Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

code help to password protect a html page

  • 08-06-2008 8:15pm
    #1
    Registered Users, Registered Users 2 Posts: 1,943 ✭✭✭


    Hi
    I have a html page with details of email ids and phone numbers
    I dont this page to be visible to public visiting the page

    is it any way i can password protect this html page?
    i dont know any programming, so any copy paste code will help.

    please suggest


Comments

  • Registered Users, Registered Users 2 Posts: 23,212 ✭✭✭✭Tom Dunne


    There are so many ways to do this.

    What is the web server setup? What platform is being used?


  • Registered Users, Registered Users 2 Posts: 1,943 ✭✭✭bittihuduga


    the server is up on netfirms.com
    i dont know anything more
    it can take php, some cgi/perl too


  • Closed Accounts Posts: 1,444 ✭✭✭Cantab.


    .htaccess is simple and straigtforward

    Loads of tutorials on the internet

    Be careful when generating passwords using online password generators -- some sites are dodgy! Look for .edu domains (better still, generate your own passwords).


  • Registered Users, Registered Users 2 Posts: 21,611 ✭✭✭✭Sam Vimes


    here's a simple way of doing it where you'll only have to copy and paste:

    create a file called pass.htm and put this code in it:
    <html>
    	<body>
    		<form action=pass.php method=post>
    			<input type=text name=pass>Password<br>
    			<input type=submit value=submit>
    		</form>
    	</body>
    </html>
    


    then in the same folder, create a file called pass.php and put this code in it:
    
    <?php
    
    $password="whateveryouwant";
    
    
    $postPass=$_POST['pass'];
    $getPass=$_GET['pass'];
    
    
    if(strcmp($postPass,$password)==0 || strcmp($getPass,$password)==0)
    {
    	print <<<END
    	this is the list<br>
    	that you want to print<br>
    	if the password <Br>
    	is right<br>
    	
    END;
    }
    else
    {
    	print "wrong password";
    }
    ?>
    
    
    

    on the line $password="whateveryouwant";, change whateveryouwant to the password you want

    and in this bit:
    print <<<END
    this is the list<br>
    that you want to print<br>
    if the password <Br>
    is right<br>

    END;

    replace the text with your list


    and that should be it. go to the pass.htm page and you'll be asked for a password. If you put the right one in you'll get the list and if you put the wrong one you'll get a "wrong password" message.

    very basic but it'll do the job


  • Registered Users, Registered Users 2 Posts: 1,943 ✭✭✭bittihuduga


    sam..
    great help mate..
    thanks a lot
    the code works like a gem..
    i am really happy


  • Advertisement
  • Closed Accounts Posts: 1,444 ✭✭✭Cantab.


    sam..
    great help mate..
    thanks a lot
    the code works like a gem..
    i am really happy

    Be careful though!

    Whilst that code is grand, be aware that it could be easily cracked with a bit of packet sniffing, by other users on your server, or by brute force.

    Only you can decide how important your data is and what level of security is required to protect this data in a proportional manner.


  • Registered Users, Registered Users 2 Posts: 21,611 ✭✭✭✭Sam Vimes


    Cantab. wrote: »
    Be careful though!

    Whilst that code is grand, be aware that it could be easily cracked with a bit of packet sniffing, by other users on your server, or by brute force.

    Only you can decide how important your data is and what level of security is required to protect this data in a proportional manner.

    this is true, it's not very secure. if you want i could make it so each user has their own user name and three wrong attempts would block the account until you manually re-actiavate it. would that be practical for what you want?


  • Closed Accounts Posts: 18 carthach


    Hi
    I have a html page with details of email ids and phone numbers
    I dont this page to be visible to public visiting the page

    is it any way i can password protect this html page?
    i dont know any programming, so any copy paste code will help.

    please suggest
    If you're using Apache:-

    http://httpd.apache.org/docs/1.3/howto/auth.html#basic

    might be a bit more robust


  • Registered Users, Registered Users 2 Posts: 2,534 ✭✭✭FruitLover


    Sam Vimes wrote: »
    this is true, it's not very secure. if you want i could make it so each user has their own user name and three wrong attempts would block the account until you manually re-actiavate it. would that be practical for what you want?

    That's not fixing the problem that Cantab has pointed out though. The best way to secure this would be to use TLS to encrypt the session; if this isn't possible, you'd want to get the server to calculate a random number to be sent as a nonce, then use javascript on the client side to hash the entered password with the nonce, then send the hash. The server would then compare its copy of the password (hashed with nonce). It's by no means flawless, but it'll protect against casual sniffing.

    The Apache solution posted above suffers from the same problem of the password being sent in clear text.


  • Closed Accounts Posts: 9,314 ✭✭✭Talliesin


    carthach wrote: »
    If you're using Apache:-

    http://httpd.apache.org/docs/1.3/howto/auth.html#basic

    might be a bit more robust

    Unless it's over SSL the passwords are still sent in the clear. With http://httpd.apache.org/docs/1.3/howto/auth.html#digest then the password isn't sent in the clear but used for a cryptographic challenge-response. Also, the password need not be stored either (since the key to the challenge is a hash of the username, password and realm).

    Basic's only worth using these days (that digest is so often supported) if you're programming it by hand (since it's a bit simpler than digest) and it's only used over SSL (so it's safe).


  • Advertisement
Advertisement