The Steel Guitar Forum

Does anyone know how to password protect a web page? Our band has a web page and I would like to add a page that only the band members can access. Some of our band members live as far as 150 miles apart and long distance phone charges apply. A page designed to give each member a look at what songs will be on next weeks rehearsal session and other private messages could easily be accessed free since we all have internet access. I would just like to password protect that page. Anyone know a code for this?
P.S. Before you ask, yes I have thought about the e-mail route but instead of trying to remember or keep up with everyone's e-mail address, I'd rather edit the page when needed and let the other members be responsible for checking the page.

------------------
Gaylon's Homepage
www.geocities.com/nashville/1064
The Tyler Wails Band
www.geocities.com/tylerwails
<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Gaylon Mathews on 16 July 2000 at 06:54 PM.]</p></FONT>

There's definately a way to do what you want, pay sites do it all the time, but I don't know how, maybe some sort of java script or something. I do have another idea though.
Make the URL to the page you want for members only, something only they know. As an example, www.myband.com/qbajdiufriovj111.html.
the odds of anyone else ever finding it are remote, and as an added security mesure, you could change it every so often, maybe once a month.
Hope this helps.

Rick has a great idea. That would be an easy way to do it. Better than trying to add the necessary code to have them put in a password.

Gaylon, it's easy with Earthlink. The web space and ability to password protect it come with your account. Check http://help.earthlink.net/websupport/member/restrict.html for details. This page automagically generates .htaccess and .htpasswd files that you then place in the directory of the web site (or page) you wish to protect. Part of the .htaccess file would look something like this (replace the ()'s with <>'s)

AuthName RestrictedArea
AuthType Basic
AuthUserFile /www.myfiles.whatever (supply file name for passwords and usernames, which is encrypted)

(Limit GET POST)
require valid-user
(/Limit)

(Limit PUT DELETE)
deny from all
(/Limit)

Whatever the Earthlink generator spits out appears to work fine for me. There must be some encryption scheme for the usernames though which I can't help you with, I just use the generator page.

By the looks of it, it's all based on standard HTML that all browsers know what to do with...<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Dave Horch on 17 July 2000 at 01:36 PM.]</p></FONT>

Try this link for password protection scripts:
http://cgi.resourceindex.com/Programs_and_Scripts/Perl/Password_Protection/

John Fabian

Unless you implement it from the server side, there isn't a foolproof way to offer password protection.

Rick's solution won't work unless you also create a dummy index page or unless directory access is restricted by the server. It's elementary to scan your site and return a list of all the files and directories.

Dave's idea is better because this is the way the server itself determines access privileges. However, this script is for a UNIX server (Solaris in this case) and won't work without modification on NT because Microsoft (surprise!) implements htaccess differently. You'll need to find out which platform your server uses.

John's solution <FONT SIZE="-2">(Hi John...)</FONT> is much better but requires that your server 1) allows you access to the CGI-BIN directory and 2) accepts third-party scripts.

The only client-side things you can try are Javascripts, as Rick suggested. Here are two, but there are many others available.

This one offers rudimentary encryption, while this one bumps the user out after three incorrect tries.

Be aware that any of these solutions other than the htaccess method are fairly easy to hack and will only deter the casual user. They should be fine for the purpose Gaylon intended but are grossly inadequate for protecting confidential information.

Regards,
Jeff

I would just call my ISP and ask how they suggest it be done. It is their server and they have the authority to load server-side scripts. But they may already have something in place -- never hurts to ask.

Just a thought

LTB