.htaccess Login with URL Hex Encryption Javascript

***NOTICE (2006-01-10): The developer assumes no liability with this resource
and it is provided as is. This script is referred to as a “security development”
because it can provide some minimal level of security. While it does seem to
be an effective elementary form of security the developer does not claim that
it is an impenetrable solution and thus the developer does not recommend implementing
it for the protection of highly sensitive data.

***NOTICE (2005-02-08): Due to an update of Microsoft Internet Explorer
this script may not function properly if at all in said browser. This update
has removed support for handling user names and passwords in HTTP and HTTP with
Secure Sockets Layer (SSL) or HTTPS URLs which the .htaccess Login with URL
Hex Encryption Javascript utilizes. Additional information can be accessed at
. As of the date of this notice this problem has only effected Microsoft Internet
Explorer versions with these updates. Archreality is currently working on modifications
to this script.

The .htaccess Login with URL Hex Encryption Javascript: is an advanced level
security script and an embedded .htaccess login box script with URL Hex Encryption
to hide the user’s password in the address bar from prying eyes. It also has
form verification as an added feature. It’s source was based on FTP Server Login
(by Reinout Verkerk) and htaccess Login (by Gordon Hudson) before it was modified
with URL Hex Encryption and Form Verification by Jonathan Feaster. The script’s
actual password protection rely’s on .htaccess password protection
and not Javascript therefore you must setup .htaccess password protection to
utilize this script.

First, to install this script copy and paste the following code into the <head>
of your HTML document (There is no need to modify this part of the script and
doing so could prevent it from running correctly.):


<!– Original: Jonathan Feaster ([email protected]) –>
<!– Web Site: http://www.archreality.com/ –>
<!– Based on: FTP Server Login (Reinout Verkerk) and htaccess Login (Gordon Hudson) –>

<!– Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
letters = “abcdefghijklmnopqrstuvwxyz/.1234567890~_:”;

encrypt = new Array(
var input = password;
encpass = “”;
for(var count = 0; count < input.length; count++) {
daChar = input.charAt(count);
for (i = 0; i < letters.length; i++) {
if (daChar == letters.charAt(i)) {
encpass += encrypt[i];
if (username == “” && password == “”) {
alert(“Enter your Username and Password!”);
return false;
if (username == “”) {
alert(“Enter your Username!”);
return false;
if (password == “”) {
alert(“Enter your Password!”);
return false;
else {
var htsite = “http://” + username + “:” + encpass + “@” + server;
window.location.href = htsite;
// End –>

Second, you’ll need to place and modify for your needs the following code into
the <body> of your HTML document:

<div align=”center”>
<table width=”335″ border=”0″ cellpadding=”0″>
<form name=”login” action=””>
<input type=”hidden” name=”server” value=”www.archreality.com/hexl/prot/”>
<div align=”center”>
<input type=text name=”username” size=20 >
<div align=”center”>Password:
<input type=password name=”password” size=20>
<div align=”center”>
<input type=button value=”Login” onClick=”Login(this.form)” name=”button”>

Finally, you’ll just need to modify the form field (If you’ve never used
forms before you can view a tutorial at http://www.w3schools.com/html/html_forms.asp)
input tag named “server” and change it’s value to the URL of the .htaccess password
protected directory (minus the http://) on your server. Example:

<input type=”hidden” name=”server” value=”www.yourdomain.com/protecteddirectory/”

And that’s all there is to it!