This multi-user password protection script truly encrypts all data. Every
script I have seen so far either does not use encryption (Just view source
to break in :), or only uses a psuedo-encrypter (10 minutes, and your in :).
This script does a fairly complex one way encryption on the user name,
password, and destination page. (Of course, the inherent problem with all
javascript based security is that if they can guess the destination page,
they can get in.)
To test the script, enter a username and password in the protected page box.
Three sample users are setup for your clicking pleasure:
user: kriskris
pwd: kris
|
user: lydlyd
pwd: lyd
|
user: bob
pwd: fred
|
Depending on where you are viewing this page, the sample correct and incorrect
links may or may not be valid, but you should at least see the results.
To use this script, copy the entire contents of this page. Use the
encrypter form to assign a unique ulr and password (case sensitive) to
each user. (Of course all users can be assigned the same ulr, but it
must be entered for each.) For a really secure page, use a destination
page with an unguessable name, and place it in an odd subdirectory name
(like ./abgdfdfsd/apgacvkjdf.html). Press the encrypt button to recieve
an encrypted number for each user.
Place only the username/password form on your restricted area entry page, and
the entire javascript section. (Alternatively, use this same page, delete
the instructions, and comment out the encrypter form. Paste the generated
numbers for each user in the definition of es at the beginning of the script
near the top of this page. Also, if you want to, change the destination
page right below es (default is wrongpas.html). Then your done.
|