Login Password Script Help

[isamarlow]

I need help with a login and password form.
I have one that works listed below, but it only works when you click the login button - I need it to ALSO work when you press ENTER. I tried to change the onClick to onKeyPress, but no luck - please advise. I do not need to stay with this form if anyone has a better recommendation.

thanks!

<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="member") {
if (form.pass.value=="gopass") {
location="gopass.htm"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
</script>
<form name="login">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="button" value="Login" onClick="pasuser(this.form)">
</form>

[thetestingsite]

Try this:

Code:

<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value=="member") {
if (form.pass.value=="gopass") {
location="gopass.htm"
} else {
alert("Invalid Password")
}
} else { alert("Invalid UserID")
}
}
//-->
</script>
<form name="login" onsubmit="pasuser(this.form)">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="submit" value="Login">
</form>

Notice I changed the button to a submit button, then added the onsubmit handler to the form tag.

Also notice, this does not belong in the HTML forum but instead in the javascript forum.

Anyway, hope this helps.

[beeps]

Please try this:
--------------------------------------------------
<HTML>
<HEAD>
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<TITLE>Ear Demo</TITLE>
<script language="javascript">
<!--//
/*This Script allows people to enter by using a form that asks for a
UserID and Password*/
function pasuser(form) {
if (form.id.value == "member") {
if (form.pass.value == "gopass") {
location = "gopass.htm";
} else {
alert("Invalid Password");
}
} else {
alert("Invalid UserID");
}
}
function IEKeyCap() {
if (window.event.keyCode == 13) {
pasuser(document.forms[0]) ;
}

}

//-->
</script>
<body onKeyPress="IEKeyCap()">
<form name="login">
<span class="style13">Username: </span>
<input name="id" type="text" size="15">
<br>
<span class="style13">Password: </strong></span>
<input name="pass"type="password" size="15">
<input type="button" value="Login" onClick="pasuser(this.form)">
</form>
</body>
</HTML>

[Twey]

Please don't -- that's a terrible script (and pretty bad HTML too). The correct way to do it is to use the form's onsubmit event rather than the button's onclick.

Javascript password scripts will always be less secure than their server-side counterparts, but it is at least possible to make them slightly secure (I.E. not including the password in the source) -- see http://www.twey.co.uk/?q=encpass for an example.

[thetestingsite]

The correct way to do it is to use the form's onsubmit event rather than the button's onclick.

I had suggested that in this thread. According to the OP, it did not work.

[isamarlow]

The script on your site is perfect, I just can't figure out where to put the page that the form goes to? right now it goes nowhere. Sorry if this is a stupid question I am very new to javascript.

thanks, Isadora

here is the script I used: (username: member - password:gopass)

<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/%p.txt"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>

[tech_support]

Code:

<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/&#37;p.txt"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>

[isamarlow]

OK but how do I save my page gohome.html as /includes/Gopass.txt?username=Member&password=Gopass

[Twey]

I don't think you quite understand the nature of the script. What makes it secure is that it directs to a page whose name is based on the login info provided. It's a frontend to what could be considered a very basic form of server-side security built in to every webserver.

[tech_support]

Code:

<script type="text/javascript">

// Encrypted Password script - by Twey, http://www.twey.co.uk/
// (only slightly based on the script of the same name by Rob Heslop)
// Released under the terms of the GNU General Public License,
// version 2 or later. See http://www.gnu.org/copyleft/gpl.html for more
// information.

var caseSensitive = true;
var pageToGoTo = "includes/gohome.html?username=&#37;u&password=%p"; // %u will be replaced with username, %p with password.
var failureMessage = "Username/password combination entered incorrectly."
var caseWarning = "\nWarning: case sensitive.";
var users = [
["aa08769cdcb26674c6706093503ff0a3", "400a2c1559d060aec45227533f363d2d"]
// Add more here, in the format [usercode, passcode]
// but don't forget to add a comma to all but the last one!
];

function encrypt(str) {
/* Original algorithm:

var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);
return hash;

*/
/* Paj's MD5 implementation: */
// NOTE: MD5 has several collision weaknesses. However,
// these are not an issue here, as succeeding in creating
// a collision would only cause the script to report the
// correctness of the password incorrectly.

return hex_md5(str);
}

function passCheck(frm, user, pass) {
var form = document.forms[frm] || frm,
username = user ? (form && form.elements[user] ? form.elements[user].value : user) : form.elements["username"].value,
password = pass ? (form && form.elements[pass] ? form.elements[pass].value : pass) : form.elements["password"].value,
passcode = usercode = 1;
if(!caseSensitive) {
username = username.toLowerCase();
password = password.toLowerCase();
}
var pg = pageToGoTo.replace(/%p/g, password).replace(/%u/g, username);
passcode = encrypt(password);
usercode = encrypt(username);
for(var i = 0; i < users.length; i++)
if(users[i][0] == usercode && users[i][1] == passcode) {
if(!frm) return window.location.href = pg;
form.action = pg;
return true;
}
window.alert(failureMessage + (caseSensitive ? caseWarning : ""));
return false;
}
</script>

<form action="" onsubmit="return passCheck(this);">
<p>
<label style="display:block;">
Username:
<input type="text" name="username" size="15">
</label>
<label style="display:block;">
Password:
<input type="password" name="password" size="15">
</label>
<input type="submit" value="Submit">
</p>
</form>