/    Sign up×
Community /Pin to ProfileBookmark

Incorrect password protection code

Copy linkTweet thisAlerts:
Feb 01.2008

Hi all

I’m no programmer, but I need some simple password protection for one of my web pages. I copied the code below from a ‘javascript site’, but it does not work correctly.

Whether the correct p/word is typed in or not I am directed to my [url]http://********.com/Diary.htm[/url] page, wheras I only want to be directed there if the p/word is correct. Back to homepage if not etc.

Could someone please take a look at the code and point me in the right direction, thanks.

Sawsmith

<html>

<head>
<meta http-equiv=”Content-Type”
content=”text/html; charset=iso-8859-1″>
<meta name=”GENERATOR” content=”Microsoft FrontPage 4.0″>
<title>rer</title>
<script>
//we will first ask the user if he wold like to countinue into this restricted area
var p=confirm(“This site is password protected. Do you still want to enter?”)
if(p){
var ans=”learner”
var pass=prompt(“What is the password?”)
if(pass!==ans)
{
alert(“Never mind. You will now be transfered back to our website”);
window.location=”http://********.com/”}
else{alert(“Your in”);}
window.location=”http://********.com/Diary.htm”}
</script>
</head>

<body bgcolor=”#FFFFFF”>
</body>
</html>

to post a comment
JavaScript

11 Comments(s)

Copy linkTweet thisAlerts:
@gtzpowerFeb 01.2008 — Sometimes it helps to tab things out. your window.location="http://********.com/Diary.htm"; call was outside of the if statment. On a side note, this is VERY insecure so only use it if you don't care who sees the password protected page

[CODE]<script>
//we will first ask the user if he wold like to countinue into this restricted area
var p=confirm("This site is password protected. Do you still want to enter?");
if(p){
var ans="learner";
var pass=prompt("What is the password?");
if(pass!=ans)
{
alert("Never mind. You will now be transfered back to our website");
window.location="http://********.com/";
}else{
alert("Your in");
window.location="http://********.com/Diary.htm";
}
}
</script>[/CODE]
Copy linkTweet thisAlerts:
@sawsmithauthorFeb 02.2008 — Dear gtzpower

Thank you very much for your reply which has achieved exactly what I wanted. You have sorted out my problem instantly.

This is very much appreciated, thanks again.

Sawsmith
Copy linkTweet thisAlerts:
@LeonsbuddydaveFeb 02.2008 — I've noticed that repeated prompts and alerts tend to annoy users. If you want a mildly insecure way of doing it(which it will be anyway if you are using JS) than maybe try this:
<i>
</i>&lt;html&gt;
&lt;head&gt;
&lt;script language="javascript" type="text/javascript"&gt;
function LogIn() {
loggedin = false;
var user = document.login.usernamebox.value;
var pass = document.login.passwordbox.value;
if (user=="Username" &amp;&amp; pass=="Password") {
loggedin = true;
document.location = "http://google.com/";
}
else {
loggedin = false;
alert("Login Failed.");
}
}
&lt;/script&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;form name="login"&gt;
Username: &lt;input type="text" name="usernamebox"&gt;&lt;br /&gt;
Password: &lt;input type="password" name="passwordbox"&gt;&lt;br /&gt;
&lt;input type="button" value="Log In" onClick="LogIn()"&gt;
&lt;/body&gt;
&lt;/html&gt;

It uses text boxes instead of prompts to avoid irritating the user. Hope it helps! Although, keep in mind that if you really want anything truly protected, you will have to use PHP or some other server side language.
Copy linkTweet thisAlerts:
@berkleyApr 11.2008 — Hi all

I'm no programmer, but I need some simple password protection for one of my web pages. I copied the code below from a 'javascript site', but it does not work correctly.

Whether the correct p/word is typed in or not I am directed to my http://********.com/Diary.htm page, wheras I only want to be directed there if the p/word is correct. Back to homepage if not etc.

Could someone please take a look at the code and point me in the right direction, thanks.

