Easy Password Access Script
The concept is deceptively simple. Yet, the protection is
as good as having hidden file names on the server.
The site visitor types a password in a form.
If it is the correct password, JavaScript will redirect
the browser to the protected web page. If it's an incorrect
password, the browser redirects the browser to a different
location, possibly a 404.
What's deceptively simple is that the password is part of
the protected web page file name.
Yet, there is no hint or whisper in the JavaScript of what
that file name is. Everybody but you and the people with
the password are in the dark about what the file name is.
Here is the JavaScript.
<script type="text/javascript" language="JavaScript">
<!-- Copyright 2005 Bontrager Connection, LLC
// Three customizations:
//
// 1. Between the quotation marks, specify anything that
// needs to be in front of the "password" to create
// the destination URL. If nothing needs to be in front,
// specify two quotation marks with nothing between them.
var FrontOfPassword = "http://BontragerCGI.com/";
// 2. Between the quotation marks, specify anything that
// needs to follow the "password" to create the
// destination URL. If nothing needs to follow, specify
// two quotation marks with nothing between them.
var WhatFollowsPassword = ".html";
// 3. Shall the "password" be converted to all lower case
// characters? Specify the answer, either yes or no,
// between the quotation marks. (If "no," the "password"
// will be case-sensitive.)
var LowerCasePassword = "yes";
function PasswordAccess(v) {
LowerCasePassword = LowerCasePassword.toLowerCase();
if(LowerCasePassword.substr(0,1) == 'y') {
v = v.toLowerCase();
}
location.href = FrontOfPassword + v + WhatFollowsPassword;
return false;
}
//-->
</script>
// end of script
The JavaScript takes the password provided by a form and
constructs a URL with it. It then redirects the browser to
the constructed URL.
You'll notice that the JavaScript has a place to specify
what should come before and after the password the user
provides. Also, you can specify whether or not to turn the
password into lower case.
Here is a form that can be used with the above JavaScript.
<form>
Password:
<input
type="password"
name="pw"
size="17">
<input
type="submit"
onclick="return PasswordAccess(this.form.pw.value);">
</form>
With the customization as provided in the above JavaScript,
and if password "Jupiter" was typed into the form,
the browser would be redirected to URL
http://BontragerCGI.com/jupiter.html
This is not military grade access restriction.
It does, however, provide a measure of protection about
equal to having hidden web page file names. In either case,
unauthorized access attempts are reduced to guessing what
the file names are.
With a bit of tweaking, the JavaScript and form could be
used for a dual password system, where two passwords need
to be provided, each correct, in order to gain access.
The two passwords could be combined for a web page file
name. Or, one of the passwords could be for a directory
name and the other for a file name.
Question:
Did you find this article interesting and understandable? How can it be improved?
Your response is anonymous.
When done typing, click anywhere outside the box. [more info]
Will Bontrager
©2005 Bontrager Connection, LLC
Please note:
Articles on this website are presented "as is". However -
If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.
