I'm using the password redirect script found here: http://javascript.internet.com/passwords/multiple-users-source.html

And I tried to hide it with php like in this tutorial: http://www.developertutorials.com/tutorials/php/hide-your-javascript-with-php-050419/page1.html

But the login button stopped working. Does anybody know a way to fix this? I don't need it super secure or anything, just wanna hide it from people who know how to view a page source. Thanks.

Or if this same thing can be done totally in php, that would be great also.

:( first of all it's very unfair to those with javascript disabled. secondly it's impossible to hide the source, even if you set the file to not be cached(which will be a big problem for that code atm). and finaly if you have PHP why not test if the password is correct using PHP rather than javascript? PHP is far better suited and server side, so viewing your source won't reveal any passwords.

if you have PHP why not test if the password is correct using PHP rather than javascript?

Because I don't know how. Can you point me in the right direction? I've found directions on passwording things, but nothing that will secure things and also redirect different users to different places.

try something like this for your PHP<?php
$u = $_POST['username'];
$p = $_POST['password'];
switch($u){
case "username1":
if($p == "password1")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username2":
if($p == "password2")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username2":
if($p == "password2")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;
case "username3":
if($p == "password3")
header("Location: http://www.example.com/path/page.html");
else
die("bad username or password.");
break;

default:
die("bad username or password.");
break;



should be easy to customise, but it is far more efficient to use a database for this sort of thing.

Awesome! How do I put a username and password field into my html page that will call this? I'm a total php newbie.

<form action="YOURPAGEWITHTHEPHPCODEGOESHERE" method="POST">
<p><label for="username">Username:</label>
<input type="text" id="username" name="username" value="" /></p>
<p><label for="password">Password:</label>
<input type="password" id="password" name="password" value="" /></p>
<p><input type="submit" value="submit" /></p>
code shouldn't be too much difference from your previous code.

So for my php page, do I put some kind of "$access = false;" thing in it to keep people from just grabbing the source of that? Or do I need to put it in a private directory?

you don't need to bother with anything like that, PHP is naturaly very secure because it is handled on the server, not the users page. there is no method for the user to see the page without somehow gaining access to your server(possibly via ftp?) and downloading a copy of your files.

it might be worthwhile setting a simple session or cookie with PHP to store the users login info so they do not have to re-enter it every time, but that might require a few edits to almost every page...

When I hit the submit button, it opens a save file window for my php page. What did I do wrong?

are you sure your host supports PHP?
and if so are you sure that the links arn't to files that you would normaly download.

I'm sure I've just messed up the php thing. Yes, my host does support it. Here is what I did. I copied your php and saved it as login.php and then I pasted your html code into my login.html page (changing it to point to my login.php file), then I uploaded both of these into the same folder on my site. When I hit the submit button, it tries to download the login.php file.

this may be the same problem as you had last time, double check that none of your passwords/usernames contain "<?" or "?>", then check that you have PHP enabled(some host's offer PHP, but then demand that you activate it yourself from the control panel, go figure). if neither of these are the problem it may be related to a bug in PHP 4, but that's highly unlikly(the bug caused PHP to ignore certain files)

Now I get this:
Parse error: syntax error, unexpected $end in /home/janedoe/public_html/Jane/frames/login.php on line 32

sorry, add this to the bottom of the PHP page.

};
?>
I kinda forgot about it.

Now I think it works. You rock! Is there a way to keep people from getting other users' folders by typing them in the browser URL bar? Or do I just need to make the folders really hard to guess names like a random string of letters/numbers?

2 methods as I see it, the first is to usr PHP sessions to handle this sort of content, the second is to just use htaccess.

htaccess makes your login script somewhat redundant, but it's usage is significantly effective.

PHP sessions work wonders, simply add:<?php
session_start();
if($_SESSION['uname'] != "PERSONS USERNAME HERE")
die("access denied");
?>to the top of your secret files, then edit login.php page like soLcase "username1":
if($p == "password1"){
$_SESSION['uname'] = $_POST['username'];
header("Location: http://www.example.com/path/page.html");
}else
die("bad username or password.");
break;all your pages will need session_start at the top though in PHP code.

all your pages will need session_start at the top though in PHP code.

can you put that in an html page? And where can I learn about htaccess?

no. you can use htaccess to treat HTML pages as PHP though to save you needing to rename them all and adjust the links.

no. you can use htaccess to treat HTML pages as PHP though to save you needing to rename them all and adjust the links.

Can you point me in the direction of a good htaccess tutorial?

I'm afraid not actualy, I tend to learn by trying and using reference sheets.

best I can recommend is to google it, sorry.

best I can recommend is to google it, sorry.

Okay, thanks.