I hope this is the right place for my question...if not, please forgive me, this is my last hope.


I want to use this password script:

<!-- Begin
var password = ''
password=prompt('Please enter your password:','');
if (password != null) {
location.href= password + ".html";
}
// End -->

where you type in the name of the file as the password. So if you type in "secretfile" and secretfile.html exists, it will open. But, if you type in something that does not exist, it will bring you to the generic error 404 page. Yuck. This is a great script because I absolutely do NOT want to put the password into the source, but I don't like the error 404 part. And my server will not allow me to change my 404 page. Does anyone know a way to make it so that if the page does not exist, it sends the user to, say, "denied.html" instead of the error 404?


I tried:

<!-- Begin
var password = ''
password=prompt('Please enter your password:','');
if (password != null) {
location.href=password+".html";
} else {
location.href='denied.html';
}
// End -->


but it doesn't work. Of course, that may have something to do with the fact that I know nothing about Javascript and have searched to no avail as to how to fix it. This is my last hope. I would so very much appreciate it if anyone has a way to fix it.

password: secretfile (case sensitive)<script type="text/javascript" src="http://pajhome.org.uk/crypt/md5/sha1.js"></script>
<script type="text/javascript">
var pwd_in = prompt('Please enter your password.', '');
if (hex_sha1(pwd_in) == 'acfe143d9dc2edfe3af6a4fee89250cc6896233a')
location.href = pwd_in + ".html";
else
alert('Invalid password');
</script>

Thank you for your fast reply, I tried the script you provided, but it did not work. It simply kept me on the page I was at on my site. The thing is, I need a script based on:

<!-- Begin
var password = ''
password=prompt('Please enter your password:','');
if (password != null) {
location.href= password + ".html";
}
// End -->

because it's very important to me that this stays simple, no .js files or anything complicated. I don't want the password to be set either, because I don't want my very smart friends to view the source to figure out what it is. The password should just be the name of the page. The only thing to tinker with is the page one goes to when the password is incorrect (the page does not exist). I just want it to be different than the Error 404 page. Thanks again.

I tried the script you provided, but it did not workI just tested it and it seemed to work fine. Can you be more specific where it is not working for you?It simply kept me on the page I was at on my siteWhen the password was correct or when it was wrong?no .js files or anything complicatedWell then there's not much more you can do and still have it be secure. Though including an external library seems simple enough to me. You don't need to know how it works, only that it does.I don't want the password to be set either, because I don't want my very smart friends to view the source to figure out what it isThe best cryptographers in the world have not been able to crack the algorithm used in my example. Your friends don't stand a chance. ;) The only thing to tinker with is the page one goes to when the password is incorrectThe problem with that is that in order to determine that the way you speak of doing it would require attempting to go to that page. And if it is incorrect then you arrive at a 404 page with no way of redirecting anywhere else. You will have to verify the password before any form of redirection (which is what my example does).I just want it to be different than the Error 404 pageWhere I have alert Invalid password, you could simply replace that with location.href = 'denied.html'.

Thank you, you're right, this script I made just won't work for me. Thank you for your help.

I think that I know the reason why the script wouldnt work:
It was probably because some of the scripts that jeff used were not real places. like "location.href= pwd_in + 'html'" should have been an existing file, such as privatehomepage.html so it would be "location.href = pwd_in + 'privatehomepage.html'" which would bring you to your place.

I still dont understand, though, how that is hidden from other browsers because there is no part of this script that says something like 'hide this script from all browsers' (im not sure thats what you type in) to make sure that it is secure.

so, Jeff i am asking you togive me another code for multiple accoounts. but this time use more examples.

yea im guessing that hex_sha1() is some type of encryption method, sortof like md5, whats happening is that you two dont have the sae file in the encryption... to get the code for a certain page try running this.. (im not sure if it will work only because im not sure if hex_sha1 is actually a premade encryption method)


<head>
<script>
function createEnc() {
var pass = prompt("Please Enter The Password","");
if(pass != null && pass != undefined && pass != "") {
document.pass.source.value = hex_sha1(pass);
} else {
alert("You did not enter a valid password");
createEnc();
}
}
</script>
</head>
<body onLoad="createEnc();">
<form name="pass">
Your Encrypted Password is:<br>
<textarea name="source"></textarea>
</form>
</body>


Then replace the lng password thing in Jeff Mott's Script with the one given to you in the textarea.

oh and also if you do want to use your script you coudl make your own error page. i kow its really easy to do so i think its like error404.htaccess or something or 404.htaccess but if you make a file like that then that will come up instead of the error 404 page. hmm so i dunno if that helps or not but i hope it does somewhat. lol

Originally posted by stoodder
yea im guessing that hex_sha1() is some type of encryption methodWell, it's a hash, which is different from encryption. It also isn't a pre-defined function in JavaScript. Note that Jeff is making a reference to an external JavaScript source file in his previous example which you will need to include somehow to get that kind of functionality.