In a basic HTML web page, how do you make the user have to enter a username and password before they are allowed to download a file?
What is the best way of achieving this on a website, preferably in plain HTML?
This can't be achieved in HTML.
With client side technologies, the best you are likely to be able to achieve is a JavaScript prompt that you use the data from to direct people to a secret URI.
This is something that really should be handled by the web server.
You won't be able to do this with plain HTML. Easiest way is probably to place the protected file in a directory protected by an .htaccess and .htpasswd file.
I agree with David...this can't really be done. Putting up a JavaScript prompt only protects you so far as well...that isn't really secure.
If you are on an Apache server, you could setup a .htaccess file and setup some user authorization options that point at a page which has the link to your download file. A simple implementation would give you 1 user/password combo that you could distribute to your users. The Apache documentation for this may be found here. Unfortunately I'm not really familiar with how IIS handles this sort of thing.
If you don't want to distribute a generic username/password combo to your users, you're pretty much going to be stuck creating a (or making use of an exsitng) user-management system. There are quite a few modules strewn throughout the web, and a simple Google search should bring you to quite a number of tutorials or existing implementations, depending on what you require.
first download phpmyadmin.open the file.click on create login.name it as login.php.then create a new want again name file.php.after you click yes it popout a logon information.enter the usrname you want and password you want
hope this help!
Related
Hi i have a website that i use a .htpasswd thing on to protect my directory but is there a way to make this look better?
https://prnt.sc/r3Dk5iUMOZKw
No, this is a native browser component that you cannot modify. You can build your own password protected page to access your directory but it is a whole another story.
I am trying to pass a value using a link.
For example, if I want to add an email and password for a user to Sign In straight away in the RainLoop webmail.
I am trying using
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"
or
http://demo.rainloop.net/?RainLoopEmail="new#email.com"&RainLoopPassword="12345"#ID
Is this possible to do?
It is possible but you will have to rewrite the rainloop PHP files by yourself. Also parsing passwords via the GET method is a very bad idea. Get commands will stay in your history so everyone who types in
demo.rainloop.net will see the ?RainLoopPassword="12345" also. It's not recommended, but possible. Another safer solution will be using the POST method. I suspect you will use this for you bookmarks or something? You can make an AJAX page which sends a POST request with the username and password to demo.rainloop.net. This way nobody will see your passwords and the effect is the same.
EDIT: For using an AJAX page you have to own a webserver, or register on a free hosting like http://freehostingnoads.net
I was wondering how to keep images secure on my website. We have a site that requires login then then user can view thousands of different images all named after their ID in the database.
Even though you need to login to view the images the proper way...nothing is stopping a user from browsing through the images by typing <website-director>/image-folder/11232.jpg or something.
this is not the end of the world but definitely not ideal. I see that to stop this facebook just names the images something much more complicated + stores them in hashed folders.
Gmail does a very interesting thing, their image tags looks like this:
<img src=/mail/?attid=0.1&disp=emb&view=att&th=12d7d49120a940e5>
I thought the src attribute has to contain a reference to an image??...how does gmail get around this?
This is more for educational purposes at this point, as I think this gmail scheme might be overkill for our implementation.
Thanks for your feedback in advance,
Andrew
I thought the src attribute has to contain a reference to an image?
GMail is referencing an image. It's just being pulled dynamically, probably based off of that th=12d7d49120a940e5 string.
Try browsing to http://mail.google.com/mail/?attid=0.1&disp=emb&view=att&th=12d7d49120a940e5
Instead of it being a direct path to its location on the server's filesystem, it uses a dynamic script (the images may even be in a database, who knows).
Besides serving up an image dynamically from your webapp, it's also possible to use a webapp to dynamically authorize access to static resources that the webserver will serve -- commonly by putting the files somewhere that the webserver has access to, but not mapped to any public URI, and then using something like X-Sendfile (lighttpd, Apache with mod_sendfile, others), X-Accel-Redirect (nginx), X-Reproxy-File (Perlbal), etc. etc. Or with FastCGI you can configure an application in a FastCGI "authorizer" role rather than a content provider.
