I am trying to make a part of my website where it will ask the user for a password in a prompt box, then allow access to the hidden content when the password is correct. I want to hide my password somewhere in my apache2 server; somewhere so that I can't just go to the javascript file containing the password in the URL bar, such as [mywebsite]/password.js . I tried doing
SetEnv PASSWORD password123
in my website configuration file for example, then in my javascript file linked to my HTML file I wrote the following code:
function check() {
var password = process.env.PASSWORD;
var str = prompt("Enter the correct password to continue: ");
if (str != password) {
check();
}
document.getElementById("visible").style.visibility = "visible";
}
However, when I load the website it loads but with the content still hidden. How can I hide the password in my server so that I could access it in my javascript file directly? Is there maybe a better way to do this? I should note that everything worked properly before trying to hide the password.
First off, process.env is not accessible from within a browser context. process.env is a nodejs variable. It will only exist in a nodejs-like environment. javascript in the browser does not run nodejs.
The simplest solution is to prevent access to the page using apache directly:
You would need to generate an .htpasswd file.
In your apache configuration, you would add something like this:
<Directory "/path/to/password/protected/folder">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /path/to/htpasswd
Require valid-user
</Directory>
Here's a complete guide for how to setup a password protected folder in apache:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.