diff --git a/action.php b/action.php
index b53e41d..0eba00e 100644
--- a/action.php
+++ b/action.php
@@ -58,13 +58,25 @@ switch ($VARS['action']) {
         if (!is_numeric($VARS['landscape']) || ((int) $VARS['landscape'] !== 0 && (int) $VARS['landscape'] !== 1)) {
             returnToSender('invalid_parameters');
         }
+        if ($VARS['password_protect'] == 1) {
+            if (!is_empty($VARS['password'])) {
+                $password = password_hash($VARS['password'], PASSWORD_BCRYPT);
+            } else if (!$insert) {
+                $password = $database->get("publications", 'pwd', ['pubid' => $VARS['pubid']]);
+            }
+            $permission = 3;
+        } else {
+            $password = null;
+            $permission = $VARS['perm'];
+        }
 
         $data = [
             'pubname' => $VARS['name'],
             'pubdate' => date("Y-m-d H:i:s"),
             'styleid' => $VARS['style'],
             'columns' => $VARS['columns'],
-            'permid' => $VARS['perm'],
+            'permid' => $permission,
+            'pwd' => $password,
             'page_size' => $VARS['size'],
             'landscape' => $VARS['landscape']
         ];
@@ -141,7 +153,7 @@ switch ($VARS['action']) {
         }
 
         $pubid = $database->get("tiles", "pubid", ['tileid' => $VARS['tileid']]);
-        
+
         if ($database->get("publications", 'uid', ['pubid' => $pubid]) != $_SESSION['uid']) {
             die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)]));
         }
diff --git a/database.mwb b/database.mwb
index 7954784..d8d6a15 100644
Binary files a/database.mwb and b/database.mwb differ
diff --git a/lang/en_us.php b/lang/en_us.php
index 7002bae..886db14 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -66,4 +66,9 @@ define("STRINGS", [
     "visibility loggedin" => "People with accounts",
     "visibility link" => "Anyone with the link",
     "visibility password" => "Anyone with the link and password",
+    "password protect" => "Password protect",
+    "anyone with link and password can view" => "When a password is set, anyone with the link and password can view the publication.",
+    "enter password to view file" => "Enter password to view file",
+    "view file" => "View File",
+    "password incorrect" => "Password incorrect."
 ]);
\ No newline at end of file
diff --git a/lib/gencontent.php b/lib/gencontent.php
index 2603096..65de7e7 100644
--- a/lib/gencontent.php
+++ b/lib/gencontent.php
@@ -5,7 +5,7 @@ if (!defined("IN_NEWSPEN")) {
     if (is_numeric($VARS['pubid'])) {
         if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
             $pub = $VARS['pubid'];
-            $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname"], ["pubid" => $pub]);
+            $pubdata = $database->get("publications", ["[>]pub_permissions" => ["permid" => "permid"]], ["pubname", "uid", "pubdate", "styleid", "columns", "page_size", "landscape", "publications.permid", "permname", "pwd"], ["pubid" => $pub]);
             if ($pubdata["permname"] != "LINK") {
                 dieifnotloggedin();
             }
@@ -14,6 +14,55 @@ if (!defined("IN_NEWSPEN")) {
                     die(lang("no permission"));
                 }
             }
+            if ($pubdata['permname'] == "LINK" && !is_empty($pubdata['pwd']) && $_SESSION['loggedin'] != true) {
+                $passok = false;
+                $passfail = false;
+                if (isset($VARS['password'])) {
+                    $passok = password_verify($VARS['password'], $pubdata['pwd']);
+                    $passfail = !$passok;
+                }
+                if (!$passok) {
+                    ?>
+                    <!DOCTYPE html>
+                    <meta charset="UTF-8">
+                    <meta name="viewport" content="width=device-width, initial-scale=1">
+                    <title><?php echo htmlspecialchars($pubdata["pubname"] . " | " . date("Y-m-d", strtotime($pubdata["pubdate"]))); ?></title>
+                    <link href="../static/css/bootstrap.min.css" rel="stylesheet">
+                    <link href="../static/css/font-awesome.min.css" rel="stylesheet">
+                    <style nonce="<?php echo $SECURE_NONCE; ?>">
+                        #heading {
+                            background-color: #673ab7;
+                        }
+                    </style>
+                    <br />
+                    <div class="row">
+                        <div class="col-xs-12 col-sm-4 col-sm-offset-4">
+                            <form action="gencontent.php" method="POST" class="panel panel-info">
+                                <div class="panel-heading" id="heading">
+                                    <label class="panel-title" for="password"><i class="fa fa-lock"></i> <?php lang("enter password to view file"); ?></label>
+                                </div>
+                                <div class="panel-body">
+                                    <?php if ($passfail) {
+                                        ?>
+                                        <div class="alert alert-danger">
+                                            <i class="fa fa-times"></i> <?php lang("password incorrect"); ?>
+                                        </div>
+                                        <?php
+                                    }
+                                    ?>
+                                    <input type="password" name="password" class="form-control" placeholder="<?php lang("password"); ?>" />
+                                    <input type="hidden" name="pubid" value="<?php echo $pub; ?>" />
+                                </div>
+                                <div class="panel-footer">
+                                    <button type="submit" class="btn btn-success"><i class="fa fa-sign-in"></i> <?php lang("view file"); ?></button>
+                                </div>
+                            </form>
+                        </div>
+                    </div>
+                    <?php
+                    die();
+                }
+            }
         } else {
             die(lang("invalid parameters", false));
         }
@@ -36,12 +85,12 @@ if (defined("EDIT_MODE") && EDIT_MODE == true) {
 <style nonce="<?php echo $SECURE_NONCE; ?>">
 <?php $pubcss = $database->get("pub_styles", ["css", "cssvars", "cssextra", "background"], ["styleid" => $pubdata["styleid"]]); ?>
     .pub-content {
-        <?php
-        $pubvars = json_decode($pubcss["cssvars"], TRUE);
-        foreach ($pubvars as $name => $val) {
-            echo "--$name: $val;\n";
-        }
-        ?>
+<?php
+$pubvars = json_decode($pubcss["cssvars"], TRUE);
+foreach ($pubvars as $name => $val) {
+    echo "--$name: $val;\n";
+}
+?>
     }
 
