Password Protection 2

A script that is a little better
home    Beginning JavaScript Tutorials  |  JavaScript Links  |  JavaScript City

Browser Compatibility:    NS2.02+, IE4+

In the last section, I introduced javascript password protection, but the script had a slight problem: Netscape browsers would show the protected page momentarily even if the password was incorrect. In this section, I will show you the same script, but the difference is that it will use an intermediate page so that the protected page is not displayed.

Warning: These scripts are not totally secure and your page can be seen if someone gets through. Do NOT protect anything important with a script like this. Try looking for a CGI Script or ask your web host to set up an .htpassword file if you need to protect something important.

Now that I have said that so boldly, let's take a look at how this version of the script works. Try out the example below:

Click to Enter

A little better, I suppose. Let's take a look at the code you will need:

1)    You will need to place a link to the intermediate page on one of your pages. In my example, the intermediate page is "jex10.htm". I put the link on this page, "jpass2.htm". Example below:

"jpass2.htm" 

<BODY>
<A HREF="jex10.htm">Click to Enter</A>
</BODY>

2)    Now you need to create your intermediate page. In my case, this is "jex10.htm". You will need the following script on this page:

"jex10.htm" 

<HTML>
<HEAD>
<TITLE>Intermediate Page</TITLE>
<SCRIPT language="JavaScript">
<!--hide
var password=prompt('Enter the password:','');
var mypassword="cool";
if (password==mypassword)
{
  window.location="jex11.htm";
}
else
{
 window.location="jpass2.htm";
}
//-->
</SCRIPT>
</HEAD>
<BODY>&nbsp;</BODY>
</HTML>

This intermediate page is what does all the work. As you can see, if the password is correct, it takes the user to the protected page. In the example, the protected page was "jex11.htm". You can replace that with the url of the page you wish to protect.

If the password is incorrect, the user gets sent back to the page that contains your link to the intermediate page. In my case, that is the very page you are looking at, "jpass2.htm".

Well, give it a try and see if it works better for you. Have fun!

So, why is it easy to hack the script? One way is for the viewer to disable javascript. Not only will they get to the page this way, they can also view the source code to see the password and use it later. Thus, if you are protecting something important, you should use something more secure. You can find some more secure password javascripts at The JavaScript Source. You can also look for a CGI password script at The CGI Resource Index.

Ready for a new subject? Well, then go to the next section: The setTimeout Function.

The tutorials and articles on these pages are © 1997-99 by John Pollock and may not be reposted without written permission from the author, and may not be reprinted for profit.

Virtualis Systems
Virtualis Systems is an excellent web hosting company with superior technical support. Check it Out!

previous
Previous
Email:  [email protected] next
Next

Main Page | New | HTML | JavaScript | Graphics | DHTML/Style Sheets | Directory
PutWeb/FTP | CGI/Java | Promotion | Troubleshooting | Extras | Design Articles
Site Search | FAQs | Contact