Click here to go back to the index page
More Password Protection
In the last section, I introduced javascript password protection, but the script had a slight problem: Netscape browsers would show the protected page momentarily even if the password was incorrect. In this section, I will show you the same script, but the difference is that it will use an intermediate page so that the protected page is not displayed.
Later, I will show you how to pass information to a new window from an open window. You could use that to put a password textbox and send the information to the new window. Alternately, you will be shown how to send a parameter to a window that is not open, you could insted, use that method.
Also, anything being sent over the internet can be captured and saved by some hacker. You would want to encript your message that was sent, decripting it when it got to the page it was intended for.
Warning: These scripts are not totally secure and your page can be seen if someone gets through. Do NOT protect anything important with a script like this. Try looking for a CGI Script or ask your web host to set up an .htpassword file if you need to protect something important.
Now that I have said that so boldly, let's take a look at how this version of the script works. Try out the example below:
A little better, I suppose. Let's take a look at the code you will need:
1) You will need to place a link to the intermediate page on one of your pages. In my example, the intermediate page is "intermediatePass.htm". I put the link on this page, "jpass2.htm". Example below:
On this page
<BODY> <A HREF="intermediatePass.htm">Click to Enter</A> </BODY>
2) Now you need to create your intermediate page. In my case, this is "intermediatePass.htm". You will need the following script on this page:
"intermediatePass.htm"
<HTML>
<HEAD>
<TITLE>Intermediate Page</TITLE>
<SCRIPT language="JavaScript">
<!--hide
var password=prompt('Enter the password:','');
var mypassword="wow";
if (password==mypassword)
{
window.location="protected.htm";
}
else
{
window.location="passComplete.htm";
}
//-->
</SCRIPT>
</HEAD>
<BODY> </BODY>
</HTML>
This intermediate page is what does all the work. As you can see, if the password is correct, it takes the user to the protected page. In the example, the protected page was "protected.htm". You can replace that with the url of the page you wish to protect.
If the password is incorrect, the user gets sent back to the page that contains your link to the intermediate page. In my case, that is the very page you are looking at, "passComplete.htm".
So, why is it easy to hack the script? One way is for the viewer to disable javascript. Not only will they get to the page this way, they can also view the source code to see the password and use it later. Thus, if you are protecting something important, you should use something more secure. Later, I'll show you how to check to see if javascript is enabled in the browser, and you could use that as another intermediary step.
Click here to go back to the index page -- clicking your "back" button won't work, now