Basic WEB UI password protection

I’ve searched far and wide all over the internet for a way to set a password for the web UI, but couldn’t find anything. The solutions were either no longer supported in Volumio 3 version, or the topics had zero replies regarding this issue.

So, with my limited programming knowledge and some googling, and experimenting, I’ve managed to finally make Volumio’s WEB UI password protected with nice little popup window to enter the password:

p4UvylL

I’ve used the code form Stack Overflow: (Simple Password Javascript Code? - Stack Overflow):

<script language="JavaScript">

var pass_entered;
var password="cool";

while (pass_entered!=password) {
    pass_entered=prompt('Please enter the password:','');
}

self.close();

</script>

In the code you can set your desired password on the variable “password”.

Finally, I’ve placed that little script into the header section of existing index.html file, found in “/volumio/http/www/” and it worked like a charm!

Few notices:

  • the security level of this type of password protection is most likely very very low, since the password is embeded in the code directly;
  • while it did work fine accessing WEB UI on PC using Chrome and Firefox, I did experience some issues entering the password on my phone, needing to enter the password 2-3 times over again;
  • since I added the code to the Classic theme’s index.html file, it is tied to that theme only. That means if you change the theme on the WEB UI, you no longer are asked to enter the password;
  • I’m not sure how the system will react when an update comes by, after edditing some files. Hopefully it won’t break dramatically :crossed_fingers:.

Feel free to share your thoughts on how this could be improved! :blush:

This is like no password just read the html and you have the password
You only could get that volumio would not update any more because of it.

1 Like

True, but at least for my case, this level of ‘security’ is enough :sweat_smile:
If Volumio won’t update anymore, than I guess I’ll just wait until something starts bugging out in older versions, or some major update drops and then just reflash it.

There are ways to scrable the password :stuck_out_tongue: in js now it is to eazy to pick it out of the html