Passworded Web Page? Anyway I can make one?

[Damen 0]

-Problem solved...I feel like an idiot. Trying to make my own .htaccess files and stuff. Then I got a stroke of genius and decided to look in the cPanel...and behold they have something to do it for you..sorry guys.

You know how we have to log in to a little box thing to get into our cPanel? I was wondering if I could set something up like that for a page I have hosted here. The reason why I want to do it is because if too many people go to my web page from our school the webmaster will end up blocking it(Because he is EVIL! lol). I know I might be able to do something like this with some PHP but that wouldn't block people from directly accessing the web page itself.

So does anyone have any suggestions on how to do this? It would be greatly appreciated!

*edit* -Please scroll down to see my post on what I am have done so far, and isn't working.

Hmm. It seems that I can try to do this with the .htaccess file. Well so says google. So I am going to look into that but I am still welcoming and suggestions! There was a javascript one I found but it wouldn't stop them from access the page if they typed the url in.

Notice from jlhaslip:

Merged posts. Please use the edit feature to add information rather than double posting. thanks.

Edited June 16, 2007 by Damen (see edit history)

[nol 0]

<script language="JavaScript" type="text/javascript">var pass, i;pass=prompt("Please enter password!","");if (pass=="null") {window.location.href="http://forums.xisto.com/no_longer_exists/"+pass+".html";i=4;

}

else

{

alert ("haha, you made it here, but can't go farther!");

}

</script>

change whats in bold to your url, change the .html to .php if thats what the page you want it to go to is in .php, what it does is, if somebody types "acorn" it will redirect that person to "yoursite.trap17.com/acorn.php" ive only tested this in firefox, so idk if it works with any other browser

[Damen 0]

change whats in bold to your url, change the .html to .php if thats what the page you want it to go to is in .php, what it does is, if somebody types "acorn" it will redirect that person to "yoursite.trap17.com/acorn.php" ive only tested this in firefox, so idk if it works with any other browser

But my question before I try this is, will this stop someone from accessing the file by typing in the url path directly?

[nol 0]

no, to do that im pretty sure you should just have a user system , a basic one at that, and then you can have user-protect pages. But still, idk if thats what you want, maybe you could chmod it or something

[Damen 0]

Well I think going about this through the .htaccess will be the best bet, and most secure.

 

I can get the message to pop up but for some reason it won't take the passes I gave it.

 

Here is a link the passworded dir. http://forums.xisto.com/no_longer_exists/ .

 

Here is the code for the .htaccess I have in that dir.

 

AuthName "Restricted Area" AuthType Basic AuthUserFile /pass/.htpasswd AuthGroupFile /dev/null require valid-user

and then I have a folder in the "proxy" dir called pass. That is where my .htpasswd file is at.

 

here is what I have in the .htpasswrd file int he "pass" dir.

(I am not going to put my passwords even though they are hashed. I will only put the example one.

Damen:-censored-Jon:-censored-Josh:-censored-Xisto:3QzQ33Gs8qREU

The password for the Xisto user is test .

 

But for some reason it just doesn't go the the page after you type the username and pass in. The pass dialog box flashes and just clears the values.

 

Any ideas?

Edited June 16, 2007 by Damen (see edit history)

[masugidsk8r 0]

there's a method that lets you do what you want in PHP. There's no need to use or access the .htaccess file. If you know a lil bit of PHP, then tha'ts good. Basically what you hava to do first is to convert the html to php (simple change the file extension from .html to .php). What you do next is to insert this add this script to the top of the "hidden" page:

<? $password = $_SESSION['password'];$secretPassword = "yoursecretpassword";if ($password != $secretPassword) {	 header("Location: http://yoursite.com/passworddidnotmatch.html");}?>

---

Now in the page where the user enters a password, assign the $_SESSION password to the value of the input field. If anyone would like to continue this undetailed tutorial then please do so.

[Damen 0]

I know PHP, but the reason that I didn't want to use it, especially what you put up(No offense) Was because or two or more reasons.1.)People could view that password through "view source code" That is easy to avoid by just using a mySQL database to hold hashed passwords but then come the other problem.2.)Lets say I put that file as "damen.trap17.com/login.php" they go to that to login, but what stops them from just going to the other site via url? Nothing.Plus it is always good to learn some more stuff that you didn't before. Now I know how to do my own Error pages.Thanks for trying to help anyways though!You can see what I have now by going to http://forums.xisto.com/no_longer_exists/ but you will not be able to log in.

Edited June 16, 2007 by Damen (see edit history)

[galexcd 0]

1.)People could view that password through "view source code" That is easy to avoid by just using a mySQL database to hold hashed passwords but then come the other problem.

Uh.. I'm not sure who you are talking to there, but both masugidsk8r and nol's scripts don't show the password anywhere in the source.
In nol's script javascript doesn't contain the password anywhere, the actual page name does, so you cant access the page without genuinely knowing what it is called.

masugidsk8r is all in php, so therefore the password can't be seen in the source... I must have not understood you or something because I'm SURE you knew that php cant bee seen in the source because it is compiled on the server before it is sent to your computer. o_O Bleah why am I explaining that I'm sure everybody knows that...

Edit:

Also you can secure all of the pages on your site with a session. no need to use hta access. Plus with php you can make the login page look however you want it to look instead of a username and password block coming down when you go to a directory that is locked...
Edited June 17, 2007 by alex7h3pr0gr4m3r (see edit history)