In this article I am going to explain you the various ways to protect a webpage or a directory from Web bots and casual visitors. Please note that this is not for protecting credit card information pages or any valuable information.
The three ways are:
⦁ Client-side protection with JavaScript
⦁ Server-side protection with PHP codes
⦁ Htaccess protection of directories through htpasswd
Client-side protection with JavaScript
On the page you want to protect you can just write a simple JavaScript:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Password Protected page</title>
<script type="text/javascript">
var s ="";
while (s!= "mypassword")
{
s=prompt("please enter your password");
if (s=="mypassword")
{
window.location.href="correct.html"; //page to redirect if password entered is correct
}
else
{
alert("Incorrect password-Try again");
}
}
</script>
</head>
<body>
</body>
</html>
Save the code above as default.html or index.html on your website and redirect to the page you want to password-protect if the password is entered correctly. The main disadvantage of this is that the password is easily visible. You can save the Javascript as a separate file and include it the HTML but anyone can easily view the Javascript file.
The best way is a server-side check so it’s not easily visible.
Server-side protection with username and password using PHP codes
Server-side, you can write a simple form page with a username and password. You can even store the username and passwords in the database and retrieve them to check when the login form is posted for successful login.
Login.php
<?
// db connection string
$conn=mysql_pconnect($dbhost,$dbuser,$dbpass);
if(!@$conn) {
echo "<h1>Unable to Establish Connection to the Server</h1><hr noshade size=2 color=#000000>";
exit();
}
$db_sel=mysql_select_db($dbname,$conn);
if(!@$db_sel) {
echo "<h1>Unable to Connect to the Database</h1><hr noshade size=2 color=#000000>";
exit();
}
// Submit button click
$uname = $_POST['uname'];
$pass = $_POST['pass'];
if(isset($_REQUEST['submit']))
{
$sign=mysql_query("select * from ".ADMINLOGIN." where username='$uname' and password='$pass'");
$no=mysql_num_rows($sign);
//if username and password matches
if($no==1)
{
$_SESSION['logkey']=signedup;
$_SESSION['adminname']=$uname;
$logintimes=mktime();
$ipaddress=$_SERVER['REMOTE_ADDR'];
// redirect to the password protected page
echo "<meta http-equiv='refresh' content='0;url=home.php'>";
exit();
}
Else{ // if username password entered is wrong
Echo “invalid password”;
}
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100" height="43" align="left" valign="top" style="padding-left:20px"><span class="style3"> User Name :</span></td>
<td width="118" align="left" valign="top"><input type="text" name="uname" value="<?=$uname;?>" class="style3" size="18"/></td>
</tr>
<tr>
<td align="left" valign="top" class="style3" style="padding-left:20px"> Password :</td>
<td align="left" valign="top"><input type="password" name="pass" class="style3" size="18"/></td>
</tr>
<tr>
<td height="37" colspan="2" align="center" valign="top"><table border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100"> </td>
<td width="118" height="37" align="center" valign="middle">
<input type="submit" name="submit" value="Login" class="button" /> </td>
</tr>
</table></td>
</tr>
</table>
Protection of Web directories using htaccess and htpasswd
This is a method used in Apache servers to protect Web directories provided your shared hosting allows htaccess. Open a notepad or any text editor and save the code below as .htaccess.
AuthName "My Secured Area”
AuthType Basic
AuthUserFile /path/to/your/directory/.htpasswd
require valid-user
Then you can create any number of username passwords needed and store them as an htpasswd file in the location not easily accessible by users in the Web space. Htpasswd files can be easily generated with online htpassword generation tools.
Upload the .htaccess to your Web root or the directory you wanted to protect, save the htpasswd in an area not easily accessible by users, and you're done. Whenever you access your website it will prompt a login.
Wordpress protection
Wordpress admin by default provides options to password-protect a page. In the visibility section on the right side, you have the option to password-protect a page and enter the password needed for protection and publish your page. That’s it!
I hope you find this article useful.