Please help if you can. I know nothing about cookies and everything I read makes me more confused. I have a file that contains some Javascript functions and a list of username, password and real names. I want the user to enter a username and password on one page and have the real name put in a text box on another page. To demonstrate my requirements, i have posted an attachment containing the external file and 2 HTML pages. Can someone please help me. Thank you.

It's actually better if you processed usernames, passwords, names, information, (forms in general) etc., with a server-side language and not JavaScript. Approximately 13% of your visitors have JavaScript disabled--so it's better if you use a server side language for your cookies; although I would use a database instead of cookies to store this information--unless you have some other reason for using cookies that I don't know about.

Jona

Thanks for that Jona. The reason for cookies is that this is for an internal system and the person who started the project has used cookies extensively so we thought it better to continue with that method. Unfortunately, the person who started the project has passed away and we are a bit stuck as you can tell. The whole project revolves around a VB program that creates the JS file and uploads it automatically every 12 hours. The VB program also automatically creates about 200 web pages and uploads them as well so that the whole operation can access certain information. The real name of the user is now required to complete a response form.

I see. Do all of your visitors have JavaScript enabled?

Jona

Yes they do Jona

Here's the deal. You're trying to make a complete login script with JS. That is not smart. You should use a database (not flat-file, either). This means you need a server-side language of some sort, because the users can easily get the usernames, names and passwords of anyone else they want to. So no true verification is happening here. Setting a cookie is one thing, but it is very insecure to use JavaScript for a login.

Also, if you aren't worried about a user getting the names, usernames and passwords of others, then you don't even need this script at all.

Jona

You can have secure javascript passwords using MD5. The problem is that if someone views the source, they don't even need the password. They can figure out what the contents of the cookie are supposed to be and write the cookie by hand.
There is no completely secure passwords in javascript, but you can get pretty good by doing something like this:

Usernames and Passwords are stored in the JS file, BOTH of them as MD5 hashes.

A user enters their username and password. Then, the username is hashed, and checked against the JS file to see if its real. If its real, the hash of the correct password is hashed AGAIN. Then the entered password is hashed, and then hashed again. If the password is correct, they can have access. This cookie's username and password would have to be hashed and checked on each protected page.
The content of the pages would also have to encrypted using one of those online encryptors so they can't be viewed unless the user has javascipt enabled.

This script would be ridiculously complicated, but it would work. May as well go with serverside :p

The whole point of the exercise is to get the user's real name from the JS file and put it into the textbox on the next page. This is not for security reasons, but simply to assist the user by not having them type their names into a textbox. The textbox forms part of a form that sends certain information back to a VB program that automatically reads emails, strips the data and puts it into a database.

Ahh so they are just entering a username, not even a password?

Then you could just have a form like this in any HTML file:
<form name="form" action="page2.html" method="get">
<input type="text" name="name">
<input type="submit">
</form>
And on page2.html
<form name="form">
<input type="text" name="name">
</form>
<script language="javascript">
var name = top.location.search.substr(6);
document.form.name.value = name
</script>
Type a username in the 1st page, hit submit, and the second page will have a textbox containing the username. You could modify it to use cookies if you wanted to.

No no no, we seem to be getting a bit confused here. Please see my original post. In the JS file are usernames, passwords and full names. I want a user to enter a username and password on one page and have their full name, (extracted from the array in the JS file), appear in a textbox on the second page. If you grab the ZIP file and run the pages, you will see what I mean.