Password protecting/registering?

mahamageehad

Hi

I'm working on a website for a friend at the minute, pretty basic, it's my first. Using HTML,CSS,Javascript.

He would like to have 3 pages on the site that you have to sign in to see. It's very specialised information and he'd like to know who is looking at these pages-name and emaiil address.

What do ye think is the best way to do this? I'm not sure if i need to create some sort of username password system, which sounds too complex anyway, or have a pop up alert asking for the information, or lead them to a seperate page to fill in a form before they can continue.

And if it's an alert or a form, will they have to fill it in every time they want to see the blocked 3 pages?

Any advice appreciated.

km991148

You would definately need something serverside to get this working to any decent level..

You would have a user system that would allow users to register/login, then on each request for the 'hidden' pages perform authentication/authorization (usa spelling as that will prob yield more on google!) checks;

For this you will need some programming..

What is the purpose of the website? is it anything 'proper' or just a test/muck around?

techguy

I'm actually working on a very simple user registration/login/home/admin site using CodeIgniter MVC PHP framework at the moment.

This would be ideal for you as you can simple change the "View" to your current website layout.

Let me know if you are interested in it..

daymobrew

mahamageehad wrote: »

He would like to have 3 pages on the site that you have to sign in to see. It's very specialised information and he'd like to know who is looking at these pages-name and emaiil address.

Unless this information is not available anywhere else, hiding the information like this is a sure fire way to discourage visitors to the site.

Webmonkey

You mean some members area....

If using apache you could simply create a sub folder and place htaccess file to request login.

If using PHP, it's quite simple...not sure how far you want to go with it.

techguy

Webmonkey wrote: »

You mean some members area....

If using apache you could simply create a sub folder and place htaccess file to request login.

If using PHP, it's quite simple...not sure how far you want to go with it.

Good idea, I never even thought of .htacces for that.

I think he want's to be able to track what users use what info too.

Webmonkey

techguy wrote: »

Good idea, I never even thought of .htacces for that.

I think he want's to be able to track what users use what info too.

I see, but you can access the user logged in , in php

[php]$_SERVER["REMOTE_USER"][/php]

You could have a counter then on each page to keep track, store the data in DB etc...

techguy

Cool, thanks had forgotten about that also.

I only ever played around with $_SERVER once and had forgotten about it..

I suppose that and a function coupled with it to append a newly registered user to the .htpasswd file would do the job.

Would that be more secure than a pure PHP solution?

mahamageehad

Its not intended as a way of discouraging visitors. Its very specialized information to deal with cell counts in dairy farming that most people would know nothing about. It would only be for about 3 pages of information. The idea is that anyone who views the information has a problem with cell count ie. potential customer.

Its a bit of a dilemma because it seems a little overboard to go messing with code to make a log in situation and the target market really wouldn't be big in signing up to things like that I think. But then again of someone is asked for their info everytime they try to access the site it would be very off putting. Hmmm i'll have a look into some of the ideas mentioned here.

Webmonkey

mahamageehad wrote: »

Its a bit of a dilemma because it seems a little overboard to go messing with code to make a log in situation and the target market really wouldn't be big in signing up to things like that I think. But then again of someone is asked for their info everytime they try to access the site it would be very off putting. Hmmm i'll have a look into some of the ideas mentioned here.

Does he really need to actually track people? - I think htaccess is the simplest way of securing an area of site *if* you are using Apache server. More than likely you are if you hosting it on a web host.

It's quite simple really..

All you need to do is create a folder in your site like site.com/securearea, then in that folder on upload, via FTP a .htaccess file such as:

AuthUserFile /root/path/to/file/.htpasswd
AuthName "My Secure Area"
AuthGroupFile /dev/null
AuthType Basic
require valid-user

Then you need to upload a .htpasswd file somewhere and give the path in the AuthUserFile var. The htaccess file is the following format:

user:encryptedpassword
user2:anotherencryptedpass

To encrypt use something like: http://home.flash.net/cgi-bin/pw.pl

Anytime someone points the browser to site.com/securearea, they will be prompted with a login box to log in. It's secure enough for what you want I believe.

I think this is the simplest way, also you can access the logged in user via PHP with code above if you do need to track a person etc.

NeverSayDie

mahamageehad wrote: »

Its not intended as a way of discouraging visitors. Its very specialized information to deal with cell counts in dairy farming that most people would know nothing about. It would only be for about 3 pages of information. The idea is that anyone who views the information has a problem with cell count ie. potential customer.

Its a bit of a dilemma because it seems a little overboard to go messing with code to make a log in situation and the target market really wouldn't be big in signing up to things like that I think. But then again of someone is asked for their info everytime they try to access the site it would be very off putting. Hmmm i'll have a look into some of the ideas mentioned here.

Technical details aside, I'd very strongly emphasise the problems raised in that last paragraph. Forcing folks to login to access information is usually only done when you have to, for security, privacy or commercial (ie charging for it) reasons. Doing it when you don't absolutely have to is going to raise a barrier to entry that will cripple your engagement with the users, and likely reduce your page views from relevant users a great deal below what it could be. The demographics are also not in your favour - dairy farmers as a group are probably going to be less au fait with the web, its use and navigation than say, college students or boards.ie users.

Better options involve tracking folks in the more conventional manner - which is a pretty well-addressed problem (google "web analytics" for info on that) - and providing an optional feedback/"contact us"/"register your interest" facility or survey to harvest details from folks who want to provide them. You can make that fairly aggressive if you want using popups, prominent highlighted links, persuasive copy, etc, which should get you a fair bit of feedback from genuinely interested folks.

Unless you need to restrict this info, want to charge for it, or want to provide added-value stuff like user profiles/saved searches/social facilities, etc, I'd strongly advise against erecting walls around it. Stick a guest book, suggestion box and a surveillance camera by the open front door instead.

The other major problem with blocking access to this info is that almost no one will ever find it in the first place, because Google won't be able to log in either.

km991148

NeverSayDie wrote: »

The other major problem with blocking access to this info is that almost no one will ever find it in the first place, because Google won't be able to log in either.

unless you do what expertSexChange and other dodgy pay for forum type places do and allow google in meaning you get all for free via googles cache