Posted by RobElliott on 20 Dec 2010 20:21, last edited by TruthFinder007 on 13 May 2016 20:01
Tags: password protect secure
What we are trying to achieve
We often get asked whether it is possible to password protect a page or a category. Using Wikidot syntax this is not currently possible. You can of course create private categories and we also have the SUO snippet. But there might be times when you want some visitors only to view a page or you want to hide a page from a casual visitor and private categories or the SUO are not possible. In this case it is possible to a achieve a very basic password system using an html codeblock and javascript.
Warning!
If a user knows the pagename you are trying to protect then he or she will be able to navigate directly to it from their browser address bar. So you might want to consider setting the permissions in Site Manager for your system category so that only admins can view pages in the category. This will prevent someone going to the protected page from system:list-all-pages or system:recent-changes. It is also possible to get to the password via the browser's View Source option - if you do not use the Password Verification Server from James (the the last header of this page).
Test It
For this test the username is guest. The password is inverness. If the login is correct you will be taken to the protected page. There is a link on that page to return to this page.
How to do this
On a public page (not the page you are protecting) add an html codeblock and the code shown below.
You should change the
if (username=="guest" && password=="inverness") {
to whatever username and password you wish to use on your site.
You should also change the button text from "Click to login to Protected Page" to whatever text is appropriate for you.
You can limit the access to just specific members of your site by adding extra usernames, and also different passwords for each user if necessary.
[[html]]
<head>
<script language="javascript">
function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
// Add usernames and password(s)-->
if (username=="guest" && password=="inverness") {
loggedin=true;
window.open('/protected:page');
}
// if you want to name specific users add the following code for each one, for example-->
if (username=="robelliott" && password=="inverness") {
loggedin=true;
window.open('/protected:page');
}
// If login incorrect -->
if (loggedin==false) {
alert("Sorry, invalid login");
}
}
</script>
</head>
<body>
<form><input type=button value="Click to login to Protected Page" onClick="LogIn()"></form>
</body>
[[/html]]
Comment
Do please note that this provides only very basic protection but might be useful when you can't use private categories and want to stop casual visitors (and site members if necessary) from viewing a page.
Author
RobElliott. Please visit his/her userPage.
Rate this solution
If you think this solution is useful, please increase the rating.
Another way: Password Verification Server
James Kanjo has build a "Password Verification Server" Site (Application), which does the same , but in a more "secure" way:
What is the first name of user "Gabrys" (in lower-case letters)?
(if you know it - key it in and after the success message you will be transferred to the protected:page)
Related articles
Comments
Must a visitor be logged in with a Wikidot account to be able to see the page? For example, I want someone who doesn't have Wikidot account to see this page. Is it enough to give him just a username and a password?
If slaughterhouses had glass walls, everyone would be vegan. - Paul McCartney
This trick that Rob made is a redirect to a page that can only be reached if you know the URL. So it is not hidden, there is just no link on any page in the website that would bring you to that "hidden" page.
No you don't need to have a wikidot account… you could have tested this yourself by trying what rob made, but sign out first.
But if you wish to give somebody access to this page… you could better mail him the URL that would be much easier.
Also keep in mind that the page will popup in a google-search… so this is really no good way to protect something. But it is a barrier to users with no or not much internet knowledge.
So to answer your question: Does someone need a wikidot account to use this tool Rob made…
It depends on the site. If the tool is on a page of a site that requires you to be a member of the site (so a closed site) then off course this does not work. If your site is open then it will work. But remember if people can access the wikidot-source or the THML-source of your page… they will see the html block and the javascript and they could figure out the password…
A - S I M P L E - P L A N by ARTiZEN a startingpoint for simple wikidot solutions.
No, Brunhilda, for this version of password protection everybody with the knowledge of the username and password used in the html block can see the protected page..(but onyl if it is in a category , which is normally viewaable and not protected by the "non-public" category - permissions - whioch needs a special status too…)
Question is only - how does you potect the html-source code from viewing ? ( not showing the page option buttons?)
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
It only provides very weak protection but might just deter a casual browser.
Rob Elliott - Strathpeffer, Scotland - Wikidot first line support & community admin team.
Hm, I still don't understand. If anyone can access it, then why the username and the code? If it is better to send the actual url, then, why the username and the password? It is nice, but I don't understand the purpose… :( Rob, you say, a very weak protection, but, in what way, if anyone can access it?
I ask this, because I thought I might use it to show the pages in the private category of my site to the people who are not Wikidot members. I thought this might enable this so they don't have to open the account or become members of the site. Is it possible with this?
If slaughterhouses had glass walls, everyone would be vegan. - Paul McCartney
As I said in my previous post, it is only intended to deter the casual browser from seeing a page or someone who might not think to - or know how to - look up the html source. It is not a proper password system and is not intended to be one.