Sawsmith

<html>

<head>

<meta http-equiv="Content-Type"

content="text/html; charset=iso-8859-1">

<meta name="GENERATOR" content="Microsoft FrontPage 4.0">

<title>rer</title>

<script>

//we will first ask the user if he wold like to countinue into this restricted area

var p=confirm("This site is password protected. Do you still want to enter?")

if(p){

var ans="learner"

var pass=prompt("What is the password?")

if(pass!==ans)

{

alert("Never mind. You will now be transfered back to our website");

window.location="http://********.com/"}

else{alert("Your in");}

window.location="http://********.com/Diary.htm"}

</script>

</head>

<body bgcolor="#FFFFFF">

</body>

</html>[/QUOTE]


I found and was using this code and i found that there is an alert, then a okay or cancel window, then a password window I found that with the okay or cancel window if you click cancle then it leaves you on the "password protected page" that the code is on! I am using code from Leonsbuddydave but I was wondering if some one could fix that bug so that I could you this one better because I like the format better, and could you also take out the first "alert" please =) I am a bit of a n00b sorry if I am asking WAY to much. Ionly program in basic ish HTML and now scripts or java script.
Copy linkTweet thisAlerts:
@felgallApr 11.2008 — Just remember that if you use JavaScript to 'password protect' the page then all someone has to do is view the page source to find out the password. The only JavaScript method that negates that is where the entire page uses a two way encryption method where the password is the decryption key.
Copy linkTweet thisAlerts:
@berkleyApr 12.2008 — can you show me how to do that?
Copy linkTweet thisAlerts:
@felgallApr 12.2008 — Take a look at http://javascript.about.com/library/blencrypt.htm

On that page I have a copy of a two way encryption algorithm that I amaged to compress down to 6.6k (1/3 the size the script had when the original author wrote it). To use it to password protect page content you would feed the entire page content Through the encryption process the way I do with the text 'Happy Birthday' in the example. The ciphertext is the encrypted content that you put in the page source. The key is then the password that you need them to enter in order to run the decrypt step. If they enter the wrong password the decrypt will fail to produce a readable web page. Only someone who knows the value to enter as the key can decrypt the ciphertext back into the plaintext to display as the web page.

This is the only script I have come across that uses a proper encryption method for encrypting the content. All of the other methods I have seen use a simple substitution of some sort that is easily cracked by examining the JavaScript code in the page.
Copy linkTweet thisAlerts:
@Angry_Black_ManApr 12.2008 — fel, how recently did you write that article?
Copy linkTweet thisAlerts:
@berkleyApr 13.2008 — how do you make the encryption work?
Copy linkTweet thisAlerts:
@Angry_Black_ManApr 13.2008 — fel's article doesn't make it straight forward at all. the process may have been compacted, but the writeup is highly convoluted as berkley's inquiry would show.

if you do ever get it working berk, use it sparringly. the larger the page (and it doesnt have to be very large to meet this criteria), the longer it takes to encrypt and subsequently decrypt the page.

heres a speed tester which illustrates my point.
Copy linkTweet thisAlerts:
@felgallApr 13.2008 — Actually using JavaScript to generate the web page will mean that a percentage of your potential visitors will not be able to visit the page at all. I consider the 6.6k that I got that code down to as being barely small enough to make it practical to use it to encrypt a very small web page while the original code that I compressed that from I would consider to be too big to use at all and that is the only script that I have ever seen that would make password protecting a web page using JavaScript possible such that it would be as secure as if the password protection were provided using minimal server side code.A short server side password protection script would be far more secure than any client side password protection since except if you use a proper two way encryption process to encrypt the entire content using JavaScript, and password protection applied using JavaScript can be relatively easily bypassed (and the original 21k script that I compressed to produce the script on that page is the only two way encryption script that I have ever found that was written in JavaScript and is itself relatively short compared to the amount of code that is often required by such scripts).

The intention of the page that I wrote was primarily intended to demonstrate that password protecting a web page using JavaScript is possible but extremely impractical. If you want to password protect web pages then a server side solution is a far more straightforward and simpler way to go, plus it will work even where JavaScript is disabled.
×

Success!

Help @sawsmith spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.6,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...