You don't really want to use JavaScript because that can be easily circumnavigated just by disabling JavaScript (something fairly easy in most non-IE browsers). Unless you're hiding fairly non-confidential stuff, I would extremely strongly recommend against it.

How many pages do you have to protect? Just one, or multiple?

--- Mr. DOS

Thank you for your response!

The login will be for a main page with links to blank forms for employees to download, so I don't think there's a need for any high security type login. So, to answer your question as far as I know there will only be one page that needs to be password protected.

Thank you!

Joy

Javascript really isn't secure at all. PHP or another server side language would be an ideal way to go about it (especially if you want control or login parameters) but for a "quick and dirty" solution, you could use .htaccess to lock down specific pages.

http://www.elated.com/articles/password-pr...-with-htaccess/

@Paul: Yeah, but that needs a username as well as a password.

@Joy: The way I'd recommend doing it would be with PHP, like this:

$password = "thepassword";
$postedpassword = $_POST["password"];
if ($_COOKIE["joypassword"] != sha1($password) && $postedpassword && $postedpassword == $password) {
    setcookie("joypassword", sha1($password), time() + 86400);
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>Joy's Website</title>
</head>
<body>
<?php

if ($_COOKIE["joypassword"] != sha1($password)) {

?>
<h1>Enter Password</h1>
<form action="thispage.php" method="post">
<fieldset>
<p>Please enter the password.</p>
<input type="password" name="password"><br>
<input type="submit" value="Log in">
</fieldset>
</form>
<?php

}
else {

?>
<h1>Protected Page</h1>
<p>Protected content goes here.</p>
<?php

}

?>
</body>
</html>

An explanation:

This sets thepassword as the page's password. Just change the bit between the quotes to change the password.

This checks to see if the cookie called joypassword already holds the (correct) password, and if it hasn't, it sets the cookie with an expiry time of one day from when it was set (the 86400 is the number of seconds in a day).

This checks the contents of joypassword again before it decides which stuff to write to the page. (Question to other coders: I could've also used a variable which was set to either true or false in the first check and indicated whether or not the user passed; would that be any faster?)

thispage.php should be changed to the filename of the page.

You should be able to make sense of the rest, I think.

Also, I can understand if you don't want to use that, and don't feel like you have to use it because I went ahead and wrote it. I've spent a whole 2 minutes on this /wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" />

--- Mr. DOS

Edit: Edited to use HTML 4.01 Transitional.

I like Mr DOS's solution - it may look a bit complicated at first but it should be fairly easy to use, and does what you asked for. Another solution I'd mention is one that would work if all of your employees were accessing the site from one location (your work location), then you could use htaccess to permit access to your work IP address without requiring a password, and ask for a username/password if they are not coming from your work ip address.

BTW, if you really, really want to do it with JavaScript, here's how (although I still don't think it's anything close to a good idea to use this):

You'll need two HTML documents. The first one, login.htm, will be the one that the user gets sent to when they click a link to access the content or whatever. It should contain something like this:

function doLogin(el) {
    window.location = document.getElementById(el).value + ".htm"
}

-->
</script>
</head>
<body>
<h1>Enter Password</h1>
<form action="">
<fieldset>
<p>Please enter the password.</p>
<input type="password" name="password" id="password"><br>
<input type="button" value="Log in" onclick="doLogin('password');">
</fieldset>
</form>
</body>
</html>

What this does is simply redirect the user to the filename of whatever they typed as the password with .htm tacked onto the end.

To add the page with the protected content in it, upload it into the same directory as login.htm (or whatever you want to call it) and give people the name of the file, minus .htm, as the password.

Keep in mind that this is extremely minimal security, etc. etc.

--- Mr. DOS