Password protection of blog~

[mingyan]

i'm a blogger who is currently disturbed by some intruders or spammers who kept on flaming at my tagboard and i need help for protecting my blog from these ppl.. i came across many types and i've tried to understand but i could not.. can anyone pls help me!! i'm interested in this type
i dun understand or see how is the password 1, 4 and 5 as i look at the source but could not see 1 4 or 5 appear in them but the password is actually 1 4 and 5 T.T pls help me i'm completely clueless about these codes or scripts..

[mburt]

JavaScript isn't generally the best way to do this. A password encrypter is the closest thing to "password protection" in JavaScript. The problem is that the user can read the source and somehow find the password. The ideal way to make a password protected site is to use PHP. It is completely unreadable by the user.

I don't really think you can have .php files on your blog, so maybe a JavaScript one could do. There's still no way to completely stop the user from entering a page with JS though.

[mingyan]

can u recommend the best password protection JS which is not so easy to view? http://www.dynamicdrive.com/dynamicindex9/password.htm seems very good but i just dunno how to use it. i've tried it but after i entered the correct user and password it leads me to http://testinghtmls.blogspot.com/passwordpassword.htm which is a 404 error page not found.. my blogspot is http://testinghtmls.blogspot.com is there anyway u can help to solve this problem?

[blm126]

They are all easy to view. Anyone who knows a decent amount of javascript will have no problem getting around it.

[mburt]

Decoding a hash number is pretty hard though, but you are still right. It's not fool-proof. PHP is the only real way to go about this.

[djr33]

hash encoding would be a good way to do it.
Is the md5 algorithm available in JS?

[mburt]

Yup. Check this out: http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

[djr33]

Hmm... I think i'd trust that.

Maybe, just to make it more of a pain, run it through the algorithm two or three times... then, a hacker would be nuts to try to figure it out.


However, now that I think about it, I realize that you could still access the content by getting around the javascript and/or modifying it... so... yeah.

Interesting thought, though.

[mingyan]

Can anyone explain where do i input the password for this script??? i don't care so much already.. i just want to try this out and just pray tat idiot know nth about JS..


<SCRIPT LANGUAGE="javascript">

function GoIn()
{
var Password = new Array("p","j","l","z","o","e","m","b","x","z")

function getNumbers()
{
return document.userInput.u1.value
return document.userInput.u2.value
return document.userInput.u3.value
}

var input1 = document.userInput.u1.value
var input2 = document.userInput.u2.value
var input3 = document.userInput.u3.value

var pw1 = Password[input1]
var pw2 = Password[input2]
var pw3 = Password[input3]

var pw = pw1 + pw2 + pw3
if (pw == pw1+pw2+pw3)
{location.href = pw+ ".html"}
}
</SCRIPT>
Put in Your Three-Number Password to Enter: <center>
<FORM NAME="userInput">
<INPUT TYPE="text" Name ="u1" SIZE="2">
<INPUT TYPE="text" Name ="u2" SIZE="2">
<INPUT TYPE="text" Name ="u3" SIZE="2">
<INPUT TYPE="button" VALUE="Enter" onClick="GoIn()">
</FORM>
</CENTER>

[mburt]

I don't think you're getting the point here. Anyone could look up that array and figure out the password. You have to use some sort of algorithm to define the password, not plain english.

For example:

The hashcode for the password abc is this:

97 * 97
(97*97)*98
(97*97)*(98*98)

answer:
(97*97)*(98*98)*99

which is:

8946039564

It's pretty much impossible to decode that into "abc"
The link you gave earlier even has a passcode generater on it.
Okay. I'll make up a password and use it as an example (in JS):

English Password: sr356f
Hash Password: 195183305640
With JavaScript you check the value of an input's character-code field:

Code:

<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive 
//Visit http://www.dynamicdrive.com 

function submitentry(){
password = document.password1.password2.value.toLowerCase()
passcode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(passcode==195183305640)
{
window.location="thepage.htm"}
else{
alert("password/username combination wrong")}
}
</script>

And then your HTML:

Code:

<form name="password1">
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">

<input type="button" value="Submit" onClick="submitentry()">
</form>