.htaccess Login with URL Hex Encryption Javascript::

Run Script | View Script

***NOTICE (2006-01-10): The developer assumes no liability with this resource and it is provided as is. This script is referred to as a "security development" because it can provide some minimal level of security. While it does seem to be an effective elementary form of security the developer does not claim that it is an impenetrable solution and thus the developer does not recommend implementing it for the protection of highly sensitive data.

***NOTICE (2005-02-08): Due to an update of Microsoft Internet Explorer this script may not function properly if at all in said browser. This update has removed support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs which the .htaccess Login with URL Hex Encryption Javascript utilizes. Additional information can be accessed at http://support.microsoft.com/default.aspx?scid=kb;[LN];834489 . As of the date of this notice this problem has only effected Microsoft Internet Explorer versions with these updates. Archreality is currently working on modifications to this script.

What is the .htaccess Login with URL Hex Encryption Javascript:?

The .htaccess Login with URL Hex Encryption Javascript: is an advanced level security script and an embedded .htaccess login box script with URL Hex Encryption to hide the user's password in the address bar from prying eyes. It also has form verification as an added feature. It's source was based on FTP Server Login (by Reinout Verkerk) and htaccess Login (by Gordon Hudson) before it was modified with URL Hex Encryption and Form Verification by Jonathan Feaster. The script's actual password protection rely's on .htaccess password protection and not Javascript therefore you must setup .htaccess password protection to utilize this script.

What is .htaccess and how do I set it up?

Here's a great article by Howard Richman that helps answer these questions.

I've got .htaccess password protection set up. Now how do I utilize the .htaccess Login with URL Hex Encryption Javascript:?

First, to install this script copy and paste the following code into the <head> of your HTML document (There is no need to modify this part of the script and doing so could prevent it from running correctly.):

<SCRIPT LANGUAGE="JavaScript"> <!-- Original: Jonathan Feaster (support@archreality.com) --> <!-- Web Site: http://www.archreality.com/ --> <!-- Based on: FTP Server Login (Reinout Verkerk) and htaccess Login (Gordon Hudson) --> <!-- Begin function Login(form) { var username = form.username.value; var password = form.password.value; var server = form.server.value; letters = "abcdefghijklmnopqrstuvwxyz/.1234567890~_:"; encrypt = new Array( "%61","%62","%63","%64","%65","%66", "%67","%68","%69","%6a","%6b","%6c", "%6d","%6e","%6f","%70","%71","%72", "%73","%74","%75","%76","%77","%78", "%79","%7a","/","." ,"%31","%32","%33","%34","%35","%36","%37","%38", "%39","%30","~","_","!",":"); var input = password; encpass = ""; for(var count = 0; count < input.length; count++) { daChar = input.charAt(count); for (i = 0; i < letters.length; i++) { if (daChar == letters.charAt(i)) { encpass += encrypt[i]; break; } } } if (username == "" && password == "") { alert("Enter your Username and Password!"); login.username.focus(); return false; } if (username == "") { alert("Enter your Username!"); login.username.focus(); return false; } if (password == "") { alert("Enter your Password!"); login.password.focus(); return false; } else { var htsite = "http://" + username + ":" + encpass + "@" + server; window.location.href = htsite; } } // End --> </script>

Second, you'll need to place and modify for your needs the following code into the <body> of your HTML document:

<div align="center"> <table width="335" border="0" cellpadding="0"> <form name="login" action=""> <input type="hidden" name="server" value="www.archreality.com/hexl/prot/"> <tr> <td> <div align="center"> Username: <input type=text name="username" size=20 > </div> </td> </tr> <tr> <td> <div align="center">Password: <input type=password name="password" size=20> </div> </td> </tr> <tr> <td> <div align="center"> <input type=button value="Login" onClick="Login(this.form)" name="button"> </div> </td> </tr> </form> </table> </div>

Finally, you'll just need to modify the form field (If you’ve never used forms before you can view a tutorial at http://www.w3schools.com/html/html_forms.asp) input tag named "server" and change it's value to the URL of the .htaccess password protected directory (minus the http://) on your server. Example:

<input type="hidden" name="server" value="www.yourdomain.com/protecteddirectory/" >

And that's all there is to it!

Can I get the complete Source code for .htaccess Login with URL Hex Encryption royalty free and use it?

You got it. All I ask is to give credit where it's due.

Jonathan Feaster
Archreality Design
http://www.archreality.com/

Complete Source code for .htaccess Login with URL Hex Encryption:

<HTML> <!-- TWO STEPS TO INSTALL .htaccess Login with URL Hex Encryption: 1. Copy the coding into the HEAD of your HTML document 2. Add the last code into the BODY of your HTML document --> <!-- STEP ONE: Paste this code into the HEAD of your HTML document --> <HEAD> <TITLE>.htaccess Login with URL Hex Encryption</TITLE> <SCRIPT LANGUAGE="JavaScript"> <!-- Original: Jonathan Feaster (support@archreality.com) --> <!-- Web Site: http://www.archreality.com/ --> <!-- Based on: FTP Server Login (Reinout Verkerk) and htaccess Login (Gordon Hudson) --> <!-- Begin function Login(form) { var username = form.username.value; var password = form.password.value; var server = form.server.value; letters = "abcdefghijklmnopqrstuvwxyz/.1234567890~_:"; encrypt = new Array( "%61","%62","%63","%64","%65","%66", "%67","%68","%69","%6a","%6b","%6c", "%6d","%6e","%6f","%70","%71","%72", "%73","%74","%75","%76","%77","%78", "%79","%7a","/","." ,"%31","%32","%33","%34","%35","%36","%37","%38", "%39","%30","~","_","!",":"); var input = password; encpass = ""; for(var count = 0; count < input.length; count++) { daChar = input.charAt(count); for (i = 0; i < letters.length; i++) { if (daChar == letters.charAt(i)) { encpass += encrypt[i]; break; } } } if (username == "" && password == "") { alert("Enter your Username and Password!"); login.username.focus(); return false; } if (username == "") { alert("Enter your Username!"); login.username.focus(); return false; } if (password == "") { alert("Enter your Password!"); login.password.focus(); return false; } else { var htsite = "http://" + username + ":" + encpass + "@" + server; window.location.href = htsite; } } // End --> </script> </HEAD> <!-- STEP TWO: Copy this code into the BODY of your HTML document --> <BODY OnLoad="document.login.username.focus();" scroll="auto"> <!-- The hidden form field "server" needs to be the address of your password protected directory. --> <div align="center"> <table width="100%" height="100%" border="0" cellpadding="0"> <tr> <td> <div align="center"> <table width="335" border="0" cellpadding="0"> <form name="login" action=""> <input type="hidden" name="server" value="www.archreality.com/hexl/prot/"> <tr> <td> <div align="center"> Username: <input type=text name="username" value="username" size=20 > </div> </td> </tr> <tr> <td> <div align="center">Password: <input type=password name="password" value="password" size=20> </div> </td> </tr> <tr> <td> <div align="center"> <input type=button value="Login" onClick="Login(this.form)" name="button"> </div> </td> </tr> </form> </table> </div> </td> </tr> </table> </div> </BODY> </HTML>