Private directory
 

Is it possible to code a login system in HTML for a private directory? If so, could you be so kind as to give me some tips to get started? I have a free server and there is no PHP support, so I cannot do it in PHP. (That, and I don't know PHP :p ) I read about how you could configure a private directory if the server was running Apache, but I'm not sure if the free server runs it or not. I just want to have a little box pop up that requires a username and password, so that I can show personal stuff to the people I want and not the strangers that visit my site on a regular basis.

Thank you. :)

This would be good. I wish I knew more about web design. Couldn't you use html forms???

You can use HTML forms and JavaScript. Do a quick google search, it's pretty easy. It's not the most secure way to do it, but with no PHP, and for your purpose it should do just fine.

HTML is just a means to an end. Applying any restrictions to access of files would involve configuring an .htaccess / .htpasswd file in Apache, or generating the page with a server-side language. Of course you could make the login system in HTML, but you'd still need a server-side language to handle the authentication and return the private folder/files.

If your server doesn't allow PHP, then I don't think you could do it. Unless it's apache, some other popular webserver, or you have access to some other server-side language.

The best thing to do would be to check the FAQ for your hosting provider. Chances are they have the functionality to set three digit restriction codes on files/folders somewhere.

If your server is running Apache, you can use a .htaccess file to password protect a directory. However, it is highly likely that your host has disabled .htaccess files for the same reason their server does not run PHP (Either for security reasons or because they want you to upgrade to a paid plan with access to such features.) A google query similar to password protect directory apache .htaccess should be sufficient.

@King: JavaScript should never be used for security. You can easily bypass it 99% of the time by looking at the page's source or disabling JavaScript in your browser, and the rest of the time it just takes a little more work.

Thanks all for the input. Sane, I checked the FAQ (it's Bellsouth who is the host, btw), and they say nothing about restricting access to a directory in their free web hosting. Of course, if you upgraded to their $29.99 a month hosting plan, you'd get all that and a bag of chips. Sadly, I DON'T have $29.99 a month, therefore, I can't afford it. But that's off topic. One day I will get a cheap hosting plan from 1&1 or somewheres like that.

I'll see if I can figure out what type of server Bellsouth is running the free web pages on.

King, your way sounds the easiest to implement, but as titaniumdecoy said, it could be easily bypassed. Too bad. :p

I forget how I did it, but I had it setup where there wasn't a way to view the source, and if you disabled JavaScript it still wouldn't allow you to view the restricted page. There would still be ways around it, but for your purpose it might work alright. I think I still have the script; I'll take a closer look at it tonight.

I'm having a hard time believing that

You cannot prevent anyone from grabbing your page other than to prevent the server from responding. This somehow seems to be a mystery to people, but any code can perform the acts performed by a browser. The browser has to grab the info before it can render. If a browser can, I can. You may resort to encryption, but if any ol' client can negotiate that, there you have it.

There is another thread here about the same claims. The OP put up a link he 'couldn't crack' because of script and disabling of the right mouse button. I responded by posting the info from the page. A cursory study of http and the client/server paradigm would go a long way towards dispelling these myths.

Like I said above it wasn’t overly secure. I think what I did was when you click on the link to go to the restricted page, it would bring you to a page where it had a pop-up box come up for the username and password, and wouldn’t allow you to click on the actual browser window to get the source; if you entered in the right password it would flow to the restricted page, if you didn’t it would go back to the previous page. That way you can’t see the page source that does the password checking. I never actually used this because I ended up making a PHP script. Like I said there are lots of ways around it, but I did think I had it so the obvious ways of getting the page source was eliminated… but maybe not.