Since this is so popular and simple, yet people somehow still have problems getting it to work, I've also added a VBScript file you can run, which will prompt you for the username, password, and URL of the protected page.
It will then create the javascript password file for people unfamiliar with javascript. All you need to do then, is put the password file in the same directory as login.htm and auth.htm.
The URL is not validated, so if the resulting password file doesn't work, you probably typed the URL wrong.
The .zip file is attached to this message.
Just double click on the "PasswordHelper.vbs" VBScript file and follow the instructions to create your password file(s). You need to run this file locally, and then upload the password file(s) to your website.
This file is safe to run. If you get any warnings, or are concerned, you can open the .vbs file with notepad, and make sure that the code matches the following:
Code:
Option Explicit
Dim UserName, Password, RedirectPage
Dim fs, f
While NOT IsAlphaNumeric(Username)
If Username <> "" AND NOT IsAlphaNumeric(Username) Then
MsgBox "Username must be alphanumeric, without spaces!",16,"Password Helper"
End If
Username = InputBox("Enter Username:","Password Helper")
Wend
While NOT IsAlphaNumeric(Password)
If Password <> "" AND NOT IsAlphaNumeric(Password) Then
MsgBox "Password must be alphanumeric, without spaces!",16,"Password Helper"
End If
Password = InputBox("Enter Password:","Password Helper")
Wend
While RedirectPage = ""
RedirectPage = InputBox("Please enter the URL of the password protected page:","Password Helper")
Wend
Set fs = CreateObject("Scripting.FileSystemObject")
Set f = fs.OpenTextFile(LCase(Trim(Username)) & LCase(Trim(Password)) & ".js",2,True)
f.WriteLine("auth = true;")
f.Write("redirect = """ & RedirectPage & """;")
Set f = Nothing
Set fs = Nothing
MsgBox "Password file created!",0,"Password Helper"
Function IsAlphaNumeric(str)
Dim ianRegEx
Set ianRegEx = New RegExp
ianRegEx.Pattern = "^[a-zA-Z0-9]+$"
ianRegEx.Global = True
IsAlphaNumeric = ianRegEx.Test(str)
End Function
__________________
Former ASP Forum Moderator - I'm back!
If you can teach yourself how to learn, you can learn anything. ;)
very cool idea, the whole client side password protection thing-- personally ill stick with server side, but for using javascript thats amazing. the only other script ive see that would do that is one that encoded the passwords.
anyway, just a few things anyone who has that might want to try:
1. Try using cookies. Have it check the cookie, and if either the cookie doesnt exist, have it send them off some where in the internet, or have 1000000000000 windows pop up, or just send them to the bad password page.
when it sends you to whatever the user's script(ie, BenastanFool.js), have this at the beginning:
var username = "Benastan"
var password = "Fool"
expiredate = new Date
expiredate.setMonth(expiredate.getMonth()+6)
document.cookie = "username="+username+"; expires="+expiredate.toGMTString()
document.cookie = "password="+username+"; expires="+expiredate.toGMTString()
this way, you can access the username and password for the user in virtually any programming language!!!
2. i can see that you obviously just threw this together, so im just gonna recommend a little style thing for anyone who will use it:
i forgot what else i was gonna say, oops... oh well, if you object to my new formatting for it, tell me, ill only be sad for a bit , if you actually read this entry, thank you for reading it!
No... but it's not correct HTML. What he meant by "..." was put any other attributes there that need to go there, in place of "...".
If you look at the original example code, you'll see what I mean. It works - because it's coded correctly. Better yet, download the .zip file I provided that has the XHTML compatible code and the password helper.
I got Four frames in my website:
1. Meny (left)
2. News (right)
3. Logo (up)
4. Mainpage (in the middle)
my password log in is in the mainpage and when the ppl log in then i dont want the page.htm (the page the ppl come to when they log in correct) only be in the middle beacuse i want to change the Meny (1) and news (2).
My question is can I make the page.htm not framed. I mean so it will be the only page open!
was wondering if anyone knew why I can use this and easily link to any page so long as I use the http://www. . . format, but as soon as I try to link within my site I somehow can't. Why can I not redirect to /Homepage.html for example? This is how I use EVERY other link on my site. . .why is it not working here?
yeh i had the same problem when i was editing the code of the .js file. and me not being a JS person took a while to figure it out. i did eventually find out how to do it.
eg. say you have the login.htm in folder "welcome" and you want to redirect to a folder under "welcome" named "me". open your .js and it should say
auth = true;
redirect = "******.htm";
all you need to do is in the redirect part type
auth = true;
redirect = "me/******.htm";
------Heres an example site structure---------------
____________WELCOME_________
---------------||||||-------------//////:dont mind the "......"
||..........................................||
.js file...................................."me"
login.htm.................................||
.........................................******.htm
when you enter the username and password, login.htm will goto the .js file and look at the { redirect = "me/******.htm"; } when you added the "me/" into the redirect, it will then goto the folder named "me" in the same 'level' and will then look for the page you want to goto.
NOTE: i think the login and .js file has to be in a higher level than the page you want to redirect to.
hopefully i made sence for you.
cheers
AnniHilatE
PS. see the script in action. http://gamingexperts.cjb.net
goto members login and use { User=member, Pass=12345 }
I have very little experience of js,and web design in general,and desp for help.
Looking to create a secure login for a newletter site which will be online hopefully next week. It must be fairly secure for a number of reasons and with the option of user/password change at any time,although probably once a month. THe Whammy vb script was recommended,but I have tried everything to get it working without success.
Downloaded script,set user/password ok. and homepage url.
If I go into the login html file it DOES take me straight into my site,and to test if the wrong user/password is enetered into the login html it will not.
I have a site which will be coming down this weekend,and just trying to test the script on this,so I know what to do when newsletter is up.
Currently it uses index.html as the inital ftp load file. I have tried setting this to login html,tried all js as initial files,but still nothing.
As the login file does not link to my index file,could this be the problem.
I know I am missing something and its probably simple,but desp for some advise.
Well it really depends on your host, if you have access to server side languages, such as php, asp, perl, python, java etc you can do this more securely and with more conventional methods (also not to mention easier to change access lists) but if you don't this would be your alternative.
Before you post, read our: 
, if you actually read this entry, thank you for reading it!
