Password Forms Options

[Spit]

I am making a website and i have full knollege of html, css, javascript, java, C, C++ and PHP, but I never actually tried or even bothered witha password form to protect a website. like. Just a form that have one and only one password.

So i want to declare one passowrd, and have the submit button lead to the next page.

How would i do that? can anyone please help me?

[Darin McGrew]

Do you mean <input type="password" ...> ?

See INPUT - Form Input in our HTML 4 reference.

[Spit]

well. what i mean is somehting like this.


<form action="mywebsite.com" method="post"><input type="password" name="password"><br /><br /><input type="submit" value="submit"></form>

But how do i declare a password for it?

[pandy]

The essential part is action="..." that should lead to a server-side script that can handle the process. See this FAQ:
http://www.htmlhelp.com/faq/html/publish.html#password
If you run Apache and don't need something as fancy as a form you could go with Apache's basic authentication, which pops up a box where you enter id/pw.
http://httpd.apache.org/docs/1.3/mod/mod_auth.html
http://www.google.com/search?q=Apache+basic+authentication
On other servers I don't know, but I guess they should have similar functions.

[Christian J]

You do it different depending on if the user enters the password through HTTP authentication (usually a popup box appears) or in a HTML form on a web page. To use HTTP authentication, see pandys links.

I don't know if/how you can use HTTP authentication from a form on a web page. Instead, if you use a form the ACTION attribute points to a server-side script that creates different content on a page depending on if the user submitted a correct password or not. Make sure you use METHOD=POST and not GET in the FORM, so the password is not sent completely visible as part of the query string (but even with POST the password is sent unencrypted). The submitted password is compared with one specified in the server-side script. Make sure the script itself cannot be viewed by users, this is especially important if a list of valid password combinations are saved in a separate text file that's included by the script. Such a text file is best kept in a directory above the web root, and may also be encypted.

If you use a password form and want it to affect several pages you might use cookies to identify the user, so he doesn't have to log in manually for every page.

[Spit]

Well here's what I am doing.

Since I am learning some things *dont want to reveal to much* I am making a support website for newbies like me. So i am gonna have people help me write tuts later.

But if you have ever been to http://www.hackthissite.org then you might have tried the basic web cahllenges. Well All I want is a form like the one on the first cahllenge.

Does that explain more of what i am looking for?

and i will look at those links given.