I need some help with the password protecting a page but i don't want anyone else to enter the page from another place:confused: :confused: Help me please!!!

cheese rollover you should read the posting guidelines (http://www.codingforums.com/postguide.htm) - don't post the same question twice, and please choose an appropriate subject for your thread.

I've given this thread a new title, and deleted its duplicate.

Ignore this post, I was at school and the school computers are crap so the attachment didn't get uploaded.

Well I think you may have deleted my other post in the other thread so I'll post it again.

Here's the script, you can't really fail to notice the new_loc and password variables at the top. They weren't there before because I assumed that you would know what to do.

i need something so nobody can get to my page without going through the password security

I think I know just the thing for you but it's going to take me until tomorrow for me to make it.

thanx:D :thumbsup:

like the thing i need is to stop everyone from entering to my site with out passing throu my pass protection go to http://www.geocities.com/pedosho/numberpass.html (the password is 14161). To see what i mean so i don't want anybody from just looking at the page where it's going and then just going to it, then try just going to http://www.geocities.com/pedosho/index2.html:mad:
I mean they could just go to http://www.geocities.com/pedosho/index2.html:

OK, here's a password protection script that uses cookies to keep the user logged in. The cookies will auto delete after 15 mins, (you can change that if you want), but the timeout will reset when a new page is loaded.
The default password is "password", you can also change this. There are two dummy pages, try opening these before and after logging in.

A better option would be to use server side code to log users in, then those without JavaScript could log in to your site. If you want I could help you out with a simple ASP script. I say simple because I'm just starting out but I figure if I put my mind to it I could throw one together.

thanx that would be great
:thumbsup:

OK, I'll have one by tonight, but you would need to be using a host that supports ASP, (Active Server Pages), because the script will be run on the server.
Currently I'm designing a site (http://www.websamba.com/testorg) that uses ASP on websamba.com (http://www.websamba.com). They're a free host but I won't be using them when I finally launch the site. (They have advrets on their pages).

OK, here you go. This is the password script, I've also uploaded it to my web-site so that you can see it working.

There are two dummy pages and an index page, their addresses are:

http://www.websamba.com/testorg/asp/index.asp
http://www.websamba.com/testorg/asp/dummy_page_1.asp
http://www.websamba.com/testorg/asp/dummy_page_2.asp

If you go to either of the dummy pages you'll be redirected to the index page until you sign in. Depending on the server you use, the user will have to log back in if they have been inactive on your web-site for 10-20 mins.

My webhost doesn't acept asp and i don't get that thing on http://www.websamba.com, so is there a way of changing the script so I can use that thing without using the asp?

Absolutely, just translate it into some other server side language. But I think the question that you were really asking was, "Can I have a secure password login without using server side code?"
Well the answer to that is no. All client side login scripts are reasonably easily cracked to those with a little know how.

I'm sure if you looked hard enough you could find a decent web-host that supports ASP and doesn't cost that much. I found one, United Hosting (http://www.unitedhosting.co.uk/), I will be transferring to them soon enough.

a CGI solution for password is by far the best solution. Pure JavaScript code offers a weak protection for a medium/good JavaScript programmer.

Take a look at this thread (http://forums.webdeveloper.com/showthread.php?s=&postid=91121) in a different set of forums.
I think I'm losing an arguement quite badly with Jeff Mott, but there is a thread about JavaScript protection buried under all that.

And you can see another one thread even here, on a paralel discussion:

http://www.codingforums.com/showthread.php?s=&threadid=26229

Pure JavaScript code offers a weak protection for a medium/good JavaScript programmerThe only time JavaScript cannot offer protection is when the scheme needs to decrypt itself without the user's input, as is done when people attempt to hide their source. Because that means everything needed to retrieve the plaintext is already available.

But JavaScript can offer true security when a password is required from the user to view the content. For example, the page's content can be encrypted (using a *real* encryption algorithm, such as Rijndael) and a derivitive of the password used as the key for decryption.

I see your point, Jeff. Yes, you can build an intricate algorithm or an encrypted suite of function, but, as long as you can not stop someone from viewing a code or a part of the code, the protection seems ilusory to me...

but, as long as you can not stop someone from viewing a code or a part of the code, the protection seems ilusory to meAnd what would you expect to find in the source? The page content is encrypted by an algorithm that even the world's best cryptographers can't break, and the password (key) is supplied by the user (thus not in the source).

The only reason source code cannot be protected is because the decryption process must be automatic. And for that the password *must* be in the source. But that is not the case with a login.

Yes Jeff, we speak the same languages, I do understand, and you are, partially :-) right.

But you trust too much in unbreakable algorithms.

On the other hand, it is not the login name and password problem... it is the link which is open when the login is succesfully passed... How can you hide that link? You can build an intricate algorithm to generate the link, I agree, but still is an open algorithm...

But you trust too much in unbreakable algorithmsIt is the same trust that allows you to send social security or credit card numbers over the internet. These algorithms are in common use in business and government organizations, and have been tested by the very best (and anyone else who just wanted to try their hand). It is as secure as you're ever going to get.it is the link which is open when the login is succesfully passed... How can you hide that link?You don't even need to link at all. Once the content is decrypted you can document.write() it to that same page.

But if you did want to link anyway then the page name would be either the password (which is not in the source) or a message digest of that password (so the URI does not reveal the password).but still is an open algorithmOpen algorithms are generally better. It means that anyone who wishes to can attempt to break it. And everyone can publish their results. For this same reason public algorithms that are poor are quickly broken and scrapped. Algorithms such as Rijndael have passed the most rigorous tests cryptography has the offer.