     .pub-content {
diff --git a/lib/getpubtable.php b/lib/getpubtable.php
index c8237e6..08a521a 100644
--- a/lib/getpubtable.php
+++ b/lib/getpubtable.php
@@ -82,6 +82,7 @@ $pubs = $database->select('publications', [
     'stylename',
     'columns',
     'permname',
+    'pwd',
     'publications.permid',
     "page_size",
     "sizename",
@@ -121,6 +122,9 @@ for ($i = 0; $i < count($pubs); $i++) {
         "size" => $pubs[$i]["sizename"],
         "orientation" => ( $pubs[$i]["landscape"] == 0 ? lang("portrait", false) : lang("landscape", false) )
             ], false);
+    if (!is_empty($pubs[$i]["pwd"])) {
+        $pubs[$i]["permname"] = "password";
+    }
     $pubs[$i]["visibility"] = lang("visibility " . strtolower($pubs[$i]["permname"]), false);
 }
 $out['pubs'] = $pubs;
diff --git a/pages/editpub.php b/pages/editpub.php
index caeaae2..d6b272a 100644
--- a/pages/editpub.php
+++ b/pages/editpub.php
@@ -30,7 +30,8 @@ if (!is_empty($VARS['id'])) {
                     'columns',
                     'permid',
                     'page_size',
-                    'landscape'
+                    'landscape',
+                    'pwd'
                         ], [
                     'pubid' => $VARS['id']
                 ])[0];
@@ -131,6 +132,9 @@ if (!is_empty($VARS['id'])) {
                             <?php
                             $perms = $database->select("pub_permissions", ['permid', 'permname']);
                             foreach ($perms as $p) {
+                                if ($p['permname'] == "PASSWORD") {
+                                    continue;
+                                }
                                 $pi = $p['permid'];
                                 $pn = lang("visibility " . strtolower($p['permname']), false);
                                 $ps = $pubdata["permid"] == $pi ? " selected" : "";
@@ -138,6 +142,22 @@ if (!is_empty($VARS['id'])) {
                             }
                             ?>
                         </select>
+                        <div class="checkbox">
+                            <label>
+                                <input type="checkbox" id="password_protect" name="password_protect" value="1" <?php echo is_empty($pubdata['pwd']) ? "" : "checked" ?>> <?php lang("password protect"); ?>
+                            </label>
+                        </div>
+                        <?php if (is_empty($pubdata['pwd'])) { ?>
+                            <style nonce="<?php echo $SECURE_NONCE; ?>">
+                                #password {
+                                    display: none;
+                                }
+                            </style>
+                        <?php } ?>
+                        <div id="password">
+                            <input type="password" name="password" value="" placeholder="<?php lang("password"); ?>" class="form-control" />
+                            <i class="fa fa-info-circle"></i> <?php lang("anyone with link and password can view"); ?>
+                        </div>
                     </div>
                 </div>
             </div>
@@ -160,7 +180,7 @@ if (!is_empty($VARS['id'])) {
             <?php
             if ($editing && !$cloning) {
                 ?>
-            &nbsp; <button type="submit" name="gotocontent" value="1" class="btn btn-primary"><i class="fa fa-pencil"></i> <?php lang('edit content'); ?></button>
+                &nbsp; <button type="submit" name="gotocontent" value="1" class="btn btn-primary"><i class="fa fa-pencil"></i> <?php lang('edit content'); ?></button>
                 <a href="action.php?action=deletepub&source=home&pubid=<?php echo htmlspecialchars($VARS['id']); ?>" class="btn btn-danger btn-xs pull-right mgn-top-8px"><i class="fa fa-times"></i> <?php lang('delete'); ?></a>
                 <?php
             }
diff --git a/static/js/editpub.js b/static/js/editpub.js
index 7a18cab..639ca76 100644
--- a/static/js/editpub.js
+++ b/static/js/editpub.js
@@ -1,3 +1,11 @@
-$('#name').on('input propertychange paste', function() {
+$('#name').on('input propertychange paste', function () {
     $('#name_title').text($('#name').val());
-});
\ No newline at end of file
+});
+
+$('#password_protect').change(function () {
+    if ($(this).prop('checked')) {
+        $("#password").css('display', 'block');
+    } else {
+        $("#password").css('display', 'none');
+    }
+})
\ No newline at end of file
