A minimal, professional, and secure login system that authenticates users with a single passcode and prevents unauthorized access using local storage. Built with HTML, CSS, and JavaScript, this project is server-less and database-free, making it ideal for hosting on Replit, Vercel, or GitHub Pages.
✅ SHA-256 encrypted passcode authentication
✅ Server-less & database-free (Runs on any static host)
✅ Prevents direct URL access (Unauthorized users get redirected back to Login page)
✅ Minimalistic and professional dark theme
✅ Secure logout functionality
✅ Warning notifications for wrong passcodes & URL jumping
✅ Beautiful and responsive UI which can be further worked upon by people
Second Version of this Project:
The second version of this project has a back-doored IP and Browser Info grabber which logs the intruder's personal information.
/project-root
│── index.html # Login page
│── styles.css # Styles for the login page
│── script.js # Handles authentication and notifications
│
│── /home
│ ├── index.html # The secure dashboard (only accessible after login)
│ ├── styles.css # Styles for the dashboard
git clone https://github.com/arpan-mandal/encrypted-login-page
cd encrypted-login-page
Since this is a static project, you can simply open index.html in your browser to test it. Or, use Replit / Vercel for online hosting.
This project uses SHA-256 hashing to store a hashed passcode instead of plaintext. You need to generate a hash from your own passcode and update script.js.
Use Python to generate a SHA-256 hash for your custom passcode:
import hashlib
# Replace this with your desired passcode
passcode = "your_secret_passcode"
# Generate SHA-256 hash
hashed_passcode = hashlib.sha256(passcode.encode()).hexdigest()
print("Your hashed passcode:", hashed_passcode)It is recomended to include all types of characters in your passcode, it makes it much hard to crack through a decrypter!
1️⃣ Copy the generated hashed passcode
2️⃣ Open script.js and replace the existing hash:
const hashedPasscode = "your_new_hashed_passcode";1️⃣ User enters a passcode in index.html
2️⃣ JavaScript hashes the input using SHA-256
3️⃣ If it matches the stored hash, the user is granted access
4️⃣ A session token (auth=true) is saved in localStorage
5️⃣ home/index.html checks authentication before allowing access
6️⃣ If unauthorized, the user is redirected back to login
The project uses a client-side authentication system to prevent URL jumping.
📌 If someone tries to access /home/index.html without logging in, they get redirected back to the login page with a warning notification.
🔒 Authentication Check in home/index.html:
if (localStorage.getItem("auth") !== "true") {
localStorage.setItem("warning", "true"); // Show warning notification
window.location.href = "../index.html"; // Redirect to login
}- Open
script.js - Replace the hashed passcode with your own SHA-256 hash (First line in script.js):
const hashedPasscode = "YOUR_HASHED_PASSCODE_HERE";
- Set your dashboard or protected page inside
/home(You can also edit the main code to set it to anywhere else you want) - Ensure all pages you wish to restrict access to include this script at the top:
✅ This prevents direct URL access to all the pages inside
<script> if (localStorage.getItem("auth") !== "true") { localStorage.setItem("warning", "true"); window.location.href = "../index.html"; } </script>
/homethat make use of the script.
This project is open-source and available under the GNU V3 License.
- Coded by Arpan Mandal
- © 2025 All rights reserved
Got questions or suggestions? Feel free to reach out!
📧 Email: [email protected]
🌐 Website: arpanm.xyz
If you found this helpful, please ⭐ star the repository on GitHub to support the project! 🚀