workaround for password protection

[Megg81]

Im working on a workaround for "password protection" for a specific page / folder. I've not managed to find any *free* software or useful script without php.

So Im using a form with conditional formatting - when the correct password is entered the form will automatically redirect to a given URL. I know this doesnt technically make the page password protected, because once you have the web address you just cut and paste it into the browser... it's ok there's no personal details involved, its for a preview of completed web pages and for now it seems to be all I can do without making a subscription. So I know there is some script to prevent the page from being pulled up in search engines - but I suppose my question is is there some script to redirect back to the login page if the web address for my page is just pasted into the browser? Is there something which would, in simple terms, mean that users can only view this page when they've successfully passed through the first one? Or to prevent the whole of the URL displaying and so prevent it from being cut and pasted- but Im guessing that one's not going to be possible?

That's all I really need, something basic. If not then preventing the page being pulled up by Google etc will have to do!

Thanks for any suggestions.

[ckh]

You can use an htaccess file to password protect a directory which then requires a username/password to to view anything in the folder.

If you hosting account has cPanel, you can log into your cPanel area and in the security section, there is a password protect directories tool. Other hosting control panels may have a similar feature.

Otherwise, do a Google search for:

htaccess password protect directories

and you should find several tutorials on how to password protect a directory using the htaccess file.

[Megg81]

O... I've done a search in Google, but what I've pulled up really means nothing to me! I dont understand code, how to use it or where to put it! and I have windows hosting so Im not sure it is applicable

[ckh]

Try logging into your hosting account's control panel and see if there isn't a password protect option in the directory somewhere. The htaccess file would be valid if your hosting account is running Apache, but, if it's a Windows server, it could be running something else. Your webhost may be able to help you out also with a solution to password protect a directory on a Windows server or point you in the right direction. They even could have a faq about it.

[mwenz]

I think the easiest way is the following:

http://www.pagetutor.com/keeper/index.html

The code is there and where to place it. You can use sub-folders as mentioned down the page. If you get creative naming the subfolders and the html page (say for showing multiple clients something) it would be difficult to guess other folders/filenames.

Do note that using javascript is the least secure means of pw. Someone who knows javascript would figure out that the pages and passwords are the same. Hence using a more creative name for the folder--folder names would be harder to guess.

Take care, Mike

[Megg81]

Hi - I have checked in my hosting settings, there is no option for password creation & the package breakdowns state only available on Linux. I think maybe I cant do it this way.

Mike - I have taken a look over the link you sent. Thanks. It looks good (and achievable) but once Im at the "secret page" I again can just cut and paste the web address and it lets me right back in without having to enter the password even after clearing the cache. Its the same problem I have already with the form widget im using. There's a more complex tutorial on the link you sent involving the htaccess file, which it says can work with some windows hosting packages, so I may give that a go tomorrow.

Im looking for something like a redirect after the web address has been just pasted in. The form widget I have neatly does the job of asking for a reference number which then redirects to a page - only the URL of that page can then be cut and pasted and accessed without the password...

One more thing anyone - using WD6 when I add the code to prevent the page being pulled up in search engines I create an object and name it <head> then paste the code in as a placeholder? Do I have that right?

Thanks 4 your help so far!

[mwenz]

If the client logs out, the url presents the log-in box. If you do not log out, then

So, what you can do is look for a means to set a timer on inactivity and log out the person with the pw. That also is possible.

Windows hosting will not allow the use of an .htaccess file. Over the next day or three, I will make up an Xara file with the referenced code and add in an inactivity timer.

Take care, Mike

[Megg81]

Thank You Mike. That would be so so useful and much appreciated.

I think those two layers of security in combination (form submission leading to a login page - then login with a timeout) would produce something very acceptable

[mwenz]

Hi Megg--I haven't forgotten this, but I also haven't had time yet. In looking at some of my saved links, I had a thread saved referring to this demo page:

http://xara-users.info/demos/php-pas...tect/index.htm

See if that aids you. If not, I'll plug along. I do belive that once the accessed page is closed, one has to log on again.

Take care, Mike

[Megg81]

Im on Windows hosting, no php. Thanks for the idea though.