Password Protection Using the Frames Method
By Stephen Bucaro
If you want to restrict access to your website to only members or subscribers,
how can you implement password protection? If you own the server, or if your
web host provider allows, you can use the servers built-in security features.
If your Web host provider allows you to run custom scripts, you can use a php
or asp script to implement password protection. But what if you're using a
free host or a pay host that does not allow custom scripts?
One method of password protecting your webpages is to use a cookie, but cookies
are unreliable. If you can't trust a cookie to store the information that the user
is logged in, where can you store it? You can store it in a frame. In this example
be displayed in a frameset. The entire code for the frameset page is shown below.
<frame name="control" frameborder=0 framespacing=0
src="control.htm" scrolling=no noresize>
<frame name="main" frameborder=0 framespacing=0
This would be the code for your default webpage. The default webpage is the page that is
displayed when a user enters your website's domain name, without a page name, in the
address bar of their browser. On a Linux Web server, the default webpage is usually named
index.html. On a Windows Web server, the default webpage is usually named default.htm or
default.asp. For this example, I'm naming the default webpage index.htm. This means that
to view the website you load index.htm (or click on index.htm on your computer).
Note that the frameset defines two frames. One frame is named main. This is the frame
that all of your webpages would appear in, including your home page. For this example, I'm
naming the home page home.htm. The other frame is named control. Only one webpage gets
loaded into this frame. I'm naming that webpage control.htm because it, rather than a cookie,
will be used to store our access variable. The entire code for control.htm is shown below.
Note that in the frameset, the control frame is only one pixel high and it can't be resized.
In other words, the control frame is not visible to the user. The user sees only the webpage
that is loaded into the main frame. Also note that the webpage that gets loaded into the
The entire code for the file control.js is shown below.
var access = false;
All the include file control.js does is define a boolean variable to store whether the user
has access or not. The variable is initialized to false so the user does not have access.