Hello @rwimmer check if this what you need.
Go to this page : ANCARI and click on “Tabela de Preços” then it will ask for a password.
If is this what you need I can put here the code.
Pealco, that solution has no value whatsoever - for two reasons.
- The correct password “password” is in the source code for the page - anyone can see it.
- It’s easy to work out what is being protected.
I would NEVER advise anyone to use this technique because you might imagine you are protecting something, but you are not.
Sorry.
1 Like
I know what you mean @pauland, but that script is not for something important, is just a simple “not secure” way to make a barrier.
But you can check in the same page, in other place a secure way to protect a page: ANCARI then choose any “Ficha Técnica”.
Check if is what you need.
@Pealco, yes indeed, but if someone is not familiar with the technology, they may easily think that your first solution using javascript is secure. I have real problems with people wanting to secure a web page or anything else and being offered a method that makes them think the resource is secured, when it is not.
@rwimmer - by all means use the method that Pealco has suggested, it will fool only very naive web users. Anyone with a very basic understanding of how web pages work will still be able to get access to the resource.
@Pealco, your second method - which is secure - uses a server-side method to protect the asset (you’ve probably password-protected the pdf directory).
@rwimmer - the second method doesn’t involve blocsapp at all - it relies on configuring the web host to password-protect a directory and the assets (pdfs) in the directory are then protected. Blocsapp just links to the files. That is secure.
@rwimmer thats exactly how @pauland explains.
@pauland what you explain about the pdf folder is exactly how I made it, protect the folder and create user and password verification in the server side for that folder.
What about the situation such as a private members section of a website where you want to restrict access only to members each with their own unique combination of email addresses and passwords? This probably would also require a database in some form or another to store each members info.
Does anyone know of a script or a way I could do this?
Depends on how many members. You can easily put the email/password pairs in a text file (or even define the array in the script itself), but if you have LOTS of different users walking the array is gonna be slower than an SQL query.
But here is what such a script would look like:
<?php
// define users and their passwords below
$LOGIN_INFO = array(
'scott' => 'scottPassword',
'norm' => 'normPassword'
);
define('USE_USERNAME', true);
// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 0);
// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', true);
// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
if(!function_exists('showLogin')) {
// show login form
function showLogin($error_msg) {
?>
<html>
<head>
<title>Please enter password to access this page</title>
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</head>
<body>
<style>
input { border: 1px solid black; }
</style>
<div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
<form method="post">
<h3>Please enter password to access this page</h3>
<font color="red"><?php echo $error_msg; ?></font><br />
<?php if (USE_USERNAME) echo 'Login:<br /><input type="input" name="access_login" /><br />Password:<br />'; ?>
<input type="password" name="access_password" /><p></p><input type="submit" name="Submit" value="Submit" />
</form>
<br />
</div>
</body>
</html>
<?php
// stop at this point
die();
}
}
// user provided password
if (isset($_POST['access_password'])) {
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
$pass = $_POST['access_password'];
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFO)
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFO) || $LOGIN_INFO[$login] != $pass ) )
) {
showLogin("Incorrect password.");
}
else {
// set cookie if password was validated
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
}
}
else {
// check if password cookie is set
if (!isset($_COOKIE['verify'])) {
showLogin("");
}
// check if cookie is good
$found = false;
foreach($LOGIN_INFO as $key=>$val) {
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
if ($_COOKIE['verify'] == md5($lp)) {
$found = true;
// prolong timeout
if (TIMEOUT_CHECK_ACTIVITY) {
setcookie("verify", md5($lp), $timeout, '/');
}
break;
}
}
if (!$found) {
showLogin("");
}
}
?>
2 Likes
Thanks a lot, ScottinPollock, very impressive.
I’ll take a good look at this - its for less than 200 members.
I wish I had (better) programming skills but your extensive comments will help enormously.
Barry
Thank you for all the suggestions. A viewable password in the source code I don’t think is good idea to implement. The Godaddy host allows directories to secure with a username/password access, which for a first approach might be sufficient and I had it working.
@ScottinPollock examples is great and very helpful. I am not there yet and might implement a php approach later on.
This is great Scott, I’m hoping to spend some time with the code you send over this week and get something built into V2.5 for this.
1 Like
Should be a walk in the park to crawl those on submission, so just add them to the array in the PHP script. If you don’t need an automated transaction to add and delete members that would be the simplest way to go.
Thanks, Scott, and it would be really great to get something like this built into future version, Norm, it’s something rarely addressed but often needed.
Blocs App just keeps getting better and better!
1 Like
Stumbled upon this, did not yet look into it. Might be useful.
Hi Norm,
Has this been implemented in 2.5 ?
Thanks and keep up with the good work.
Cheers
Phil
2 Likes
Has the password protection been implemented for Blocs yet? Thanks and best wishes, Dan
Hello I would like to implement this login that you have, could you share the code to do so? It’s what I’m looking for
Hello i am not programmer, could you explain to me how to use it?
i want to have hidden section of webpage only for crew with internal, but not TOP TOP SECRET information, i would like to hide them from public but they are not any crucial.
they will have some manuals, links for clock in clock out etc…
You can also check Sitelok from Buy Membership Software and Systems Online UK | Vibralogix
I have been using it and it works at least for me like a charm with Blocs.
@ScottinPollock I basically used you example script and it works well except it does not set the cookies. I have done some more looking but can’t get it to set the cookies.
I did find what I think the issue is. See the following post.
Can you offer any help how the get this working with cookies?
Thanks for the script example and any additional help you could provide.