www.webdeveloper.com
Results 1 to 5 of 5

Thread: how does this work to make the password...

  1. #1
    Join Date
    Jun 2006
    Posts
    9

    how does this work to make the password...

    I was thinking of using the following type script in a page to verify a password but I'm new to javascript and I'm unclear about how it works...

    Code:
    <script type ="application/javascript">
    		
    	function GetPassInfo(){
            var madhouuuuuuuseeee = "givesacountinatobp laryk"
    
    	var j = madhouuuuuuuseeee.charAt(1);  var h = madhouuuuuuuseeee.charAt(0);   var l = madhouuuuuuuseeee.charAt(17);    
    	var g = madhouuuuuuuseeee.charAt(2);  var i = madhouuuuuuuseeee.charAt(6);   var x = madhouuuuuuuseeee.charAt(18);    
    	var l = madhouuuuuuuseeee.charAt(3); var p = madhouuuuuuuseeee.charAt(2);   var m = madhouuuuuuuseeee.charAt(20);      
    	var s = madhouuuuuuuseeee.charAt(17); var k = madhouuuuuuuseeee.charAt(10);  var d = madhouuuuuuuseeee.charAt(3);      
    	var bb = madhouuuuuuuseeee.charAt(6); var d = madhouuuuuuuseeee.charAt(13);   var r = madhouuuuuuuseeee.charAt(8);
    	var a = madhouuuuuuuseeee.charAt(0);  var d = madhouuuuuuuseeee.charAt(3);   var r = madhouuuuuuuseeee.charAt(16);
    	var b = madhouuuuuuuseeee.charAt(1);  var e = madhouuuuuuuseeee.charAt(4);   var j = madhouuuuuuuseeee.charAt(9);     
    	var c = madhouuuuuuuseeee.charAt(2);  var f = madhouuuuuuuseeee.charAt(5);   var g = madhouuuuuuuseeee.charAt(4);     
    	var j = madhouuuuuuuseeee.charAt(9);  var h = madhouuuuuuuseeee.charAt(6);   var l = madhouuuuuuuseeee.charAt(11);    
    	var g = madhouuuuuuuseeee.charAt(4);  var i = madhouuuuuuuseeee.charAt(7);   var x = madhouuuuuuuseeee.charAt(21);    
    	var l = madhouuuuuuuseeee.charAt(11); var p = madhouuuuuuuseeee.charAt(4);   var m = madhouuuuuuuseeee.charAt(4);      
    	var s = madhouuuuuuuseeee.charAt(17); var k = madhouuuuuuuseeee.charAt(10);  var d = madhouuuuuuuseeee.charAt(3);      
    	var t = madhouuuuuuuseeee.charAt(18); var n = madhouuuuuuuseeee.charAt(12);  var e = madhouuuuuuuseeee.charAt(4);      
    	var a = madhouuuuuuuseeee.charAt(0);  var o = madhouuuuuuuseeee.charAt(13);  var f = madhouuuuuuuseeee.charAt(5);      
    	var b = madhouuuuuuuseeee.charAt(1);  var q = madhouuuuuuuseeee.charAt(15);  var h = madhouuuuuuuseeee.charAt(6);      
    	var c = madhouuuuuuuseeee.charAt(2);  var h = madhouuuuuuuseeee.charAt(6);   var i = madhouuuuuuuseeee.charAt(7);      
    	var j = madhouuuuuuuseeee.charAt(9);  var i = madhouuuuuuuseeee.charAt(7);   var y = madhouuuuuuuseeee.charAt(22);          
    	var g = madhouuuuuuuseeee.charAt(4);  var p = madhouuuuuuuseeee.charAt(4);   var yy = madhouuuuuuuseeee.charAt(23);
    	var l = madhouuuuuuuseeee.charAt(11); var k = madhouuuuuuuseeee.charAt(10);  var bb = madhouuuuuuuseeee.charAt(14);
    	var q = madhouuuuuuuseeee.charAt(20); var n = madhouuuuuuuseeee.charAt(12);       
    	var m = madhouuuuuuuseeee.charAt(4);  var o = madhouuuuuuuseeee.charAt(13);       
    	
    	var p = madhouuuuuuuseeee.charAt(4)
    	var Wrong = (bb+""+q+""+yy+""+d+""+t+""+f+""+t+""+r+""+x+""+d+""+f+""+yy)
    
    	if (document.forms[0].Password1.value == Wrong)
    		location.href="index.php?Result=" + Wrong;
    }
    </script>
    So when it checks at the bottom and it's using the bb+""+q....etc. how does it pick the number if there are two values for the variable? And then is it putting a space between each one or is it adding them literally?

  2. #2
    Join Date
    Jun 2006
    Posts
    9
    okay, I made a test script and put in a few variables and then got them to display and it just put them together. My example had variable a=44 and b=7 and the alert box gave me 447.

    So what does it do when there are two possibilities for the variable?

  3. #3
    Join Date
    Jan 2007
    Location
    Wisconsin
    Posts
    2,120
    That's a pretty terrible attempt at storing an obfuscated password. Execute the "meat" at the command line, echo Wrong and you get: "take a break" ... not exactly high security. If you want this sort of weak protection, you may as well store the password plaintext.

    You want to implement some level of security, you need to protect things server-side. In the very least, use Basic HTTP authentication.

    Ideally, implement something a little more secure. Store salted passwords hashes (sha2) in your database. Force all connections over HTTPS, if possible. Don't rely on anything client-side to secure your content.

    But, to answer your questions, each re-definition of a variables simply overrides the old one.

    PHP Code:
    var 1;
    var 
    2;
    alert(x);    // you'll see 2 
    The concatenation at the end incorporates empty strings to confused you: they don't do anything. Execute this:

    PHP Code:
    var "abc";
    var 
    "xyz";
    if (
    "" == b) {
      
    alert("" b);

    .. and you'll see "abcxyz" pop up.

    Dare I ask where you found this little script?

  4. #4
    Join Date
    Jun 2006
    Posts
    9
    this was just something I dug up on the internet. Before I saw your response I made another function that took the meat of it and then displayed it with an alert...thanks for breaking it down for me though...it helped.

  5. #5
    Join Date
    Jun 2006
    Posts
    9
    Oh, and I found it at:

    http://ideone.com/7uGXg

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles