UGN Security
-------------------
JavaScript Password
-------------------

This is how to make a password protected page using javascript. This may be better used under a programming topic, but it does relate to web design in that many web designers will want to protect a page with a password, possibly for members, etc.

-------------------
How It's Done
-------------------

This is quite a simple script, however, due to that, it is not very effective and I wouldn't recomend protecting anything important with it. Below is the script, I will then explain parts of it.

<HEAD>
<SCRIPT language="JavaScript">
<!--hide

var password;

var pass1="GayGizmo";

password=prompt('Please enter your password',' ');

if (password==pass1)
alert('Password Correct! Click OK to enter!');
else
{
window.location="http://www.currantech.com";
}

//-->
</SCRIPT>
</HEAD>


Explanation:

var password; (this defines a variable named password)

var pass1="GayGizmo"; (this creates the password that will be accepted. you can have more than one accepted, thus pass1, pass2, pass3, etc.)

password=prompt('Please enter your password',' '); (this prompts the viewer to enter a password. what he enters is now the value of the variable "password")

if (password==pass1)
alert('Password Correct! Click OK to enter!');
(if the password entered matches the one we set (GayGizmo), then it will alert that you have found the right password and it will take you to the page)


else
{
window.location="http://www.currantech.com";
}
(this tells the script that if the password entered was something diff then it will take them to this site.)


And thats it for password protecting a page with javascript. Also, remember that this is not the safest way to protect a page and it can easily be cracked simply by looking at the pages source. Post anything else that has to do with password protecting or if you have some corrections to my script, etc.

-BackSlash
hey i resent that frown...


Becides, every passworded page i go to i view to source of the page, i mean its not that hard to "crack" a javascript password.. its more fun to use CGI cas no one knows where the pass.txt is on your server ;x
thats the idea gizzy, and thanks for pointing out that its not a safe way to protect a page. i only said that how many times in my original post?

-BackSlash
Well Gizmo, I hope that it doesn't matter if the person knows where your "pass.txt" is. You SHOULD instead be using a htpasswd file or some other file who's permissions wouldn't grant read access anyway.
oh hell yeh, but most free servers dont allow htaccess i was sayin that all for people who were using a free service. As for payservices .htaccess ALWAYS
well, OBVIOUSLY
This is just an addition to my original post. Basically this is another Java Script Password Protector, but this one is a little bit harder to get through than the other. However, once again I will say this is not a safe way to protect a page, so look into other ways of password protecting a page if you want to do it.

How To Do It:

Start with your original page called page1.html On this page have the below link to an middle page between the original and the one the password protects.

<BODY>
<A HREF="page2.html">Enter Here</A>
</BODY>

This link takes you to a middle page which has the password script on it. The script is below.

<HTML>
<HEAD>
<TITLE>Middle Page</TITLE>
<SCRIPT language="JavaScript">
<!--hide
var password=prompt('Enter password:','');
var mypassword="GayGizmo";
if (password==mypassword)
{
window.location="page3.html";
}
else
{
window.location="page1.html";
}
//-->
</SCRIPT>
</HEAD>
<BODY> </BODY>
</HTML>

I won't explain this much, but basically it asks for a password, if its correct it takes you to the third page, page3.html, if its not the correct it takes you back to the original page. If this is confusing to you check my original post because it goes into great detail on each part. The reason this is better than the first is because in the first all the viewer must do is open the source of the page to see the password. With this new script the viewer can still open the source to see the password, but since the script is on a middle page it makes it so that the viewer must turn of the use of scripts in his browser so that he can view the source. This just takes a little more thinkin on the viewers side, and hopefully will protect you more. I'm sure gizzy or someone will have some other way to get around this besides turning off the scripts, but thats because they are too smart. The point is if you are going to use a javascript protected page, this second script is better than the first I posted.

-BackSlash
lol then i view your source, and paste the password for the world, ktnx..
Javascript passwords suck to the badest, it was the first password i ever cracked, back in my newbie days, kehehe, i was proud of myself.

/me remembers back the days he and his mate had a hacker group called "The Skull Monkeys"

the first page we ever defaced was www.expage.com/page/jaredspaje which we knew the password too smirk
The safest way to password protect your page via script, is through VBScript (and maybe JScript?) and have it encoded. VBScript pages can still be decoded but you'd have to do a bit of searching for something that'd do it.
© UGN Security Forum