How would I password protect an entire site without using htaccess/htpasswd? I'm doing a website for a friend of mine that has a wholesale business and he wants a page that has directions on how to get a username and password for the site(prompts for the users name, address, phone number, and business license # and to contact him for it. ), and a login pass box on the page somewhere. He doesnt want his competition seeing his product.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Password protecting entire site???
- Thread starter SiDiuS
- Start date
HorsePunchKid
[H]ard|Gawd
- Joined
- Nov 6, 2003
- Messages
- 1,414
It would probably help us give suggestions if you told us why using Apache's Basic authentication is impossible. It's certainly the most obvious solution. If you're not using Apache, I imagine your web server still has Basic auth capabilities. What kind of server environment is it, anyway? Can you use PHP or something similar? Do you have access to a database (MySQL or the like) in which you can make new tables?
PHP or other server-side scripting is what you'll want if not basic auth.
Here's code in a nutshell:
Login itself is a basic user/password cross-reference with some form of database (even a text file that doesn't allow external access is fine). I recommend, at a minimum, using a nonce + MD5 hashing in Javascript to secure the login, though SSL is preferable if available.
Here's code in a nutshell:
Code:
<?php
if(!isset($_SESSION["user"])) // not logged in
{ ?>
Put your login / request access code here.
Once login is confirmed, set $_SESSION["user"]
<?php }
else
{ ?>
Logged in, put your info here.
<?php } ?>Login itself is a basic user/password cross-reference with some form of database (even a text file that doesn't allow external access is fine). I recommend, at a minimum, using a nonce + MD5 hashing in Javascript to secure the login, though SSL is preferable if available.
btownfreak
n00b
- Joined
- Jan 12, 2005
- Messages
- 12
yeah, with the php, you can just have your code on one file .. lets say .. "keepout.php", and on every website, you just need a one liner
<?PHP require_once("keepout.php") ?>
and it will include that code on your page.
catch is you might need a server that process .html as php files also.
<?PHP require_once("keepout.php") ?>
and it will include that code on your page.
catch is you might need a server that process .html as php files also.
That can always be added by .htaccess if necessary.btownfreak said:catch is you might need a server that process .html as php files also.