Rob Elliott - Strathpeffer, Scotland - Wikidot first line support & community admin team.
Exact this is not possible!
Any page of a private site or private category cannot be shown to non-members o wikidot.
Or you use the trick to show the private pages in an open - but very good hidden - page.. as Rob does thuis here and use a trick to get the %%content%% of such pages in a hidden but public page.
But this counterstrikes the private cateories in some way…
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
Hm… But… What's the point of this then? :(
But why? It would give the special access to a private page under the condition of having the correct username and password. I don't see how this can counterstrike the private categories… It is completely the same as a Wikidot account and a membership in the given site, but instead of making someone to open the account etc. you give him the special access to a page that is normally hidden.
This occurred to me because I wanted to make my CV private, but that possible employers can access by using the username and the pasword I would give them in an e-mail when applying for a job…
If slaughterhouses had glass walls, everyone would be vegan. - Paul McCartney
I would make a private site ( CV is atypical one) with a "guest-member"
I have a second email adress with my wikidot user :
"helmutis_guest" (with a password i send to my friends I want to show them my site..)
They have to make login with it and than they are allowed to view all I have allowed themn to see ( this user id is a member of my private site with only read access).
This is better I think - you can later always change your password of this guest-user..
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
Indeed make a fake-user-account that you give access to the private-category and if you wish to invite someone to see the pages of the private-category… email him/her the username and password of the fake-user… I this way Wikidot has yet another (Fake)user… up to the million :-)
A - S I M P L E - P L A N by ARTiZEN a startingpoint for simple wikidot solutions.
Hm, I have to think about it. It still looks to me pretty complicated for someone who is not familiar with Wikidot…
Thanks, anyway for all your comments. I really appreciate it… :)
If slaughterhouses had glass walls, everyone would be vegan. - Paul McCartney
Hi Rob,
I've just launched something very similar to this: the Password Verification Server. It's essentially a “secure” model of this howto. Secure in that the password is not stored in the HTML source code, and cannot be discovered — nor can you reveal the redirect page or the alert message in the HTML source code.
Looks good, but how Can I insert these
into my own (public , bzt closed ) site?
Edit: Sorry, the last point I have overseen!
the include :csi:password key=20..... !!
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
Hi James - this looks really good!
Question: who can change this ( my password, the tilte) ?
( I have forgotten the page name.. I could only find it over my last activities…)
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
Oh good, my attempt was very insecure as I said on the how-to. This will of course be much better and I'll make use of it later today. Thanks.
Rob Elliott - Strathpeffer, Scotland - Wikidot first line support & community admin team.
Hi Rob,
I have inserted my last try with this Pasword Verification "Server" as the last point into ypour howto…
Hope this is OK?
- and the page name was p:6 on the pasword site…
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
I'm trying to break it… so far can't find a way :)
~ Leiger - Wikidot Community Admin - Volunteer
Wikidot: Official Documentation | Wikidot Discord server | NEW: Wikiroo, backup tool (in development)
Holy… That is crazy amazing! Nice work!
@leiger
If you can crack the key generator, or find the original algorithm, it might be theoretically possible. But even then, all I would have to do is hide the key using Wikidot's hidden categories.
EDIT: You know what, we really need a way or place in which we can gather all of these handy sites, going all the way back to the Calendar to this one. I would hate it for people not to use these things simply because they never knew it was an option.
Timothy Foster - @tfAuroratide
Auroratide.com - Go here if you're nerdy like me
Interesting, but if the protected page is still o your public wiki, isn't it then be accessible if you know ht direct url (eg. from the "system:list-all-pages" or "system:recent-changes" pages?
You can see this argument on the page near the top … as a notice.
I would use "private categories" to protect specific pages for admins or members only.
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?
I agree, perhaps somewhere here on the community site with a menu item for "tools" or similar?
Rob Elliott - Strathpeffer, Scotland - Wikidot first line support & community admin team.
Probably a top bar menu or something seems good. Or a separate page if the menu gets too long or confused, and then have a direct link to that page.
Timothy Foster - @tfAuroratide
Auroratide.com - Go here if you're nerdy like me
http://blog.wikidot.com/main:index - Main Index - in former time we had an own Main Index page (not with lot of tags) as an CSI Include of the blog-main:indexof this , later the menu was changed to a direct link to that blog. page).
Missing is here the new "password" site and the CSS - playground I think
… or are more sites missing? (STE ?)
What is with that OWN page here on the community - for storing lot of tags and searchable full text information - with a short explanation what every site can offer on application or help…?
Service is my success. My webtips:www.blender.org (Open source), Wikidot-Handbook.
Sie können fragen und mitwirken in der deutschsprachigen » User-Gemeinschaft für WikidotNutzer oder
im deutschen » Wikidot Handbuch ?