PDA

View Full Version : simple password problem



sunny
07-04-2005, 09:21 AM
hi, Please help me with this problem:
My code:


<SCRIPT LANGUAGE="JavaScript">

<!-- Begin
function pass()
{
var password = 'menon'
password=prompt('Please enter your password:','');
if (password != null) {
location.href= password + ".html";
}
else
{
location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
}
}
// End -->
</SCRIPT>

with this script i want the user to enter 'menon.html', if his password is menon.
And if he enters any other password other than 'menon' then he should be taken to another target that's mentioned in else condition.
The problem is if i Just cancel the prompt box,it takes me to the 'else' target page.And if i enter any other name in the prompt box other than 'menon' it assumes it to be a html document and takes me to that page displaying 'page not found'.
what i want is that the user should be directed to a different page if he enters any other password other than mentioned and if he cancels the prompt box then he should be directed to another page,
Any suggestions.

jscheuer1
07-04-2005, 12:32 PM
<script type="text/javascript">
function pass() {
var password=prompt('Please enter your password:','');
if (password == 'menon')
location.href= password + ".html";
else if (password==null)
//page for no password
location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
else
//page for wrong password
location.href="http://www.angelfire.com/empire2/funnyland/wrongpass.html"
}
</script>

Twey
07-04-2005, 03:38 PM
I'd just like to point out that it's really pointless to do this, as anyone can look at the source and see what the password is.
If you didn't mind not having the "wrong password" page, you could do something like this:

<script type="text/javascript">
function pass() {
var password=prompt('Please enter your password:','');
if (password==null) location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
location.href= password + ".html";
}
</script>
... which would actually be reasonably secure, if less user-friendly, as a wrong password would generate a 404 "Page not found" error.

mwinter
07-04-2005, 09:56 PM
I'd just like to point out that it's really pointless to do thisIndeed.


as anyone can look at the source and see what the password is.If you (the OP) really must do this, you have to encode the password. Putting it in as plain text really is useless.

There have been some algorithms cited here before, but they make brute forcing quite simple as you can make obvious guesses as to password length (and that really narrows down the time needed).

I would suggest, but still not recommend, a proper hash function. Many are simple to produce. The MD4 implementation below weighs in at about 4.6KBs with white space (less than three without) and is very fast. Though a mathematical hash can be brute-forced, there are generally no clues as to what the original data contained.

Getting everything you've asked for:


<script type="text/javascript" src="md4.js"></script>
<script type="text/javascript">
var hash = '8a9d093f14f8701df17732b2bb182c74';

function authenticate() {
var password = prompt('Please enter your password:');

location.href = !password
? '...' /* Cancelled URL */
: (String(password).md4() == hash)
? password + '.html'
: '...'; /* Invalid URL */
}
</script>The value of hash in this example is the string 'password' hashed by MD4.

Mike


The contents of md4.js:


String.prototype.md4 = (function() {
function f(x, y, z) {return (x & y) | (~x & z);}
function g(x, y, z) {return (x & y) | (x & z) | (y & z);}
function h(x, y, z) {return x ^ y ^ z;}

return function() {
var a = 0x67452301,
b = 0xefcdab89,
c = 0x98badcfe,
d = 0x10325476,
m = String(this).toUTF8(),
x = [],
y = m.length,
aa, bb, cc, dd, i, j, n;

function r(a, b, c, d, k, s) {
return (a + f(b, c, d) + x[k]).rotl(s);
}
function s(a, b, c, d, k, s) {
return (a + g(b, c, d) + x[k] + 0x5a827999).rotl(s);
}
function t(a, b, c, d, k, s) {
return (a + h(b, c, d) + x[k] + 0x6ed9eba1).rotl(s);
}

n = y % 64;
n = (n < 56)
? 56 - n
: 120 - n;
m += '\x80';

for(i = 1; i < n; ++i) {m += '\0';}

y *= 8;

for(i = 0; i < 8; ++i) {
m += String.fromCharCode(y & 0xff);
y /= 0x100;
}

for(i = 0, n = m.length / 64; i < n; ++i) {
aa = a;
bb = b;
cc = c;
dd = d;

for(j = 0; j < 16; ++j) {
x[j] = m.charCodeAt(i * 64 + j * 4)
| (m.charCodeAt(i * 64 + j * 4 + 1) << 8)
| (m.charCodeAt(i * 64 + j * 4 + 2) << 16)
| (m.charCodeAt(i * 64 + j * 4 + 3) << 24);
}

