educational

Password Protection Using JavaScript

Stephen Yagielowicz

Sometimes you may wish to allow friends, sponsors, and other visitors who are not "members" to enter your protected member's area without having to 'join' your site. While most pay sites can easily setup 'guest accounts,' AVS sites (among others) are not as fortunate. Here's an easy solution with many intriguing possibilities:

Whether you want to allow a sponsor or content provider access to your protected content area for program compliance verification, or a reviewer to evaluate your design, or you just want to give your friends free porn, there are many times when having a 'reasonably' secure gateway can come in handy. I have used this simple method in the past for all of the above reasons, as well as to protect 'under construction' or 'Beta' areas of my projects, as well as online 'admin' and 'stats' areas within my various operations.

Builders of AVS sites are one group of Adult Webmasters who will doubtless see the value of this approach, since they usually have only one 'master password' and may be quite reluctant to reveal it for any of the above purposes, as it usually gives the user access to your AVS stats and admin functions, plus a level of 'involvement' that is the rough equivalent of 'sysadmins' doling out 'root' access to everyone: Since many Adult Webmasters do not implement .htaccess-based directory protection, simply handing out the member's area URL is by far the easiest option, but making a more attractive and professional looking 'guest pass' page is a much better approach.

The Problem (and Solution) when Using JavaScript
While JavaScript based security implementations are at best 'limited' in their efficiency, there are times when they pose the best option, and if done correctly, can provide a major stumbling block for would-be intruders. Many if not most of the implementations that I have seen embedded the password within the script itself, and used a simple comparison of the entered value with the embedded value to allow or deny access. The main problem with this approach is that a simple 'view source' will reveal the gateway page's underlying HTML, including the password itself.

My approach does not include the password within any of the HTML code, and it even allows for multiple passwords that will provide access to different pages. How? The code takes the entered value, and tacks on a file extension (like '.htm' '.html' or '.php' etc.) before redirecting the visitor to the specified page. Flexible and cunning, the use of 'real' passwords for page names such as "a0032P.html" rather than "members.html" will add a tremendous level of enhanced security to this approach, since any 'guessed' name will result in access to pages with that name.

The possibilities are many, the code, simple:

HTML HEAD

SCRIPT language="JavaScript"

!--- JavaScript Gateway

function gateway() {

var password = document.gate.password.value;
var location=password + ".html";
this.location.href = location;

}

// JavaScript Gateway ---

/SCRIPT

/HEAD BODY

FORMname="gate" TABLE align=center border=0 TR
TD INPUT type="password" name="password" size=20 /TD
TD INPUT type="button" value="ENTER" name="enter" onclick="gateway()" /TD
/TR /TABLE /FORM

/BODY /HTML There are many interesting uses for this script, and a little experimentation can go a long way.

Realize that any 'wrong' (or failed) entries will generate a '404' error, and so you should always include an .htaccess redirect based on this. You should also be aware that since this client-side approach does require JavaScript to be enabled on the visitor's end, not everyone will be able to use it (although the vast majority will). There are many interesting uses for this script, and a little experimentation can go a long way.

Sure, this type of approach could also be easily (and more robustly) done using php, but not all ISPs (and especially not all free hosts) support this server-side technology, and the way I did it is an easy method for anyone to implement. If you have any questions or comments on the use or abuse of this script, then click on the link below: ~ Stephen

More Articles

educational

S2S Postbacks: Getting Ad Stats in 1 Place

Juicy Jay ·
opinion

Tips to Master Customer Subscription Retention

Cathy Beardsley ·
opinion

A Primer on How to Integrate Paysite Processing

Jonathan Corona ·
educational

Trademark Ruling a Victory for Adult Products, Services

Marc Randazza ·
profile

Q&A: Rich Girls CEO Cristina Enriches Cam Models

Alejandro Freixes ·
profile

Q&A: LiviaChoice Embraces Grand Camming Destiny

Alejandro Freixes ·
opinion

Refined Protocols Reduce STI Risks for Performers

Eric Paul Leue ·
educational

Camming 101: Establish Boundaries to Keep the Fantasy Alive

Steve Hamilton ·
profile

Nikki Night Forges Cam Model Excellence

Alejandro Freixes ·
educational

Ethical Camming Inspires a Cultural Revolution

Mia Saldarriaga ·
Show More