What is the best way I can add a username and password script for certain parts of my page? I don't know much about cgi scripts and all the javascripts I've seen for it have the password in the html source.

Hi Robin,

Your question could conceivably cover a lot of ground. It's possible my comments below answer the wrong question (that is, speak to a problem different than what you actually are experiencing), therefore.

I am doing what you want to do by making membership (to my site, not the forum) a requirement to access the database of home pages on my site. But to do this, I purchased a membership/subscription handling web application called aMember (www.amember.com) that cost $140. I'll bet you don't want a commercial solution, however.

aMember is primarily intended to protect whole pages (through redirects, I think) and entire directories. I had to adapt things a little because I needed to protect portions of pages.

One problem that has to be solved in your situation is how to pass data from one page to another as a user browses your website. This doesn't happen naturally with HTML pages, for technical reasons. The data you want to pass from page to page is not necessarily user name + password, but just the fact that he or she is successfully logged in. That often would be represented programmatically as "0" for not logged in and "1" for logged in.

Usual methods for passing data like this from one page to the next include using "hidden fields" in forms (more below), "session variables" and cookies. To protect pages and entire directories, one could also use something called ".htaccess" files, about which I know little. I mention them here, however, because it's one way aMember works to protect pages and entire directories.

An example of using hidden fields in forms would look like this:

On page 1:

<form name="name_of_form" method="post" action="page_to_jump_to.html">

...

Other real (visible) form fields here, as needed

...

<input type="hidden" name="name_of_field" value = "some_value">
</form>

On subsequent pages:

<form name="name_of_form" method="post" action="page_to_jump_to.html">

...

Other real (visible) form fields here, as needed

...

<input type="hidden" name="name_of_field" value = "VARIABLE_CONTAINING_VALUE_STORED_IN_name_of_field">
</form>

Note that you have to dynamically populate the value attribute of the hidden form field on subsequent pages, as shown, or this exercise is pointless.

Various programming languages provide different ways to pass data from a form on to the next page, but typically the data (both hidden and user-entered) would be automatically stored in variables.


For my website, I use session variables to pass from one page to the next the user's logged in (or not) status.


In PHP, you "echo" content you want displayed in a browser, e.g.,

<?php
echo "Hello world.";
?>


or,


<?php if ($name_of_field == 1) {

echo "Here is some plain old -- but very special -- HTML that only logged in members get to see.";

}

?>


(The same functionality can be accomplished using JavaScript, of course.)



but what I love about PHP is that you can mix PHP code with plain old HTML, e.g.,


<?php if ($name_of_field == 1) { ?> // I've opened and closed the PHP code here

Here is some plain old -- but very special -- HTML that only logged in members get to see.

<?php } ?> // I've opened and closed the PHP code here


or, if you prefer:


<?php if ($name_of_field == 1) { ?> // I've opened and closed the PHP code here

Here is some plain old -- but very special -- HTML that only logged in members get to see.

<?php } else { ?> // I've opened and closed the PHP code here

"Sorry -- this feature is only available to logged in users."

<?php } ?> // I've opened and closed the PHP code here


So that's how I would handle showing or not showing parts of pages, at least -- depending upon whether the visitor is logged in or not.

I'll leave it to members with more programming knowledge than I have to fill in the details, but I wanted to at least get a conversation going here now just to ensure I understand your question correctly. And it's possible I didn't.

You may only be interested, for example, in the logging in process. But that begs the question of how do you intend to store user names and passwords? Generally that's done with a backend database such as mySQL. Then, in simplest terms, logging in would be just a matter of enabling the user to search the database for his or her user name and password. If such a record is found in the database, then you set the value of a variable or cookie to "1". If not, the variable or cookie has no value or is set to a value of "0".

Sincerely,

David Gillaspey
President
Great Church Websites

Hi David..

Thanks for your response. I just needed a simple password script that would take a visitor to a certain page that knew the password. I don't know much about programming so I needed something very simple and basic. I did find a simple solution to my problem though. I have a Flash program and I found some tutorials that shows me how to write a swf file that will fit my needs. After the visitor enters the correct password, it takes them to an html page I want them to go to. It's not 100% secure but it's a lot more secure than having it made out in javascript.

Hi Robin,

Great! I'm glad you found a solution. Do you mind sharing with others on the forum where you found it (the URL, I mean)? Other people might have a need in the future to do the same thing.

Sincerely,

David Gillaspey
President
Great Church Websites

Hi David..

Here is the url I found some tutorials. It's on the Flashkit website...which by the way is an excellent site for beginners and advance users of Flash.


http://www.flashkit.com/search.php?term=password&per=10&cat=tutorials&page=1&x=40&y=14

Thanks David..you are doing a great job!

If you're running an Apache server, this is handled through the .htaccess file. Instructions appear at http://httpd.apache.org/docs/howto/htaccess.html#auth.

I don't know how to do this on IIS.

To find out what your site is running, either ask your hosting provider or visit http://www.netcraft.com/whats.

Of course, some hosting providers offer this functionality through the control panel. Ask them how to access it.