I'd like to make one/some of my sub pages private , for ex. someone must enter a password to access the sub-page
how to do that simply?
thanks
I'd like to make one/some of my sub pages private , for ex. someone must enter a password to access the sub-page
how to do that simply?
thanks
What web framework do you use? ie. flask/django/web2py etc
Flask
There is a Flask extension called "Flask-HTTPAuth" that can be used to password-protect certain routes in your app. It is pre-installed on PythonAnywhere, so you don't have to install it yourself unless you're using virtualenv.
This extension requires you to make a function that takes the username and password as arguments and returns True or False, specifying whether or not the credentials are valid. Here's a simple example of how to set it up:
from flask_httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()
@auth.verify_password
def verify(username, password):
if username == 'joe' and password == 'mama':
return True
else:
return False
This is how you password protect a route in your app:
@app.route('/example-page')
@auth.login_required
def example_page():
return 'This text is only displayed if username is joe and password is mama'
If you enter the wrong username and password, you will simply be prompted again.
If you don't want the password to be visible in your code as plain text, you can make a variable that has the password's hash, and see if the hash of the password entered by the user matches. Idk how to do hashing in Python but you should easily be able to find out how
CRAP THATS MY ACTUAL PASSWORD
HOW TO I EDIT POSTT
lol jk
By the way, my website supports dark mode, which only works in some browsers and it's activated through your OS's system-wide dark mode. I haven't seen any other sites that support this.
great thanks, I'll give this a try!
that works fine, thanks
so, how can someone see the password in plain text if I don't hash it?
If you share the code with others or your PythonAnywhere password is weak then people could possibly see the code. I have one of these password things set up on my site and I don't hash it
ok, I'm gonna try and setup an access-log scraping file now- may get back to you on this later
I have been trying to hack your password page
ok sure, give it a try, password only on /base right now
https://madmartin.pythonanywhere.com/base
This brute force script isn't going anywhere
I give up
In which case when calling the endpoint that is password protected from code from another domain, how do you pass in the name and password as part of the request?
That depends on the method that is used for password protection. If it's basic auth, like we use on PythonAnywhere, then you use a URL like this: https://username:password@domain.com