|
|
Password protected Web pagesA reader asks:
How do you think that i could make a login page with a password using CGI script?There are two main ways to create a password-protected Web area...
One solution is using hooks in the web server (usually Apache) and the other is, well, with the common gateway interface...
For an Apache-based solution, your avenue is the .htaccess file that you drop into a directory you want to password protect. Most web hosting providers have instructions on how to set this up and create accounts for people to access the subdirectory. it's the preferred solution, and how I do it when I need to protect an area of a site. here's a geeky sort of page with more information on this. If you want to do this with CGI, I'd approach it by having a small HTML page that prompts for a login and password pair, then feeds that to a CGI script that chops the QUERY_STRING into two parts, then simply compares them to a known set of account fields. If there's a match, the program outputs a specified source file (perhaps "logged-in.html"), and if the match fails, the program outputs an error message. This should be quite easy to whip together in Perl or even as a Unix shell script.
Related HTML, JavaScript and Web Site Programming articles:
✔ How to Create Predefined Google Image Search Links?
Thanks for the Amazon URL [see Creating Amazon Search Links]. That worked beautifully. In fact, I sent you $5.00 for coffee in thanks....
✔ Can I embed a Facebook search box on my blog site?I've seen your articles about how to add a Twitter or Google search box on a Web page, but I have a tougher...
✔ Can I use CSS for drop shadows on my blog?I want to give my site a bit of a facelift and add some neat graphical elements. One of which is drop shadows....
✔ How can I embed interactive photo panoramas on my site/blog?I read through your blog entry about how to take panoramic photos with iOS 6 and an iPhone 5 and got enthused. I've...
✔ How can I create a Twitter search URL shortcut?I'd like to add a few Twitter search links to my Web site. Is that possible, or does Twitter prohibit this sort of...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Categorized:
HTML, JavaScript and Web Site Programming
(Article 3649,
Written by Dave Taylor)
Tagged: Previous: PPPD question for Solaris Next: Changes and updates to "Learning Unix for Mac OS X"? Reader Comments To Date: 12Jeff Cogswell said, on June 25, 2003 12:03 PM:
Also, regarding the password, if you want to add a level of security, you can use a one-way encryption (e.g. DES or MD5) and save the encrypted password in the database upon signup. Then when the user later logs in and enters a password, encrypt it first, and compare the encrypted one to the saved encrypted one. That way you don't have to save the unencrypted passwords on the site. (However, the reality is if somebody can get to the database to see the encrypted passwords, they can also probably get to the "secret pages" so I'm not totally convinced this is even necessary.) Dave Taylor said, on June 26, 2003 11:44 PM:
Those are great observations, Jeff. Thanks. Your idea of storing the encrypted password is particularly valuable because it's exactly how Unix does it: the password for each account is stored in /etc/shadow (it used to be in /etc/passwd, but I hope that there isn't a single shipping Unix or Unix-like system that still has it there) as an encrypted string. Even more interestingly, the encryption has a random two-letter 'salt' or rotation initializer, so that when a new password is entered and wants to be compared to the existing password, the new value must be encrypted using the existing salt as the key. It means that you can have programmers write password-protected programs without them knowing any of the passwords. A neat trick! However, that's probably a bit far afield for a simple web page protection link, eh? :-) Jeff Cogswell said, on June 28, 2003 4:14 PM:
Yeah, I used that kind of encryption on my site, and after all was said and done, I kinda wondered why. What was the big deal? For simple web sites, I think storing the plain-text passwords in the database is probably easiest, because if people forget their password you can email it to them. :-) Jonathan said, on September 28, 2003 5:23 PM:
I'm a 12 year old kid learning html and all that web stuff. Can you brake down how to make a password protected site in a way that I can understand, please. Thanks Dave Taylor said, on September 29, 2003 10:41 PM:
Thanks for your posting, Jonathan! As you suggest, it's a bit more complex, but you might be surprised that it's not completely baffling. The first step: ask your web hosting provider for information on what they've set up, if anything. Secondly, search for .htaccess in any of your directories: if you have that, you probably have a password-protected directory. Also check out the quite good Apache htaccess tutorial, which you can find at: http://httpd.apache.org/docs/howto/htaccess.html matt said, on November 17, 2003 2:11 PM:
so can you guys show me the html and cgi script needed in order to get this on my webpage without having to call up my service provider and getting a directory? you can e-mail it to me. thanks riff said, on July 7, 2006 10:43 AM:
hi Dave, I have an account with clickbank.com and want purchasers of a private part of my site to get a password etc. riff said, on July 9, 2006 8:46 PM:
Hi Dave again, Iv done alot of learning since my last post. using php pages i can 2) check if the purchase was successful with php validator code in result.php. 3) if purchase is good, use the php 'include' command inside result.php to display password and passname from another php page (ie home/secret/passwords.php) (the 'secret' directory being password protected) 4) if no sale, echo a "sorry mate" message to web page instead of password. The key thing is ... sorted :-) just thought this might help someone im testing php pages on my own pc with both have extensive help and websites anonimous said, on December 18, 2006 2:48 AM:
hello, is there such a html code whereby when someone goes into your blog, there would be a pop up that asks the user to enter a password? chandru said, on April 4, 2009 12:17 AM:
dave please help in hosting a ASP.net web application , i have created my website in ASP.net but i dont know how to host it please help me studiocazo said, on May 11, 2009 5:44 AM:
thank
I do have a comment, now that you mention it!Check This Out Too... |
Recent Entries
Look for Answers
Recommended
All Our Categories
Apple iPad Help
Articles and Reviews Auctions and Online Shopping Blogs and Blogging Building Web Site Traffic Business and Management Computer and Internet Basics d) None of the Above Facebook Help Google Gmail Help Google Plus Help HTML, JavaScript and Web Site Programming Industry News and Trade Shows iPhone and Cell Phone Help iPod, Sony PSP and MP3 Player Help Kindle Fire Help Mac OS X Help Pay Per Click (PPC) Advertising Pinterest Help Search Engine Optimization (SEO) Shell Script Programming Tech Support Video Help The Writing Business Twitter, LinkedIn and Social Network Help Unix and Linux Help Video Game Tips and Help Windows PC Help Find Me on Google+ ADT on G+ |
One thing that a lot of people overlook that I recommend is that you can include on the HTML page containing the form a set of JavaScript functions that check the validity of the data before allowing it to be sent out. For example, on a signup form you can use some of the well-known regular expressions to make sure the email address has the correct format. (I've had AOLers on my site not realize they need to include @aol.com, and this helps fix that.) And in the signup form you can also make the user type the password twice, and use JavaScript to make sure they match. That helps reduce typos. (In general I'm not big on JavaScript, but for little things like this I think it's ideal; why make the server test that an email has the right format and the two passwords match?)