cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

protected directories

I am creating a website and need a "members only" section. I have protected a directory so that when you try and access it a log-in dialog box pops up. 

 

Now here is what I want

 

I have created a log-in form with a user name and password field. I want to pass that info on to the system so that it uses my page to validate user, not the pop-up box.

 

Ho do I do that?

 

=w=

 

PS

I am a designer, not a coder, so if this is a stupid simple thing, please forgive my ignorance.

5 REPLIES 5
Advocate V Advocate V
Advocate V

Re: protected directories

I remember struggling with this about 10 years ago and not finding a workable solution.  You can construct a form that redirects using a URL of the form http://username:password@yoursite.com/protected_dir but that opens you up to all kinds of security problems.  Files in a protected directory are more for you and your team than for public consumption.  It's a way for you to store documents and files in a way that gives you access to them from anywhere, kind of like Dropbox.

The most common way to do this is to use a server side language like PHP to create a session and then have a bit of script at the top of each page that checks the session to ensure the user is authorized.

This is a multi-step process.  It requires a login page to display a form to gather a username and password.  Often, the same page can be used to check the user credentials, usually against a list contained in a database so that each user can have their own username and password.  A successful match results in a session variable being created that indicates to subsequent pages that a user has been validated.  Then, each page with protected content has a bit of script at the top that checks to make sure the session variable is set and the user has been validated and redirects to the login page if they have not been logged in.

The alternatives are to get a membership software like aMember or make do with the ugly popup.  I've used aMember for a number of sites and find them to be very secure.  The learning curve is not too onerous and they have pretty good support to get you up and running.  I have also made the login pages and session variables which are infinitely more customizable but might be difficult for someone not conversant with the server side language.

Here is a simple authorization page with a hardwired username and password.

 

<?php
session_start();
if ((isset($_POST['username']))&&(!empty($_POST['username']))) {
	if ((isset($_POST['password']))&&(!empty($_POST['password']))) {
		if (($_POST['username']=='letmeinletmein')&&($_POST['password']=='okayokay')) {
			$_SESSION['auth'] = 'authorized';
		} else {
			$_SESSION['auth'] = '';
		}
	}
}
?>
<doctype html>
<head>
<title>Presidential Race Control Center</title>
<link rel="stylesheet" type="text/css" href="css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="css/bootstrap-theme.css">
<script type="text/javascript" src="js/jquery-1.10.2.js"></script>
<script type="text/javascript" src="js/bootstrap.js"></script>
</head>
<body>
<?php
if ($_SESSION['auth'] != 'authorized') {
?>
<div class="container">
	<div class="col-lg-5"></div>
	<div class="col-lg-2">
		<form method="post">
			<input class="form-control" name="username" placeholder="User Name">
			<input class="form-control" type="password" name="password" placeholder="Password">
			<input type="submit" class="btn btn-block" value="Log Me In!">
		</form>
	</div>
	<div class="col-lg-5"></div>
</div>
<?php
} else {
?>
...Protected Content
<?php
}
?>

A proper system is much more involved with calls to a database after encrypting the password, matching the username and encrypted password, branching to handle failed logins, tracking failed logins to prevent brute force attacks and a system to reset forgotten passwords.  To me, this is all good, clean fun but to someone without a decade of experience with PHP, maybe a membership system is a better call.

Keep on Coding!
Mark Cicchetti - There are 10 kinds of people... those who understand binary and those who don't.

Re: protected directories

I have a basic Godaddy website builder account I need a page where I can hold my wholesale prices and have some of my customers view them. I see your code for  username and password. If I plug that in to a page and it comes up where would that take them once they sign in? I want most of my pages public with exception to the pricing page. 

Employee
Employee

Re: protected directories

Hello @graphix!

 

Welcome to the community! Currently our Website Builder does not offer the ability to password protect any pages. It's not possible to script a password requirement into the builder at this time either. Sorry about that!

 

Heather - GoDaddy | Community Moderator
24/7 support available at x.co/247support

Re: protected directories

Thank you for this information.  After having found many many references on how to password protect pages (including GoDaddy's help) I finally found this paragraph at the end of such a thread.  I appreciate your having provided this information:  Currently, our Website Builder does not offer the ability to password protect any pages. It's not possible to script a password requirement into the builder at this time either. Sorry about that!" but mourn the time I spent finding this out.  Again, thank you for what you do, I just wish this tidbit was a bit more available.  (I realize that this isn't your doing but it doesn't reflect the level of service I have come to expect from GoDaddy.)

-john

 

Re: protected directories

Why does GoDaddy help tell me I can when it isn't an option then? There doesn't seem to be a "password protection" page.

https://www.godaddy.com/help/adding-password-protection-2993