网站访问由密码保护 [英] Website access protect by password

问题描述

我正在尝试创建一个受密码保护的网站。在这里我想做的是，如果用户第一次访问我的网站然后需要插入密码来访问我的网站。他们第一次输入密码时可以自由访问我的网站。

I am trying to create a password protected website. Here I want to do if a user first time visit to my website then need to insert password to access my website. First time they entered the password they can freely access my website.

这是我使用 javascript 和 php ：

<?php if($page == 'index'): ?>
    <script language="Javascript">
            //prompt.
            var password;
            var correctPass = "123456"; 
            password = prompt("Enter in the password:","");

            if(password == correctPass) {
                    alert('click OK to view this site');
            } else {
                    window.location = "http://google.com"
            } 
            //->
    </script>               
<?php endif; ?>

这是有效但我的问题是如果用户再次进入索引页面他们需要插入密码。

This is working but my problem is if user go to the index page again they need to insert the password.

任何人都可以告诉我如何解决这个问题。
谢谢。

can anybody tell me how I fix this issue. Thank you.

推荐答案

请勿在JavaScript中执行此操作。任何人都可以查看您的源代码并查看密码。用PHP检查密码。然后使用 $ _ SESSION 变量来保存您网站上的状态。您可能还想使用 $ _ COOKIE 变量进行长期访问，但只需 $ _ SESSION 本身通常是首选大多数密码访问案例。

Do not do this in JavaScript. Anyone can look at your source code and see the password. Do the password check in PHP instead. Then use $_SESSION variables to save the state while they are on your site. You may also want to use $_COOKIE variables for long term access, but just $_SESSION by itself is generally preferred in most cases for password access.

另一种方法是使用您的Web服务器。例如，如果您使用的是Apache，则可以在网站的根目录中创建 .htaccess 文件，以获取名称和密码。这样你甚至不需要编写任何代码。

An alternate way to do it is with your web server. For example, if you are using Apache you can create a .htaccess file at the root of your website to ask for a name and password. That way you don't even need to code anything.

要执行第二个选项，请在web目录的根目录中创建一个名为.htaccess的文件。在文件中放入：

To do the second option, create a file called .htaccess in the root of your web directory. In the file put this in:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /opt/passwords/.htpasswd
Require valid-user

（其中/ opt / passwords是a您的网站目录之外的目录位置。它可以在您想要的任何地方，您只是想确保它不在您的网络目录中的任何位置（否则它将可供公众查看））。

(where /opt/passwords is a directory location outside of your web directory. It can be anywhere you want, you just want to make sure it is not anywhere within your web directory (otherwise it will be available for public viewing)).

在该目录中，创建一个名为.htpasswd的文件。此文件将只使用用户名和加密密码。此页面允许您使用密码加密创建您的名称： http://www.htaccesstools.com/htpasswd - 发电机/ 。只需将其粘贴到.htpasswd文件中即可。

In that directory, create a file called .htpasswd. This file will simply take a username and encrypted password. This page will allow you to create your name with password encryption: http://www.htaccesstools.com/htpasswd-generator/ . Just paste that into your .htpasswd file.

如上所述，如果您只使用http而非https，则可以拦截您使用的任何密码，但设置https是如果你以前没有这样做有点困难。

With that said, any password you use can be intercepted if you are only using http and not https, but setting up https is a bit difficult if you haven't done it before.

这篇关于网站访问由密码保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！