a = r(a, b, c, d, 0, 3);
d = r(d, a, b, c, 1, 7);
c = r(c, d, a, b, 2, 11);
b = r(b, c, d, a, 3, 19);
a = r(a, b, c, d, 4, 3);
d = r(d, a, b, c, 5, 7);
c = r(c, d, a, b, 6, 11);
b = r(b, c, d, a, 7, 19);
a = r(a, b, c, d, 8, 3);
d = r(d, a, b, c, 9, 7);
c = r(c, d, a, b, 10, 11);
b = r(b, c, d, a, 11, 19);
a = r(a, b, c, d, 12, 3);
d = r(d, a, b, c, 13, 7);
c = r(c, d, a, b, 14, 11);
b = r(b, c, d, a, 15, 19);

a = s(a, b, c, d, 0, 3);
d = s(d, a, b, c, 4, 5);
c = s(c, d, a, b, 8, 9);
b = s(b, c, d, a, 12, 13);
a = s(a, b, c, d, 1, 3);
d = s(d, a, b, c, 5, 5);
c = s(c, d, a, b, 9, 9);
b = s(b, c, d, a, 13, 13);
a = s(a, b, c, d, 2, 3);
d = s(d, a, b, c, 6, 5);
c = s(c, d, a, b, 10, 9);
b = s(b, c, d, a, 14, 13);
a = s(a, b, c, d, 3, 3);
d = s(d, a, b, c, 7, 5);
c = s(c, d, a, b, 11, 9);
b = s(b, c, d, a, 15, 13);

a = t(a, b, c, d, 0, 3);
d = t(d, a, b, c, 8, 9);
c = t(c, d, a, b, 4, 11);
b = t(b, c, d, a, 12, 15);
a = t(a, b, c, d, 2, 3);
d = t(d, a, b, c, 10, 9);
c = t(c, d, a, b, 6, 11);
b = t(b, c, d, a, 14, 15);
a = t(a, b, c, d, 1, 3);
d = t(d, a, b, c, 9, 9);
c = t(c, d, a, b, 5, 11);
b = t(b, c, d, a, 13, 15);
a = t(a, b, c, d, 3, 3);
d = t(d, a, b, c, 11, 9);
c = t(c, d, a, b, 7, 11);
b = t(b, c, d, a, 15, 15);

a += aa;
b += bb;
c += cc;
d += dd;
}
m = (a & 0xff).pad(2, 16)
+ ((a >> 8) & 0xff).pad(2, 16)
+ ((a >> 16) & 0xff).pad(2, 16)
+ ((a >> 24) & 0xff).pad(2, 16);
m += (b & 0xff).pad(2, 16)
+ ((b >> 8) & 0xff).pad(2, 16)
+ ((b >> 16) & 0xff).pad(2, 16)
+ ((b >> 24) & 0xff).pad(2, 16);
m += (c & 0xff).pad(2, 16)
+ ((c >> 8) & 0xff).pad(2, 16)
+ ((c >> 16) & 0xff).pad(2, 16)
+ ((c >> 24) & 0xff).pad(2, 16);
m += (d & 0xff).pad(2, 16)
+ ((d >> 8) & 0xff).pad(2, 16)
+ ((d >> 16) & 0xff).pad(2, 16)
+ ((d >> 24) & 0xff).pad(2, 16);

return m;
};
})();

Number.prototype.pad = function(l, r, c) {
return (+this).toString(r || 10).pad(l, c || '0');
};
Number.prototype.rotl = function(n) {
n &= 0x1f;

return (this << n) | (this >>> (32 - n));
};

String.prototype.pad = function(l, c) {
var S = String(this),
n = Math.max(l - S.length, 0);

while(n--) {S = c + S;}
return S;
};
String.prototype.toUTF8 = function() {
var S = new String(this),
s = '',
c;

for(var i = 0, n = S.length; n > i; ++i) {
c = S.charCodeAt(i);

if(0x0080 > c) {
s += S.charAt(i);
} else if(0x0800 > c) {
s += String.fromCharCode(0xc0 | ((c >>> 6) & 0x1f),
0x80 | (c & 0x3f));
} else if((0xd800 > c) || (c > 0xdfff)) {
s += String.fromCharCode(0xe0 | ((c >>> 12) & 0x0f),
0x80 | ((c >>> 6) & 0x3f), 0x80 | (c & 0x3f));
} else {
c += 0x40;
s += String.fromCharCode(0xf0 | ((c >>> 8) & 0x07),
0x80 | ((c >>> 2) & 0x3f));
c = ((c & 0x03) << 10) | (S.charCodeAt(++i) & 0x3ff);
s += String.fromCharCode(0x80 | (c >>> 6),
0x80 | (c & 0x3f));
}
}
return s;
};

IanMarlowe
07-05-2005, 04:10 AM
wow...

sunny
07-05-2005, 08:14 AM
well, I just wanted a simple pasword script.Anyway Thanks For all those replies.

Twey
07-05-2005, 08:33 AM
Also, SHA1:
http://pajhome.org.uk/crypt/md5/sha1.js

... and the more up-to-date MD5:
http://pajhome.org.uk/crypt/md5/md5.js


wow...
Nice work, Mike.