Hi -

Does anyone know of a tutorial that will help me create a simple (just enough to keep out the average surfer) password protection code with a cookie?

Here is what I want to do:

I offer downloadable image files at my website. Currently they are free to download to anyone who visits. What I would like to do, however, is password protect each file so that only subscribers to my ezine can download these files. I still want surfers to see the images available, I just don't want them to be able to download them. To keep the site user friendly I would additionally like there to be a cookie attached that allows subscribers to revisit my site and continue to download images for a set period after each previous download without having to re-enter the login/password (say a month).

Any ideas where I can find some tutorials to help me with this? Thanks for any insight and references.

AL

You do not understand how the Internet works. If they can see it, they have already downloaded it.

It has to be downloaded before they can see it. So the image is ALREADY on their computer by the time they can see it. They can then copy it by any of these methods:

- Right-click on the image and save it.

- Find the file in the cache and copy it.

- Find the file in the internet temporary files folder and copy it.

- Use ctrl-printscreen to put the image on the clipboard. Then paste it into MS-Paint.

- Switching off JavaScript in the browser prevents you from running scripts on their computers anyway.

If you don't want people copying your pictures, don't post them on a website.

You could put a thumbnail on the page, and download the full picture only if the person is logged in, but that requires a server-side script.

Hi -

Yes, I understand what you are saying. I guess I should have explained further:

The images on my web pages are thumbnails linked to PDFs. I would like to password protect the PDFs. So if someone clicks on the link they would be prompted to input a generic user id and password. Once they did this they could continue to download other PDFs for a certain period of time.

I understand that it is possible to circumvent the password by looking at the code. The majority of my visitors, however, do not understand HTML well enough to do this. If they do then they are free to circumvent this simple protective measure.

Thanks,

AL

Hi -

Yes, I understand what you are saying. I guess I should have explained further:

The images on my web pages are thumbnails linked to PDFs. I would like to password protect the PDFs. So if someone clicks on the link they would be prompted to input a generic user id and password. Once they did this they could continue to download other PDFs for a certain period of time.

I understand that it is possible to circumvent the password by looking at the code. The majority of my visitors, however, do not understand HTML well enough to do this. If they do then they are free to circumvent this simple protective measure.

Thanks,

AL

How is your ezine subscription implmented? You'll need to be able to retrieve the list of users subscribed to your ezine, and have them insert their email, and/or password before carrying on.

You'll need to use a server side to make this secure but if you're bent on just using plain old javascript then the basics are to have a list of the username and passwords, compare them, allow/deny access.

eg:

// your list of allowed usernames
var usernames = [
'joe',
'mary'
];

// prompt username, usually you use a form, or other UI but prompt() is simple
var username = prompt('Enter Your Username');

// iterate through each item in your list with the username 

var auth = false;
for (var i = 0; i < usernames.length; i++) {
if ( usernames[i] == username) {
auth = true;
break;
}
}

If (auth == true) {
alert('you have access');
} else {
alert('no access');
}

You'll have to look into attaching an event handler to the link, and having the even handler (function) call a similar routine to the one above.
Then have the event handler stop propagation of the event if the authentication fails.


--
note: I didn't add passwords since that would be compromising your users passwords, as they will be visible in the HTML source.
You wouldn't want to user emails either, since they would be open to automated email harvesting for spam purposes.

Likewise, I would recommend going with a server side script for this. To make a javascript authentication function even remotely secure will be 3 times as tricky. You understand that I can view your javascript right. Even if you have a function that redirects to another page and then back quickly, I can stop script and with several available tools, be able to view any javascript code that you have on there. And where do you intend to store the usernames and passwords, in the javascript code? It is possible, I just wouldn't recommend it.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.