# Solved: Password protecting a web page



## marques_uk (Jun 22, 2009)

Hello,

I'd like to be able to password protect a single web page. So if the user can't provide a valid username and password, they can't access the page.

I'm using aspx c# for my website, so if you can provide a solution using c# that would be great. The web page I'd like to protect isn't that important so it doesnt have to be really secure, just enough to keep a normal average Joe from accessing it. If a hacker is willing to spend 30min trying to hack in so be it 

Thanks in advance
Mark


----------



## karlhaywood (Jan 17, 2010)

Hey try this i think it is what your lookingm for. You might need to modify the code to suit.

http://blogs.msdn.com/b/lisawoll/archive/2005/06/24/432429.aspx#aspnet


----------



## marques_uk (Jun 22, 2009)

Hello,

thanks for your help but that code password protects the whole website. Also I don't really want to alter my web.config file as I'm already using the authentication mode for another section of my site. So I'm trying to find code that I can use in my aspx page and the code behind page.

Thanks again
Mark


----------



## karlhaywood (Jan 17, 2010)

Sorry try this

http://support.microsoft.com/kb/301464


----------



## marques_uk (Jun 22, 2009)

Yes that would be perfect. Would I have to change my pages to .asp pages or can I implement the code into the aspx page?

I'd also like to issue multiple usename and passwords, would you know of a way I can alter the code to do this? I know I could just add a string to the variable such as 
Username="user", "extra"
but doing it this way would allow for a number of passwords to be valid for one username

i.e.
Username="user", "extra"
Password="pass", "extrapass"

username 'user' would work using either 'pass' or 'extrapass' for a password.

Any ideas? Or have you seen any other code that would do this? I think you know what I'm after now.  

Thanks for your help Karl!!


----------



## karlhaywood (Jan 17, 2010)

I have just done some research and you could try this link you may need to alter the code to suit. This script is wrote C# so you might just want to spruce it up a little lol

http://www.daniweb.com/forums/thread24148.html


----------



## lordsmurf (Apr 23, 2009)

Do you have any control panels? Some of them, like Plesk, make this easy.


----------



## marques_uk (Jun 22, 2009)

Nearly there Karl, I'm looking for something that doesnt require a database, maybe I should of been a bit clearer on what I was after in my first post sorry.

Although I'm going to have to change tactics now, because the host I'm looking at doesnt support ASP.NET. So if anyone knows of any reasonably good methods that are written in either PHP or JavaScript, that would be brilliant.

Thank you
Mark

p.s. I havent got plesk controls, is it free?


----------



## karlhaywood (Jan 17, 2010)

Try this marques_uk

<?php

// Define your username and password

$username = "someuser";

$password = "somepassword";

if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {

?>



*Login*

[/COLOR]">

Username:

Password:

<?php

}

else {

?>



This is the protected page. Your private content goes here.

<?php

}

?>


----------



## marques_uk (Jun 22, 2009)

Karl this would be brilliant, if I could add multiple usernames. Any idea of how to alter the code to achieve this.

Also I have the following error when using the above code, even though it works fine, any ideas?

*Notice*: Undefined index: txtUsername

Thanks again


----------



## Squashman (Apr 4, 2003)

Is this an Apache web server? I would assume so if they don't support ASP. If so then just use an .htaccess file.


----------



## marques_uk (Jun 22, 2009)

Probably, it doesn't actually say. Can you have multiple usernames and passwords using .htaccess? 

Do you know the code needed, or of a website that shows a tutorial on how to set this up?

Thank you


----------



## Squashman (Apr 4, 2003)

If you can give me your domain name I can tell you if it is using Apache or not.

.htaccess with .htpasswd file allows you to have multiple usernames and passwords.
http://www.javascriptkit.com/howto/htaccess3.shtml


----------



## marques_uk (Jun 22, 2009)

I haven't actually set it up yet but I was going to use one.com for hosting. How can you find out?

So say I have a page www.example.com/index.html

Anyone accessing this will be presented with the popup, login? Is there away you can present the login as a page rather than a popup?

Cheers


----------



## Squashman (Apr 4, 2003)

If you want a login page you will need to use server side scripting like PHP or PERL.

htaccess will prompt with a pop up.

One.Com uses Apache


----------



## Squashman (Apr 4, 2003)

Apparently with a little Javascript coding you can make a login form for .htaccess authentication. Don't have time to test it but here is the link.
http://javascript.internet.com/navigation/htaccess-login.html


----------



## marques_uk (Jun 22, 2009)

Thanks Squashman, I'll see if I can use the JavaScript code with the .htaccess. This would be absolutely perfect if I can get it to work.

Many thanks


----------



## Squashman (Apr 4, 2003)

Whenever I need a script I can usually find it on HotScripts.com. If that fails me Google usually doesn't.


