![]() quick server pages |
Password-protectionHere's a method for setting up password-protection for certain pages.1) Build a page that uses a <input type=password> field. 2) Submit this to a target page that compares the entered value with the current password, and if they match, sets a cookie to the value of the password, like this: #if @inpw = @ADMINPW #+ Set-Cookie ABC_ADMIN .... #endifThe cookie can be made to expire at the end of the user's browser session by not specifiying Set-Cookie's Expires: attribute. 3) The current password can be defined in your config file: varvalue: ADMINPW=flibby 4) Then for each page you wish to restrict access to, near the top, put something like this: #cookie ABC_ADMIN #if @inpw != @ABC_ADMIN <h2>Access denied.</h2> #exit #endif REMOTE_HOST or REMOTE_ADDRYou can get the user's REMOTE_HOST or REMOTE_ADDR and compare it against a known list to enforce restricted access. The user's REMOTE_HOST also serves well as a SHSQL identity (used for record locking and identification on transaction logs).#set USER = $getenv( "REMOTE_HOST" ) #if @USER in fred@abc.com,george@abc.com #+ Set-Cookie .... #endif #sql identity @USER Markup created by unroff 1.0, April 12, 2004. |