I already read this question and this question.
I was planning to make this
I am working on static html(s) with lots of HTML and files like this:
In order to create an "enter the site, write down the given password", I need to create a different .html.
If the user entered the password correctly, they will be redirected to the main site (on this case, they will be redirected to here.html) and if the password is wrong, the user will stay on the same page until they write a correct password.
How to make that function/password page?
I want the user unable to dig out by the source to find out the password.
It will be just simple password.
If you want to keep the password secret, then you cannot give it to the browser (since anything you give to the browser, you give to the user).
This means that you must check the password using server side code.
The closest you could come without using server side code would be to make the password part of the URL. If the wrong password was entered, the user would go to the wrong URL and get a 404 error.
Related
description
here is my problem :
I've used to add basic auth in my docker container successfully ,and I open my website page ,and input the basic auth's name and password correctly,so the next time when I open my site ,for a long time I don't need to reinput them again .that's cool ,cause I konw the browser will remember sth for me.
now i removed the basic auth in my Nginx configure file ,and restart the server ,and I want to check if the change effects ,but when I open my site this time ,still no need to input name and password , but I am not sure if it's the configure change effects well or the browser has already remember the authorization for ,so I want to remove or delete the already exist authorization in my browser .
of course I can find other device that has never been sign in before to check ,but I am curious about how the browser remember or store the name and password or authorization that has already been inputed,and if I can delete this things manually .
So the user clicks on a link that prompts the user for a password. If password is correct, the next page is opened. How would I go about doing that. I know that its <form><input type = "password".....> but how do I make it so that the password field appears if you click on the link. This is what I have so far:
<li><h3>Education</h3></li>
My SJSU Transcript
Also how do I set the password and check to see if the user enters the correct password.
Edit: Unfortunately it all has to be done in html. The password is static.
There is a better solution using only HTML & Javascript though it's not simple. You would need to:
encrypt the contents of the HTML file.
Ask user for password
Use password to decrypt and serve HTML file
Here is an implementation source code & live demo.
In any web page,We can see the password in this manner:
Inspect the element using firebug.
Go to textbox (where anyone can type the password) in firebug.
Change the type of input box from password to text.
Now you can see the password.
How to prevent this?
There is no concern of safety there. As it won't save it on the server, and it will only be for him that he can see the password. It should be alright to see you're own password right?
There is no way to do this. If you are concerned about someone seeing the password later by doing this first off note that your users should be smart enough and almost every application uses this. If you are really paranoid you could log the keystrokes showing no password or create your own display of some sort, which would make it a little harder to view such information but any knowledgible attacker could find out the password with full access.
I am trying to pass a value using a link.
For example, if I want to add an email and password for a user to Sign In straight away in the RainLoop webmail.
I am trying using
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"
or
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"#ID
Is this possible to do?
It is possible but you will have to rewrite the rainloop PHP files by yourself. Also parsing passwords via the GET method is a very bad idea. Get commands will stay in your history so everyone who types in
demo.rainloop.net will see the ?RainLoopPassword="12345" also. It's not recommended, but possible. Another safer solution will be using the POST method. I suspect you will use this for you bookmarks or something? You can make an AJAX page which sends a POST request with the username and password to demo.rainloop.net. This way nobody will see your passwords and the effect is the same.
EDIT: For using an AJAX page you have to own a webserver, or register on a free hosting like http://freehostingnoads.net
What I'm trying is that if someone logs into my website, I want the file configPage.html not to be accessible directly (from www.mydomain.com/configPage.html), but I want it to be accessible if had passed from login.html before.
I have to say that is my first web page so don't blame me if I'm trying something that makes no sense ;).
Thank you.
If you dont need some one to access your configPage.html then create a login page and then redirect to configPage.html. And if some one manually try to enter the file name in the brower , you can check the session variable set or not . If not you can make page to redirect to your login page.