I have a page that I would like to password protect. This page should be accessible if the user hits the URL http://www.webpage.com/page.php It will be emailed to the user along with a verification code.
I have most of the page written with jQuery. I would like to know how I can prevent access to the page without a proper password. After the user has entered proper password and has verified it will then display the content.
I tried doing something with jQuery dialog, and hiding the content then showing it after verification, however the user can view the content if they view the source of the page.
How should I go about doing so?
I’m just trying to avoid creating a new page. I guess I will have to use sessions.
You need to do the validation that they are using (the right) password in PHP and only then actually output the content to them. If they don’t have the password, tying to hide it from visibility is a no-win scenario.
Commonly, Session variables are used for this. The verification script checks the user login/password and it it is accepted, assigns a session variable to the user.
Then in your actual code (for the secret page) you check against this session variable and if it is there, you go ahead and display the content to the user, if it isn’t matched, you either display an error message or redirect the user off to another page through a
header().