PDA

View Full Version : Login Password Script Help



isamarlow
02-07-2007, 11:34 PM
I need help with a login and password form.
I have one that works listed below, but it only works when you click the login button - I need it to ALSO work when you press ENTER. I tried to change the onClick to onKeyPress, but no luck - please advise. I do not need to stay with this form if anyone has a better recommendation.

thanks!

<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="member") {
if (form.pass.value=="gopass") {
location="gopass.htm"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
</script>
<form name="login">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="button" value="Login" onClick="pasuser(this.form)">
</form>

thetestingsite
02-08-2007, 12:21 AM
Try this:



<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="member") {
if (form.pass.value=="gopass") {
location="gopass.htm"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
</script>
<form name="login" onsubmit="pasuser(this.form)">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="submit" value="Login">
</form>


Notice I changed the button to a submit button, then added the onsubmit handler to the form tag.

Also notice, this does not belong in the HTML forum but instead in the javascript forum.

Anyway, hope this helps.

beeps
02-08-2007, 06:51 AM
Please try this:
--------------------------------------------------
<HTML>
<HEAD>
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<TITLE>Ear Demo</TITLE>
<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value == "member") {
if (form.pass.value == "gopass") {
location = "gopass.htm";
} else {
alert("Invalid Password");
}
} else {
alert("Invalid UserID");
}
}
function IEKeyCap() {
if (window.event.keyCode == 13) {
pasuser(document.forms[0]) ;
}

}

//-->
</script>
<body onKeyPress="IEKeyCap()">
<form name="login">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="button" value="Login" onClick="pasuser(this.form)">
</form>
</body>
</HTML>

Twey
02-08-2007, 03:52 PM
Please don't -- that's a terrible script (and pretty bad HTML too). The correct way to do it is to use the form's onsubmit event rather than the button's onclick.

Javascript password scripts will always be less secure than their server-side counterparts, but it is at least possible to make them slightly secure (I.E. not including the password in the source) -- see http://www.twey.co.uk/?q=encpass for an example.

thetestingsite
02-08-2007, 04:55 PM
The correct way to do it is to use the form's onsubmit event rather than the button's onclick.


I had suggested that in this thread (http://www.dynamicdrive.com/forums/showthread.php?t=17305). According to the OP, it did not work.

isamarlow
02-08-2007, 05:15 PM
The script on your site is perfect, I just can't figure out where to put the page that the form goes to? right now it goes nowhere. Sorry if this is a stupid question I am very new to javascript.

thanks, Isadora

here is the script I used: (username: member - password:gopass)

<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/%p.txt"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>

tech_support
02-09-2007, 05:54 AM
<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/&#37;p.txt"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>

isamarlow
02-09-2007, 05:10 PM
OK but how do I save my page gohome.html as /includes/Gopass.txt?username=Member&password=Gopass :confused:

Twey
02-09-2007, 06:24 PM
I don't think you quite understand the nature of the script. What makes it secure is that it directs to a page whose name is based on the login info provided. It's a frontend to what could be considered a very basic form of server-side security built in to every webserver.

tech_support
02-10-2007, 04:01 AM
<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/gohome.html?username=&#37;u&password=%p"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>

Twey
02-10-2007, 12:22 PM
Doing that completely defeats the point of the script. If the username and/or password aren't contained in the page URL somewhere, it's no more secure than the one above: anyone could just look in the source to find the URL.

olsen07
02-12-2007, 02:48 PM
I am lookin for a password protection JavaScript that will not allow me to either view the password by viewing the source or bypass the password by entering the URL of the password protected page

Thanks,
JMOL
Olsen07
Dragonlord2598

tech_support
02-13-2007, 05:50 AM
http://www.twey.co.uk/?q=encpass

olsen07
02-13-2007, 02:21 PM
It didn't work I was still able to jump straight to the page with the proper URL.
I am working with DreamWeaver so if any body can either help me with JavScript or what to do in DreamWeaver


Thanks
JMOL
Olsen07
Dragonlord

Twey
02-13-2007, 03:01 PM
It didn't work I was still able to jump straight to the page with the proper URL.And you always will be, unless you implement a server-side security system.

That script attempts to address this: if you include &#37;u and %p in the URL, then the user would still have to know the username and password to get to the file anyway, so they might as well have logged in.

tech_support
02-14-2007, 06:14 AM
It didn't work I was still able to jump straight to the page with the proper URL.
I am working with DreamWeaver so if any body can either help me with JavScript or what to do in DreamWeaver


Thanks
JMOL
Olsen07
Dragonlord
You'll be able to do it with a server-side language like PHP/ASP/ASPX pretty easily.

tech_support
02-14-2007, 06:17 AM
<form name="login" onsubmit="pasuser(this.form);return false">

olsen07
02-19-2007, 02:42 PM
Ok now im confused.
If i cant do it with javascript like i want to can n e body tell me how to do it with dreamweaver or tell me where to go to get assisstance

Thanks
JMOL
Olsen07
Dragonlord

Shotgun Ninja
02-19-2007, 02:49 PM
OK, just to clear this up...

DREAMWEAVER IS NOT A PROGRAMMING LANGUAGE.

OK?

BTW, you could do it by having the form write a 'cookie' on the user's computer, then have the destination page check the contents of the remote cookie file and deny access to users without a matching password encrypted in the cookie file. That's how MySpace works, more or less. There are actually only about 20 real pages of HTML code at MySpace, each one occupying an ENTIRE SERVER, and a crapload of scripts.

riptide
02-19-2007, 03:05 PM
wow I never knew that about myspace....* grins evilly*
heay I use dreamweaver too but I also read alot of books about javascript. so you may like PHP.

pcbrainbuster
02-19-2007, 05:25 PM
I simply recommend you learn .htaccess becuase it is more secure than most other ways....

Twey
02-19-2007, 07:08 PM
Better to say, it's pre-made, so the chances of screwing it up are smaller.

techno_race
03-01-2007, 12:59 AM
heay I use dreamweaver too but I also read alot of books about javascript.

Same here.

mburt
03-01-2007, 11:16 AM
Back to the original post... Simply, JavaScript is not secure in these circumstances that require password protecting. You should use .htaccess (already mentioned) or a server-side language (the code isn't visible to the user).

olsen07
03-05-2007, 02:30 PM
Ok so what do i need to do??
how do i learn .htaccess

olsen07
03-23-2007, 01:34 PM
What is and how do i learn .htaccess

tech_support
03-24-2007, 01:29 AM
I wouldn't recommend you using .htaccess if you want people to logout.

As for learning it, Google it.