password protected area script

[colourcube]

Hi everyone,

I'm a fresh web designer and I'm trying to put up my portfolio web site, but there is a section on the site that I don't want people to access without a password. I found this free script but it seems to show the password right in the script when you view the source. It there any way to hide the password? Any help would be appreciated. Thanks!

<SCRIPT LANGUAGE="JavaScript">
function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
if (username=="guest" && password=="login") {
loggedin=true;
window.location="home-page.html";
}
if (username=="guest2" && password=="login2") {
loggedin=true;
window.location="secure.html";
}
if (loggedin==false) {
alert("Invalid login!");
}
}
</SCRIPT>

[pyro]

Here's some code for you to try out...

Your login form...

Code:

<form method="post" action="passwordreader.php">
  <table>
    <tr><td><b class=rng>Username:</b></td><td> </td><td><input type="text" name="username"></td></tr>
    <tr><td><b class=rng>Password:</b></td><td> </td><td><input type="password" name="password"></td></tr>
    <tr><td colspan="3" align="center"><input type="submit" value=" Submit "></td></tr>
  </table>
</form>

And now make passwordreader.php:

passwordreader.php

PHP Code:

<?PHP

# Change the below lines to the results that makepass.php gave you
#
$user = 'yourencryptedusername';
$pass = 'yourencryptedpassword';
#
# Change the above lines to the results that makepass.php gave you

if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass)
{
setcookie ("verified", true);
header ("Location:[url]http://www.yoursite.com/dir/page.htm[/url]");
}
else
{
echo ("Incorrect Password");
}
?>

Now make this file and name it protect.php

protect.php

PHP Code:

<?PHP 

# Protect page from being called directly from web browser 
$back = "<form><input type='button' value='< Back' onclick='history.back()'></form>"; 
$acc_denied = "<h3>Access Denied</h3>".$back; # you could add a link to where users can login here... 
if (!isset($_COOKIE["verified"])) { die($acc_denied); } 

?>

Now, insert this at the very top of all your pages...

PHP Code:

<? include_once("protect.php"); ?>

And, lastly, make a file named makepass.php and use it to make your username and password, which you will insert in passwordreader.php... Once you have made the encrypted usernames/passwords, you can remove from your server.

makepass.php

PHP Code:

<?PHP
if ($_POST['showvalues'])
{
echo 'User: ' . md5($_POST['username']);
echo '<br>Password: ' . md5($_POST['password']);
}
?>

<form method="post" action="makepass.php">
  <table>
    <tr><td><b class=rng>Username:</b></td><td>&nbsp;</td><td><input type="text" name="username"></td></tr>
    <tr><td><b class=rng>Password:</b></td><td>&nbsp;</td><td><input type="text" name="password"></td></tr>
    <tr><td colspan="3" align="center"><input type="submit" value=" Submit " name="showvalues"></td></tr>
  </table>
</form>

If you need any help, let me know. Remember to rename pages that are being password protected to .php...

[colourcube]

Thanks pyro! I'll try it out.

[colourcube]

I did okay up until the part where you have to insert that line at the very top of all my pages.

Does that go on all the php pages I created or on the protected pages?

Also how do I generate the encrypted username and password using the encrypter.php.

Sorry it's my first time using php

[pyro]

Originally posted by colourcube
Does that go on all the php pages I created or on the protected pages?

It goes on the pages you wish to protect, which need to be renamed to .php...

Originally posted by colourcube
Also how do I generate the encrypted username and password using the encrypter.php.

You just type the username/password in and hit submit. It will show you the generated username/password on the page. If you can't get it to work, us this: http://www.infinitypages.com/scripts/encrypter.php

[colourcube]

thanks pyro. youre the best

[neenach2002]

What if I don't have .php support?...what do I do then?...and I DON'T want the username function

[pyro]

You pick some other serverside language...

[neenach2002]

what about getting rid of the username...sorry...i'm not yet familiar with PHP coding yet...

