Forums

how to make individual pages private?

I'd like to make one/some of my sub pages private , for ex. someone must enter a password to access the sub-page

how to do that simply?

thanks

What web framework do you use? ie. flask/django/web2py etc

Flask

There is a Flask extension called "Flask-HTTPAuth" that can be used to password-protect certain routes in your app. It is pre-installed on PythonAnywhere, so you don't have to install it yourself unless you're using virtualenv.

This extension requires you to make a function that takes the username and password as arguments and returns True or False, specifying whether or not the credentials are valid. Here's a simple example of how to set it up:

from flask_httpauth import HTTPBasicAuth
auth = HTTPBasicAuth()

@auth.verify_password
def verify(username, password):
    if username == 'joe' and password == 'mama':
        return True
    else:
        return False

This is how you password protect a route in your app:

@app.route('/example-page')
@auth.login_required
def example_page():
    return 'This text is only displayed if username is joe and password is mama'

If you enter the wrong username and password, you will simply be prompted again.

If you don't want the password to be visible in your code as plain text, you can make a variable that has the password's hash, and see if the hash of the password entered by the user matches. Idk how to do hashing in Python but you should easily be able to find out how

CRAP THATS MY ACTUAL PASSWORD

HOW TO I EDIT POSTT

lol jk

By the way, my website supports dark mode, which only works in some browsers and it's activated through your OS's system-wide dark mode. I haven't seen any other sites that support this.

great thanks, I'll give this a try!

that works fine, thanks

so, how can someone see the password in plain text if I don't hash it?

If you share the code with others or your PythonAnywhere password is weak then people could possibly see the code. I have one of these password things set up on my site and I don't hash it

ok, I'm gonna try and setup an access-log scraping file now- may get back to you on this later

I have been trying to hack your password page

ok sure, give it a try, password only on /base right now

https://madmartin.pythonanywhere.com/base

This brute force script isn't going anywhere

I give up

In which case when calling the endpoint that is password protected from code from another domain, how do you pass in the name and password as part of the request?

That depends on the method that is used for password protection. If it's basic auth, like we use on PythonAnywhere, then you use a URL like this: https://username:password@domain.com