Any of these will let you check the image being authorized, and the user's session, and make whatever decision you need to, without tying up a proceses of your backend application for the entire time that the image is being sent to the client. It's not universally true, but usually a connection to the backend app represents a lot more resources being reserved than a connection to the webserver, so freeing them up ASAP is smart.
The code that runs after this GET request is issued:
/mail/?attid=0.1&disp=emb&view=att&th=12d7d49120a940e5
outputs an image to the browser. Something doesn't have to be named with a .jpg or .png or whatever ending to be considered an image by a browser. This is how captcha algorithms are able to serve up different images depending on a value in the id. For example, this link:
http://www.google.com/recaptcha/api/image?c=03AHJ_VusfT0XgPXYUae-4RQX2qJ98iyf_N-LjX3sAwm2tv1cxWGe8pkNqGghQKBbRjM9wQpI1lFM-gJnK0Q8G3Nirwkec-nY8Jqtl9rwEvVZ2EoPlwZrmjkHT7SM32cCE8PLYXWMpEOZr5Uo6cIXz1mWFsz5Qad1iwA
Serves up this image:
So the answer really is to just obfuscate your image names/links a bit like Facebook does so that people can't easily guess them.
I have a new client who asked me to make 2 websites and no payment so far!
I have the ftp accounts, but he can always close my access and leave me without pay.
Can I upload the CSS to another server of mine and encrypt the link to CSS file?
If yes, can I restrict peoples to see the file if they find the URL to CSS file?
Thank you!
If they are his hosting accounts, then accessing them to tamper with the code for the purpose of disabling his sites without his authorisation is probably illegal.
If he hasn't paid you, you own the copyright. If he refuses to pay you, file a DMCA complaint with his hosting company.
Technological measures like this are futile and unprofessional. Next time use a contract.
This is simple. Same scenario happened to me, and what I did was added an new index.html which was an under-construction page, and renamed the original index.php as index_to_be.php.
I then added a redirection using htaccess to the new index.html.
The client contacted me straight away and paid up in no time.
If you don't know how to use htaccess, you can simply add a header location value to the top php page.
header("location:index.html");
The best way to do this is to create a simple PHP file that allows you to access, edit and delete files on the server. You can also search for a ready made lightweight ftp script. Place the PHP file somewhere on the server nested in other folders and name it something like temp.php. Now even if the client blocked you access to the server, you can still access, edit and delete files on the server by pointing your URL to temp.php. When you get paid, be kind enough to remove the file. Don't forget to password protect it.
In your PHP file you can use opendir() to read files from a directory, and unlink() to delete files. If all you want to do is be able to delete files, then the script will not take you more then a minute to create.
UPDATE
You can use the following lightweight ftp script that will let you view, edit delete files and also give you the option to password protect it. http://sourceforge.net/projects/pafm/
You could remove the style sheet from the client's site, upload it to one of your servers and embed it from there:
<link rel="stylesheet" href="http://your.server/styles.css">
however, you will not be able to seriously obfuscate this. One idea that comes to mind is to add a huge number of spaces before the "link" tag to hide it in the source code view.
<link rel="stylesheet".....>
You could also lazy load it using jQuery, but that would disable the style sheet for users who have JavaScript turned off - mostly a no-go.
In the end, no matter what you do, all this will be trivially easy to circumvent. There is no way to reliably keep control over the site in the scenario you describe. Like #thirtydot says, the best thing to do is to send a screenshot instead.
This is probably like trying to kill a fly with a ICBM but...
You could always use a JavaScript to add the link element to the DOM, and run the JavaScript code through a JS obfusticator.
But still, that's hackish, and overkill, and ways you can get the link anyway.
I am trying to create a homepage, which includes hyperlink.
For example, after clicking sth called file1.txt, I should be directed to text file. However, before the file is to be displayed, a box should be popped up asking username and password. Can you tell me how to do it? Thanks.
With plain HTML? You can't.
The simplest way is to use HTTP Basic Auth. The specifics of which depends on the web server software you use. e.g. for Apache: http://httpd.apache.org/docs/2.2/howto/auth.html