[neenach2002]

nevermind about the username thing...I can just make it so that it is on the page...or maybe there is a way to put the username into the box automatically?

[neenach2002]

now...I just need to figure out how to get the redirect script to work...or maybe I can use a cookie? thanx for the great help!

[meathane]

hey pyro, all that script seems to work, sort of, but...

i create a username and password using the makepass.php, then with the code it gives me, i put that into passwordreader.php. now when i got to my index page and type in the username and password [not the massive line of code, just like the words i chose] it goes to the page i want it to [encript.php that kinda thing] but says 'access denied'. i know it works cos if i just type any old password it says 'incorrect password' so the passwordreader it recognising that ive typed the right password, but it wont let me view the page, its just like typing in the address '...ltd.uk/encript.php'. somehow the browser needs to sort of unlock the encript.php so i can see the page normally but know that ive typed the correct password. i think it might be something to do with this bit in the passwordreader.php...
'...{
setcookie ("verified", true);
header ("Location:encript.php"); ***<-- this bit***
}
else....'

im not sure tho
also when u say 'it goes at the very top of the pages' do u mean like this...

so this is the encript.php
'<? include_once("protect.php"); ?>


<html>
<head>
<title>User Area</title>
<style>....'


thanks for any help

[pyro]

It sounds like you did everything right. Do you have cookies enabled? Can you post a link so I can check if it works for me?

[meathane]

the page is http://leto.ltd.uk/index2.html the form is at the bottom. the password n stuff i made from makepass.php is
username: greg
password: test

it goes to the leto.ltd.uk/encript.php but just says access denied...

cheers

if its any help, here are my phps...

protect.php
<?PHP

# Protect page from being called directly from web browser
$back = "<form><input type='button' value='< Back' onclick='history.back()'></form>";
$acc_denied = "<h3>Access Denied</h3>".$back; # you could add a link to where users can login here...
if (!isset($verified)) { die($acc_denied); }
if (!$verified) { die($acc_denied); }

?>

passwrodreader.php
<?PHP

# Change the below lines to the results that makepass.php gave you
#
$user = 'ea26b0075d29530c636d6791bb5d73f4';
$pass = '098f6bcd4621d373cade4e832627b4f6'; ***this is the code by typing 'greg' and 'test' into makepass.php
#
# Change the above lines to the results that makepass.php gave you

if(md5($_POST['username']) == $user && md5($_POST['password']) == $pass)
{
setcookie ("verified", true);
header ("Location:encript.php");
}
else
{
echo ("Incorrect Password");
}
?>


makepass.php
<?PHP
if ($_POST['showvalues'])
{
echo 'User: ' . md5($_POST['username']);
echo '<br>Password: ' . md5($_POST['password']);
}
?>

<form method="post" action="makepass.php">
<table>
<tr><td><b class=rng>Username:</b></td><td>&nbsp;</td><td><input type="text" name="username"></td></tr>
<tr><td><b class=rng>Password:</b></td><td>&nbsp;</td><td><input type="text" name="password"></td></tr>
<tr><td colspan="3" align="center"><input type="submit" value=" Submit " name="showvalues"></td></tr>
</table>
</form>



encript.php [this is just normal html but with that line at the top..
<? include_once("protect.php"); ?>
<html>
<head>
<title>User Area</title>
<style>
td{
font-family:arial;
font-size:9pt;......

[metrosoccer12]

well i have another problem with this... it seems when i enter thhe correct password it brings me to the access deided page i havent changed anything in that code but do you think changing the other code affects this one?

protect.php

PHP Code:

<?PHP

# Protect page from being called directly from web browser
$back  = "<form><input type='button' value='< Back' onclick='history.back()'></form>";
$acc_denied = "<h3>Access Denied</h3>".$back; # you could add a link to where users can login here...
if (!isset($verified)) { die($acc_denied); }
if (!$verified) { die($acc_denied); }

?>