PDA

View Full Version : Password Problems



Clayf700
10-18-2010, 02:38 AM
Okay Right now i got this really annoying glitch where i have 2 passwords and they both lead you to 2 different places, the problem is they keep going to the same dang url! so one is linking to success.html and one to success2.html and they both keep linking to success2.html, really annoying, can anybody tell me what's going on?

here's My Code

<html>
<head>
</head>
<body>
<form>
<p>ENTER USER NAME :
<input type="text" name="text2">
</p>
<p> ENTER PASSWORD :
<input type="password" name="text1">
<input type="button" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"Clayf700",text1.value,"login") >
</p>

</form>
<br>
<form>
<p>ENTER USER NAME :
<input type="text" name="text4">
</p>
<p> ENTER PASSWORD :
<input type="password" name="text3">
<input type="button" value="Check In" name="Submit2" onclick=javascript:validate(text4.value,"Clayf700",text3.value,"login") >
</p>
</form>
<script language = "javascript">

function validate(text1,text2,text3,text4)
{
if (text1==text2)
load('success.htm');
else
{
load('failure.htm');
}
if (text3==text4)
load('success2.htm');
else
{
load('failure2.htm');
}
}
function load(url)
{
location.href=url;
}
</script>

</body>
</html>

bluewalrus
10-18-2010, 03:17 AM
Server side code such as php is a better way to do this. Using javascript/ client side coding the username and passwords are exposed to the user. I've made a sample version in php below, of what you have in js currently.



<?php
if (isset($_GET['submitted']) && $_GET['submitted'] == 1) {
if ($_POST['user'] == "text1") {
if ($_POST['pwd'] == "text2") {
header("Location: success.htm");
} else {
header("Location: failure.htm");
}
if ($_POST['user'] == "text3") {
if ($_POST['pwd'] == "text4") {
header("Location: success2.htm");
} else {
header("Location: failure2.htm");
}
}
?>
<html>
<head>
</head>
<body>
<form method="post" action="?submitted=1">
<p>ENTER USER NAME : </p>
<input type="text" name="user" />
<p> ENTER PASSWORD :</p>
<input type="password" name="pwd">
<input type="submit" />
</form>
</body>
</html>

Clayf700
10-18-2010, 03:31 AM
Thanks man! Anyway, this password is just for a sample could I also just get it in plain javascript too? thanks for the php, i'll be sure to use that for the real one

bluewalrus
10-18-2010, 03:53 AM
Not sure what you mean by "could i get it in plain javascript too".

The password/username are exposed to any visitor of your site in the source code if the they are done in javascript.

If you view the source of your page you will see it, a more complex or less complex password won't make a difference because all the user has to do is copy and paste it.

The PHP is processed on the server and never exposed to the user. This assumes your server is configured for php though, if not that code will do anything and be displayed to the user.