|
Click to See Complete Forum and Search --> : login page? Yanhead 06-25-2003, 09:02 AM can anyone direct me to a bit of code so I can do a login page where, when the username and password are entered the user will be directed to a specific page. It does need to support multiple users as I need to create 52. Thanks pyro 06-25-2003, 09:26 AM Javascript isn't capable of creating secure passwords. Better of using a server side language such as PHP, and since you have 52 usernames/passwords, a database. Yanhead 06-25-2003, 09:29 AM Originally posted by pyro Javascript isn't capable of creating secure passwords. Better of using a server side language such as PHP, and since you have 52 usernames/passwords, a database. it doesn't have to be extremely secure, javascript will do fine. know of any tutorials? Thanks pyro 06-25-2003, 09:50 AM Not only is it not extremely secure, it is extremely insecure -- simply view source, and there are all the usernames/passwords... But, here's the logic (which can be transfered to server side code) <html> <head> <script language="JavaScript" type="text/JavaScript"> function validate(frm) { x = 0; user = frm.username.value; pass = frm.password.value; username = new Array("user1","user2","user3"); //array of usernames password = new Array("pass1","pass2","pass3"); //array of passwords for (i=0; i<username.length; i++) { if (x == 0) { if (user == username[i]) { if (pass == password[i]) { window.location.href = "http://www.w3c.org"; } else { alert ("Incorrect password"); } x = 1; } } } if (x == 0) { alert ("Incorrect username"); } return false; } </script> </head> <body> <form name="loginform" onsubmit="return validate(this);"> Username: <input type="text" name="username"> Password: <input type="text" name="password"> <input type="submit" name="submit" value="Submit"> </form> </body> </html> Charles 06-25-2003, 09:59 AM <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="Content-Script-Type" content="text/javascript"> <style type="text/css"> <!-- label {display:block} --> </style> <script type="text/javascript"> <!-- key = new Object(); key.North = 'fee'; key.South = 'fie'; key.East = 'foe'; key.West = 'fum'; function validate (f) {if (!key[f.Name.value] || key[f.Name.value] != f.Password.value) {alert('Incorrect Log in'); f.reset(); return false}} // --> </script> <form action="securePage.html" onsubmit="return validate(this)"> <div> <label>Name<br><input type="text" name="Name"></label> <label>Password<br><input type="password" name="Password"></label> <button type="submit">Log in</button> </div> </form> Yanhead 06-25-2003, 10:58 AM Originally posted by pyro Not only is it not extremely secure, it is extremely insecure -- simply view source, and there are all the usernames/passwords... But, here's the logic (which can be transfered to server side code) thanks, would it be hard to alter the code so it went to a specific page? at the moment all the entires end up on "http://www.w3c.org" thanks again pyro 06-25-2003, 11:09 AM Just change the URL in this line: window.location.href = "http://www.w3c.org"; Yanhead 06-25-2003, 11:26 AM Originally posted by pyro Just change the URL in this line: window.location.href = "http://www.w3c.org"; no sorry I meant, go to a specific page depending on what username/password was entered. i understand this will be a little more involved. Thanks pyro 06-25-2003, 11:31 AM You could do something based on the username: window.location.href = "http://www.yourdomain.com/"+user[i]+".htm"; That will take them to http://www.yourdomain.com/theusername.htm jeffmott 06-25-2003, 11:35 AM Javascript isn't capable of creating secure passwordsIt is actually possible, just not very managable. pyro 06-25-2003, 11:53 AM I suppose if you use some sort of encryption, but that too can more then likly be broken if you'd spend a bit of time trying to crack it. Charles 06-25-2003, 02:20 PM <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="Content-Script-Type" content="text/javascript"> <style type="text/css"> <!-- label {display:block} --> </style> <script type="text/javascript"> <!-- key = new Object(); key.North = 'fee'; key.South = 'fie'; key.East = 'foe'; key.West = 'fum'; page = new Object(); page.North = 'fee.html'; page.South = 'fie.html'; page.East = 'foe.html'; page.West = 'fum.html'; function validate (f) {if (!key[f.Name.value] || key[f.Name.value] != f.Password.value) {alert('Incorrect Log in'); f.reset(); return '#'} else {return page[f.Name.value]}} // --> </script> <form action="javascriptFreePage.html" onsubmit="this.action = validate(this)"> <div> <label>Name<br><input type="text" name="Name"></label> <label>Password<br><input type="password" name="Password"></label> <button type="submit">Log in</button> </div> </form> jeffmott 06-25-2003, 02:22 PM but that too can more then likly be broken if you'd spend a bit of time trying to crack itDepends. If the developer attempts to write their own then it is almost guarenteed to be easily crackable (if not by another Web developer then almost certainly by a cryptographer). However, if you use SHA-1 or MD5 instead then it would be considered secure. pyro 06-25-2003, 02:37 PM I wasn't aware that you could use md5 in javascript. Must be a library? [edit - Just did a search and found that: http://pajhome.org.uk/crypt/md5/] diamonds 06-25-2003, 04:37 PM what is md5()? My guess is that it is a one-way encryption, so once it is encryped, it cannot be unencrypted. Useful for passwords. Am I correct? Also... There is a encrypted login page submitted here (http://javascript.internet.com/passwords/login-coder.html) once. tell me if it helps;) also, try changing it so it does not require exactly 8 chars. I did it once, and it still worked. pyro 06-25-2003, 04:45 PM Yes, MD5 is one-way encryption, and though it was never really meant for encrypting passwords, it is often used to do so. jeffmott 06-26-2003, 05:37 PM Also... There is a encrypted login page submitted here onceThis is a poor choice. You should read my earlier posts in this thread. The script you refer to is another classic case of the author attempting to write their own hasing function, one which doesn't hold up to cryptanalysis. Even a brute force search would suffice.The JavaScript Source This is undoubtedly the best password protection JavaScript you'll ever find.This is complete crap. It's just a classic bad example. pyro 06-26-2003, 07:18 PM *Agrees with jeffmott* Of course, that's not the first time we've seen complete crap coming from some of those scripts... diamonds 06-27-2003, 07:37 PM http://pajhome.org.uk/crypt/md5/index.html how about this? diamonds 06-27-2003, 07:46 PM Before 123 after JS d41d8cd98f00b204e9800998ecf8427e after PHP 202cb962ac59075b964b07152d234b70 it's okay. pyro 06-27-2003, 08:04 PM Did you have a question or what? I already posted a link to the javascript md5...? Originally posted by pyro [edit - Just did a search and found that: http://pajhome.org.uk/crypt/md5/] webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved. |
|