What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

HTML Password Protection...



Rob

Rob

ClioSport Moderator
I've done lots of HTML/CSS etc so I don't need some long n00b explanation, just a recommendation on how to do it....

The situation is as follows....

We have

  • "www.cheekstuff.com/* "
  • "www.cheekystuff.com/woman"
  • "www.cheekystuff.com/man"

On cheekystuff.com, we have three groups of people who are trying to access content.....

Person 1) Should only be looking cheekystuff.com/ (not cheekystuff.com/anything) so without a password they can't see that bit

Person 2) wants to access "www.cheekystuff.com/woman" so needs password "a"

Person 3) wants to access "www.cheekystuff.com/man" so needs password "b"

Whats the best way to do this??? Java?

*Cheekystuff.com was created purely for entertainment purposes.
 
Last edited:
Rob

Rob

ClioSport Moderator
cadab said:
Its the way i've always done it, php and cookies, not sure how secure it is, but thats never been an issue for me.
Click to expand...

Care to elaborate, or link to where you code is nabbed from?

Bonxy said:
Just password protect the directories inside your cpanel.
Click to expand...

Not the best of hosts, not my host either (lol), I'm also accessing it via filezilla.


This doesnt need to be MASSIVELY secure, its just to stop a certain group of people at work viewing a certain directory.

I've found a php where you can select user and pword, then chose where it directs too?
 
Nik

Nik

ClioSport Admin
  Clio Trophy #355
using .htaccess file i would have said.

You can code users and passwords manually in .htpassword file or if you will have a lot of users then use Auth_MySQL options or similar to point to a database where they are stored.
 
cadab

cadab

  Diesel Barge
Robbos said:
Care to elaborate, or link to where you code is nabbed from?
Click to expand...

Well what i've done and ^^ Bonxy inceidently (sp), is always have a mysql db, and set up the users in there, then use some simple php to check the in putted username and passwords match those in the db.

Then i just assign them a cookie with a GUID in, then on every page have some simple php code to check that the cookie exists, or to be more secure(not sure if it is) check the contents of the cookie matches the guid in the db.

so e.g. user signs in, gets cookie ( with guid in), that guid is added to the db for that user, then on every page check the cookie guid matches the db guid for a user, if so load page, if not don't.

not sure if that make sense?
 
Sam

Sam

North East
ClioSport Area Rep
<form>
<p>ENTER USER NAME :
<input type="text" name="text2">
</p>
<p> ENTER PASSWORD :
<input type="password" name="text1">
<input type="button" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"USERNAME",text1.value,"PASSWORD") >
</p>

</form>


<script language = "javascript">
function validate(text1,text2,text3,text4)
{
if (text1==text2 && text3==text4)
load('URL/men');
else
{
load('URL/failure');
}
}
function load(url)
{
location.href=url;
}
</script>
Click to expand...
This will work, but using this will not stop them from accessing the directory if they guess the link.

So you would put the following code in, say URL/men/index.htm then if correct it goes to URL/men/cliosport.

But if they guessed the URL like URL/men/cliosport they would be able to see it as it wont have a logged page.

I hope that comes accross ok. Ha..
Sam!
 
Rob

Rob

ClioSport Moderator
Does make sense yeah, cheers, may do it that way, its not something that needs to be done properly atm, just a quick fix, I CBA with setting up mysql atm and everything. (lol)

Its only going to have two users anyway.

Cheers for all the feedback chaps.
 
Chesh

Chesh

  E36 328
but if using sessions, check to see if there is a session open before letting them see the page

so
if the session is open
{
display this
}
else
{header.location=another page}

lol something along those lines
 
cadab

cadab

  Diesel Barge
After the log in form that bonxy suggested have the php code...


$value = 'cliosport'
setcookie("TestCookie", $value);
Click to expand...
then on each secured page have the code...

if ($_COOKIE["TestCookie"] == 'cliosport')
{
load page
}
else
{
echo "bugger off";
}
Click to expand...

edit: may not be 100% correct, but you get the gist:eek:
 
C

conneh

AuthUserFile /full/path/to/.htpasswd
AuthType Basic
AuthName "My Secret Page"

<Files "mypage.html">
Require valid-user
</Files>
 
cadab

cadab

  Diesel Barge
Have this on your 'secured pages'

<?php

$value = $HTTP_COOKIE_VARS["TestCookie"];
if($userid != "cs")
{
echo "please go away";
}
else
{
echo "<a href=http://cliosport.net>cs.net</a>";
// put whatever you want in here

}
?>
Click to expand...
Then on your login have this..

<form>
<p>ENTER USER NAME :
<input type="text" name="text2">
</p>
<p> ENTER PASSWORD :
<input type="password" name="text1">
<input type="button" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"USERNAME" ,text1.value,"PASSWORD") >
</p>

</form>


<script language = "javascript">
function validate(text1,text2,text3,text4)
{
if (text1==text2 && text3==text4)
{
setcookie("TestCookie", "cs");
}
}
</script>
Click to expand...
tbh there may be an easier way of doing it and it isnt that secure.
 
Camble

Camble

  Fabia VRS Special Ed
With the method above^^^, you'll have to ensure the public cannot see the file, or anyone can go on and see the password(s) required.
If you have access to the file just CHMOD it, can't remember what code to but just look and it'll say "Read, Write etc", just untick read.

php is the best way mate, one of the simplest php things to do.

Basically you tell person A to go to www.blahblah.co.uk/a, obviously with the pass you've given them they can access it.

Person B - www.blahblah.co.uk/b, again the pass you've given them will allow access.

Do a search for it on google mate, I'll try and dig one out but I've got sooooooooooo many folders lol.
 
You must log in or register to reply here.

Similar threads

charltjr
Win 10 password cracking
Replies
14
Views
1K
charltjr
charltjr
massiveCoRbyn
Pretending to be a Rally Driver (Snetterton Stages 2024)
Replies
16
Views
2K
massiveCoRbyn
massiveCoRbyn
massiveCoRbyn
New French Tat, but it's not a Renault
Replies
16
Views
2K
massiveCoRbyn
massiveCoRbyn
R
New Clio 200 EDC member
Replies
27
Views
4K
Ol’ Tarby
Ol’ Tarby
B
Clio MK2 - no spark. Need advice
Replies
8
Views
2K
Morefire
M


Top