JavaScript: password protection

Contributor Icon Contributed by William_Wilson Date Icon March 11, 2006  
Tag Icon Tagged: Computer programming

how to password protect a webpage with javascript (the password is not viewable in the source of the page)


If someone REALLY knows what they are doing, it is impossible to prevent all access with javascript, but here’s a way to keep those

wannabe hackers from seeing your password in the source of you protected page.

to fully take advantage of this feature you will need Unix/Linux permission knowledge or a program such as cuteFTP to change the

attributes of our script file.

*Scripts are not allowed on this site, so replace * with < and $ with > inside the code blocks!

first we need a page to display the password prompt. Using a simple form and action to call our eventual script is all that is

necessary.
*This can be expanded to include usernames etc.

*html$
*head$
*script src="scripts/pass.js" type="text/javascript"$*/script$
*/head$
*body onLoad="top.window.focus()" BACKGROUND="images/code.jpg"$
*center$
*br$
*h1$Restricted Area: Site Admin Only*/h1$
*br*br$
*form name="protected"$
*input type="password" name="passw" value="" size=30$
*input type="button" name="accept" Value="Enter" onClick=checkPass(this.form)$
*/center$
*/body$
*/html$

the line *script src=”pass.js” type=”text/javascript”$*/script$ in the head deligates the name of the script and it’s

location.

by making the text field of type password the text will be displayed as * instead of letters, and thus programs which do

autofill or auto complete, will not keep it’s value.

now we have called a script function called checkPass with the button press of this form, and here is the script:

function checkPass() {
if(this.document.passwordprotected.passw.value=="tr"){
window.open("www.google.com");
}
else{
window.open("www.yahoo.com");
}
}

when check pass is called it simply checks if the password is the same as the value you wish it to be, in this case the password is

tr passwords are case sensitive to be careful.

**NOT all OS support this**
This is the important part, on your server/domain, you will need to modify the rights of this script, such that global and group

have no provilages (eg rw——-) they should not be allowed to read, write or execute this file.
**Windows XP definatly does not support this, you will not be able to protect your script files and have XP users execute the

scritps in this manor!

Now simply make your link to a protected file link to the html page listed here, and have the if location point to the protected

page. There are still ways around it, but it will take more work, then simply reading your source file.

Questions/Comments: william_a_wilson@hotmail.com
-William. ยง (marvin_gohan)

Previous recipe | Next recipe |
 
blog comments powered by Disqus