This password technique is not high security. Anyone with access to the browser cache or browser history, or able to look over your shoulder, or with a network sniffer will be able to see the pages. However, for some low-security purposes, this password will be just fine.
This example shows you how to "password protect" some subdirectory of your web site. Look at the source code for details.
Hi! Guess the magic word, and you get to go someplace cool.
or click here to give the passwordThe idea behind this code is fairly simple. By assigning to window.location, the JavaScript code takes you to a particular file within a subdirectory (a relative pathname), but the name of the subdirectory is given by the user via a prompt. Therefore, to get into the subdirectory, the user has to know its name. If you name it some non-obvious thing, the name of the subdirectory becomes its own password: only someone who knows its name will be able to see it.
The event handler returns "false" to tell the browser "don't do what clicking on a hyperlink usually does." That's because we don't want the browser to go the URL "#" but instead to the one we create.
Note that for this to work, users can't have any other way of finding out the name of the subdirectory. In particular, they can't be able to look at a directory list of the current directory. We haven't disabled that feature in this directory, so you can look around to see if you can figure out which is the secret directory. Happy hunting!
You can defeat this directory listing method by having an index.html file in the directory that you don't want listed, since the web server only gives directory listings if that file doesn't exist.