doumianfeng5065 2015-06-10 07:26 采纳率: 0%
浏览 35
已采纳

网站访问由密码保护

I am trying to create a password protected website. Here I want to do if a user first time visit to my website then need to insert password to access my website. First time they entered the password they can freely access my website.

This is how I do it using javascript and php:

<?php if($page == 'index'): ?>
    <script language="Javascript">
            //prompt.
            var password;
            var correctPass = "123456"; 
            password = prompt("Enter in the password:","");

            if(password == correctPass) {
                    alert('click OK to view this site');
            } else {
                    window.location = "http://google.com"
            } 
            //->
    </script>               
<?php endif; ?>

This is working but my problem is if user go to the index page again they need to insert the password.

can anybody tell me how I fix this issue. Thank you.

  • 写回答

3条回答 默认 最新

  • dtkmejg127475 2015-06-10 07:31
    关注

    Do not do this in JavaScript. Anyone can look at your source code and see the password. Do the password check in PHP instead. Then use $_SESSION variables to save the state while they are on your site. You may also want to use $_COOKIE variables for long term access, but just $_SESSION by itself is generally preferred in most cases for password access.

    An alternate way to do it is with your web server. For example, if you are using Apache you can create a .htaccess file at the root of your website to ask for a name and password. That way you don't even need to code anything.

    To do the second option, create a file called .htaccess in the root of your web directory. In the file put this in:

    AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /opt/passwords/.htpasswd
Require valid-user

    (where /opt/passwords is a directory location outside of your web directory. It can be anywhere you want, you just want to make sure it is not anywhere within your web directory (otherwise it will be available for public viewing)).

    In that directory, create a file called .htpasswd. This file will simply take a username and encrypted password. This page will allow you to create your name with password encryption: http://www.htaccesstools.com/htpasswd-generator/ . Just paste that into your .htpasswd file.

    With that said, any password you use can be intercepted if you are only using http and not https, but setting up https is a bit difficult if you haven't done it before.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值