This sample application implements a simple password protection scheme allowing you to password protect both HTML pages and other files. The basic principle behind this gadget is that if files are not under your "www" directory, they are not accessible to casual broswers. The only way to access them is via this Mscript gadget (which has access outside of your www directory).

Click here to view the source code.

Overview

This gadget relies on the standard "getauth" mechanism supported by almost all modern broswers (Netscape, MSIE, Lynx, etc.). When the user tries to access a protected file the web server asks for a valid username/password pair. If they have not already entered their username and password during the current "session", they will be promted by their broswer. The gadget then checks this against its password file and if it finds a match it will send out the requested file. If it does not find a match it displays an access denied message. Once they enter a successful password they will not be prompted again unless they restart their browser.

The usernames and passwords are held in a plain text file called "password.txt". You can edit this file with any text editor or even use the standard edit.html page top add, delete and change user's passwords.

By default, this gadget works out of your "ms2" directory. You will probably want to change this to another directory of your choosing. Remember that this should not be under "www" or it will defeat the password protection scheme (i.e. everyone has access to "www").