e.g. index.htm) with the following code:

function loadpage(){
newwin = window.open(document.form.pwd.value + ".htm", target="_self") }

In the page there is a form called "form"
with an object called "pwd" (password box).
Beside the pwd-box, you should place a button
with the following event handler:

onClick='loadpage()'

The page you want to protect should have the name of the password you choose. So, if you want the password to be "letmein" the filename of the page must be "letmein.htm".

Most http server search for an index.htm(l) when opening a specific folder. That ensures you that people can't snoop around the folder like an FTP-directory, an then figure out which files are located in the folder.

Grtz

Faz.

Well, thanks, I got that problem solved myself, but this idea isn't even that bad, I might do that.

The way I do it right now is that you simply enter a pessword and username, and if both are compared to the desired combination that is written in the source code, becasue that isn't really save I encrypted the password, once you enter the password it will too be encrypted and THEN compared to the one stored in the source code.
I know it's not the safest, but since it's kinda hard to get the encryption code out of the source code it should work...
(And then, the page isn't TOP SECRET anyway...)
Well, thanks again for helping!
As for the CGI, you know were I can find some good scripts?

------------------

good scripts can be found at:

http://cgi.resourceindex.com/Programs_and_Scripts/Perl/

Thanks! I'll check it out! (Especially since my script wasn't NEARLY as good as I thought, I send it to a friend, and well, let's just say all he did was laugh!!!)
Btw, is there a way to make a JavaScript into a file that then is only EXECUTED and not read?
Then I could set the chmod of the file so it can only be executed and not read, which would make it harder to crack...

------------------

I've been thinking, wouldn't it be possible to just get the source code of a JavaScript password-protected page, paste the code into NotePad, edit out the JavaScript password protection, change any relative links to absolute, and enter the page from the newly edited file? Kind of requires password protection to be a CGI or ASP thing in order to be completely protected.
Could that be done?

Well, I stopped working on a JavaScript protecting. I started working on CGI and Perl, and while it's not YET working it's MUCH saver than JavaScript.
If it's done and works fine I might make it available to the public. (All scripts I found basically weren't what I was looking for, they left no room customization.)
Well, I'll drop a note if it's done and available...

------------------

aren't you able to simply use .htaccess files to restrict access???

Well, unfortunately the server I have to work on doesn't support .htacess, so I'll have to come up wiht something else which is still pretty save URL

------------------

In my forum we had quite a bit of discussion using JS for password protection. One person created what he thought to be an unbreakable password script but hence we cracked it. He tried another shot at rewritng it and none of us could crack it. It uses JS and encryption and cannot be easily cracked. He has made the script available for download. Ill refer to one of the post in my forum at WSabstract:

http://wsabstract.com/ubb/Forum1/HTML/002980.html

Spookster