Password Protect Your Web Page

I'm really new to Javascript so please pardon this naive question - if the value of the password is posted in line 3 and anyone can view the source of a page, how is the password protected?

Thanks

You can make a new .js/.jse file and make variables containing the password. Still, you can get into it. Try to make it as secure as you can. But it wouldn't be worth it for just 1 web page...

You can make a new .js/.jse file and make variables containing the password. Still, you can get into it. Try to make it as secure as you can. But it wouldn't be worth it for just 1 web page...

sorry for the last post, my browser was laggy/not responding

It does not work

Try encrypting the password...

Also, try this script

<html>
<head>
<script type="text/javascript">


var pass1='password';
var password=prompt("What's the magic word?","");
if (password==pass1)
  {
  document.write("Correct!");
  }else{
  document.write('Incorrect!')
  }

</script>
</head>
<body>

</body>
</html>

help me please i do not know javascript well; how would you do multiple passwords its for a project

hey ummm, can't you right click and "view source", read through and just get the password, or havee l missed the point?

I need help too , I yes dont one no one to see my page only people i one them too see it

if you must use javascript, javascript security is a joke
hash the password, and only put the hash in your file
then hash the entered password and compare the hashes
it is more difficult to work an md5 or sha1 backwards to get the text

security is usually configured at the server
an ajax call to verify the password, or submitting the page for server verification is preferred to anything clientside

So easily got it now

Personally if you're using Apache I'd just use htpasswd with .htaccess

.htaccess .htpassword is less efficient than per user access control through settings stored in the database with the user details.
The reason why all access controlled sites use this method instead of .htpassword.
What we do personally, becomes irrelevant when the site is not personal, still use .htpassword to further lock admin-only folders, belt and braces approach

If I'm understanding you correctly, bob, I completely agree with you that htpasswd is less efficient with more users. However if you're going to store a single pw in the code why not use htpasswd instead?

So im using the code at the top of the page and it works great in every browser but internet explorer. It just auto redirects like you type the incorrect password in. Any help would be much appreciated.

I figured it out. I had to add it to a trusted list so that my computer trusted the site. I wonder if there is another work around on that.

is there any way to embed the window in the page?

Can we use this code in any language , means is this code is compatible to other languages or not.

You certainly can. That is as secure as having a guard snail on duty.

thank you

hi codes work :) ★★★★★ go daniweb! ©2011 bob★ ★☆★☆★☆★☆

Also, I dont recommend using javascript ONLY for any page protection/security.

Page security should be left up to server-side languages that are "stripped out" before the browser renders the html. Just my opinion though.

What good can it do by putting a password at the very start of your website? Anyway this can help, it's from pageresource.com/jscript/jpass.htm

<

HEAD>
<SCRIPT language="JavaScript">
<!--hide

var password;

var pass1="cool";

password=prompt('Please enter your password to view this page!',' ');

if (password==pass1)
  alert('Password Correct! Click OK to enter!');
else
   {
    window.location="http://www.pageresource.com/jscript/jpass.htm";
    }

//-->
</SCRIPT>
</HEAD>

As a reply for those who does't have any knowledge of html/css and programing language (php e.g) "if/else" are php base functions AND WILL NOT WORK ON simple basic html/css web pages (certanly not on Blogger free platform)

 <script language="javascript">
 function pasuser(form) { 
 if (form.id.value=="secname") {
if (form.pass.value=="secpassword") { location="urlhere" } 
 else { alert("Wrong Password") } } else { alert("Wrong Username") } }
 </script>
 <form name="login">
 Username: <input name="id" size="16" type="text">
 Password: <input name="pass" size="16" type="password"><input value="Login" onclick="pasuser(this.form)" type="button">
 </form>

Change secname and secpassword with what you want. This will work on individual webpages. urlhere? add your link webpage http address

What happens if the user turns off Javascript? He gets into the page with no password.

This is like "pretending" a screendoor is secure. You should never rely on Javascript for security.

with reference to

As a reply for those who does't have any knowledge of html/css and programing language (php e.g) "if/else" are php base functions AND WILL NOT WORK ON simple basic html/css web pages (certanly not on Blogger free platform)

>  <script language="javascript">
>  function pasuser(form) { 
>  if (form.id.value=="secname") {
> if (form.pass.value=="secpassword") { location="urlhere" } 
>  else { alert("Wrong Password") } } else { alert("Wrong Username") } }
>  </script>
>  <form name="login">
>  Username: <input name="id" size="16" type="text">
>  Password: <input name="pass" size="16" type="password"><input value="Login" onclick="pasuser(this.form)" type="button">
>  </form>

Change secname and secpassword with what you want. This will work on individual webpages. urlhere? add your link webpage http address

how do i add additional users?

Please don't use this on anything that is truly important, or high risk. There are frameworks, tools, and other methods available to help you protect your site with very little effort. I'm not sure how you would do this safely in pure JavaScript, but on my site the couple passwords I need are either hashed or encrypted, and contained in a private file or database. I'm not saying that makes the site hack-proof, but its certainly better than storing them, and sending them over the wire, in plain-text. It's just like MidiMagic said.

dlannets,
You cannot view the source of the page by right clicking, but you can view it in any other way.