In the last section, I introduced
javascript password protection, but the script had a slight problem:
Netscape browsers would show the protected page momentarily even if
the password was incorrect. In this section, I will show you the same
script, but the difference is that it will use an intermediate page
so that the protected page is not displayed.
Warning: These scripts are
not totally secure and your page can be seen if someone gets through.
Do NOT protect anything important with a script like this. Try looking
for a CGI Script or ask
your web host to set up an .htpassword file if you need to protect
something important.
Now that I have said that so
boldly, let's take a look at how this version of the script works.
Try out the example below:
A little better, I suppose.
Let's take a look at the code you will need:
1) You
will need to place a link to the intermediate page on one of your
pages. In my example, the intermediate page is "jex10.html". I put
the link on this page, "page11.html". Example below:
"page11.html"
<BODY>
<A HREF="jex10.html">Click to Enter</A>
</BODY>
2) Now
you need to create your intermediate page. In my case, this is "jex10.html".
You will need the following script on this page:
"jex10.html"
<HTML>
<HEAD>
<TITLE>Intermediate Page</TITLE>
<SCRIPT language="JavaScript">
<!--hide
var password=prompt('Enter the password:','');
var mypassword="cool";
if (password==mypassword)
{
window.location="jex10.html";
}
else
{
window.location="page11.html";
}
//-->
</SCRIPT>
</HEAD>
<BODY> </BODY>
</HTML>
This intermediate page is what
does all the work. As you can see, if the password is correct, it
takes the user to the protected page. In the example, the protected
page was "jex10.html". You can replace that with the url of the page
you wish to protect.
If the password is incorrect,
the user gets sent back to the page that contains your link to the
intermediate page. In my case, that is the very page you are looking
at, "page11.html".
Well, give it a try and see
if it works better for you. Have fun!
So, why is it easy to hack
the script? One way is for the viewer to disable javascript. Not only
will they get to the page this way, they can also view the source
code to see the password and use it later. Thus, if you are protecting
something important, you should use something more secure. You can
find some more secure password javascripts at The
JavaScript Source. You can also look for a CGI password script
at The CGI Resource Index.