----------



## karlhaywood (Jan 17, 2010)

*<?php* 
//My Login Script
//Attach this to any page that requires Login
//Users and Settings
$domain_code = 'website'; //Alpha Numeric and no space
$random_num_1 = 20; //Pick a random number between 1 to 500
$random_num_2 = 565; //Pick a random number between 500 to 1000
$random_num_3 = 3; //Pick a random number between 1 to 3
//Usernames can contain alphabets, numbers, hyphens and underscore only
//Set users below - Just add " => " with the first " being
//the username and the second " after the => being the password.
//Its an array so add an , after every password except for the
//last one in the list. As shown below
//Eg. $users = array(
// 'user1' => 'password',
// 'user2' => 'password'
// );
$users = array(
'user1' => 'password',
'user2' => 'password'
);
*?>*

Modify the domain code and three random numbers. The three random numbers is the key that makes login _secure and unique_ to your website only. Then at the bottom you can create all of your users.
Now in every page that you require the user to login just add the following code to the very top of the page, exactly on line 1.
*<?php* require('_login.php'); *?>*
That's pretty much all you need to do to install the secure login script. The only other thing if you want is you can edit _login_page.php. That's the page people see when they need to login.
*Login and Logout*
You can lead users to login and logout with links to login.php and logout.php as such.
Login | Logout
*Displaying Macors*
In this case the only macro you can call up is the username after they have logged in. You can call it in a welcome back message like this (placed in your HTML).
Welcome back *<?php* echo $login->username; *?>*

*Let me know how you get on please.*


----------



## marques_uk (Jun 22, 2009)

That looks pretty good Karl, am I supposed to use this with the code you provided earlier? Can you provide me with the code I need to put into my login.php page and then the code I need to put in the page I'll be protecting. I've got to much code available, I don't know whats what,lol...

Thanks in advance


----------



## karlhaywood (Jan 17, 2010)

To be honest marques_uk i can read code and tell you what it does but i haven't a clue on how to implemement it sorry from the age of 17 i have only read code never used it lol. i think this goes in the login.php

*<?php* 
//My Login Script
//Attach this to any page that requires Login
//Users and Settings
$domain_code = 'website'; //Alpha Numeric and no space
$random_num_1 = 20; //Pick a random number between 1 to 500
$random_num_2 = 565; //Pick a random number between 500 to 1000
$random_num_3 = 3; //Pick a random number between 1 to 3
//Usernames can contain alphabets, numbers, hyphens and underscore only
//Set users below - Just add " => " with the first " being
//the username and the second " after the => being the password.
//Its an array so add an , after every password except for the
//last one in the list. As shown below
//Eg. $users = array(
// 'user1' => 'password',
// 'user2' => 'password'
// );
$users = array(
'user1' => 'password',
'user2' => 'password'
);
*?>*

and this goes on every page you want to protect at the very top on 1 line
*<?php* require('_login.php'); *?>*

*Login and Logout
*You can lead users to login and logout with links to login.php and logout.php as such.
Login | Logout


----------



## marques_uk (Jun 22, 2009)

thats ok. I think there might be some code missing from this, as it will need the input fields for the username and password and then the input from these will need to be tested against the user variables saved in the array. 

I appreciate your help though.


----------



## karlhaywood (Jan 17, 2010)

ill do some research and get back to you i have a mate at work who writes php so i could get him to write something for you just hsng in there.


----------



## Squashman (Apr 4, 2003)

karlhaywood said:


> ill do some research and get back to you i have a mate at work who writes php so i could get him to write something for you just hsng in there.


Why reinvent the wheel.
http://www.hotscripts.com/category/php/scripts-programs/user-authentication/

Pick one and try it.


----------



## karlhaywood (Jan 17, 2010)

Try this tutorial if you have no joy email me tomorrow an ill get sumething wrote for you. Ill private mail you my email address.

http://www.phpfreaks.com/forums/index.php?topic=103963.0


----------



## marques_uk (Jun 22, 2009)

Thanks Karl, I've not had time to try the above script but once I get a minute I will, it looks pretty good. But if this doesnt work I'll give you an email.

Thanks again


----------



## curiousplayer (Jul 10, 2010)

Very simple one
http://mistonline.in/wp/password-protect-pages-using-javascript/


----------



## marques_uk (Jun 22, 2009)

I've decided to go with .htaccess, it works the best for my project.



Squashman said:


> Apparently with a little Javascript coding you can make a login form for .htaccess authentication. Don't have time to test it but here is the link.
> http://javascript.internet.com/navigation/htaccess-login.html


Unfortunately I wasnt able to use the script above, as internet explorer and others have improved security. I'll have to settle for the pop up box.

Oh well, better than nothing. Thanks for all your help.


----------

