Password protected Web pages
A reader asks:
How do you think that i could make a login page with a password using CGI script?
There are two main ways to create a password-protected Web area...
One solution is using hooks in the web server (usually Apache) and the other is, well, with the common gateway interface...
For an Apache-based solution, your avenue is the .htaccess file that you drop into a directory you want to password protect. Most web hosting providers have instructions on how to set this up and create accounts for people to access the subdirectory. it's the preferred solution, and how I do it when I need to protect an area of a site. here's a geeky sort of page with more information on this.
If you want to do this with CGI, I'd approach it by having a small HTML page that prompts for a login and password pair, then feeds that to a CGI script that chops the QUERY_STRING into two parts, then simply compares them to a known set of account fields. If there's a match, the program outputs a specified source file (perhaps "logged-in.html"), and if the match fails, the program outputs an error message.
This should be quite easy to whip together in Perl or even as a Unix shell script.
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Reader Comments To Date: 12
Also, regarding the password, if you want to add a level of security, you can use a one-way encryption (e.g. DES or MD5) and save the encrypted password in the database upon signup. Then when the user later logs in and enters a password, encrypt it first, and compare the encrypted one to the saved encrypted one. That way you don't have to save the unencrypted passwords on the site. (However, the reality is if somebody can get to the database to see the encrypted passwords, they can also probably get to the "secret pages" so I'm not totally convinced this is even necessary.)
Those are great observations, Jeff. Thanks. Your idea of storing the encrypted password is particularly valuable because it's exactly how Unix does it: the password for each account is stored in /etc/shadow (it used to be in /etc/passwd, but I hope that there isn't a single shipping Unix or Unix-like system that still has it there) as an encrypted string.
Even more interestingly, the encryption has a random two-letter 'salt' or rotation initializer, so that when a new password is entered and wants to be compared to the existing password, the new value must be encrypted using the existing salt as the key. It means that you can have programmers write password-protected programs without them knowing any of the passwords. A neat trick!
However, that's probably a bit far afield for a simple web page protection link, eh? :-)
Yeah, I used that kind of encryption on my site, and after all was said and done, I kinda wondered why. What was the big deal? For simple web sites, I think storing the plain-text passwords in the database is probably easiest, because if people forget their password you can email it to them. :-)
I'm a 12 year old kid learning html and all that web stuff. Can you brake down how to make a password protected site in a way that I can understand, please.
Thanks for your posting, Jonathan! As you suggest, it's a bit more complex, but you might be surprised that it's not completely baffling. The first step: ask your web hosting provider for information on what they've set up, if anything. Secondly, search for .htaccess in any of your directories: if you have that, you probably have a password-protected directory. Also check out the quite good Apache htaccess tutorial, which you can find at: http://httpd.apache.org/docs/howto/htaccess.html
so can you guys show me the html and cgi script needed in order to get this on my webpage without having to call up my service provider and getting a directory? you can e-mail it to me. thanks
I have an account with clickbank.com and want purchasers of a private part of my site to get a password etc.
Clickbank.com send successful purchasers to a page on my site of my choosing.
I guess this page needs the password in it.
If i put this page in a secured area then clickbank asks for the password after purchase.
Catch 22 if ever there was.
How do you secure a password page that can be accessed from clickbanks return ?
(am i to put arguments on the return address to perhaps a cgi page.
Hi Dave again,
Iv done alot of learning since my last post.
using php pages i can
1) receive the return from clickbank to an unsecured web page (ie home/result.php).
2) check if the purchase was successful with php validator code in result.php.
3) if purchase is good, use the php 'include' command inside result.php to display password and passname from another php page (ie home/secret/passwords.php) (the 'secret' directory being password protected)
4) if no sale, echo a "sorry mate" message to web page instead of password.
The key thing is ...
public PHP pages can display secret pages or data from private directories.
just thought this might help someone
im testing php pages on my own pc with
apache web server (free)
php 5 linked to apache (free)
both have extensive help and websites
hello, is there such a html code whereby when someone goes into your blog, there would be a pop up that asks the user to enter a password?
i would be very grateful if u could tell me
dave please help in hosting a ASP.net web application , i have created my website in ASP.net but i dont know how to host it please help me
thanks in advance
I do have a lot to say, and questions of my own for that matter, but first I'd like to say thank you, Dave, for all your helpful information by
buying you a cup of coffee!||
Follow Me on Pinterest
Find Me on Google+
ADT on G+