CSS Codes
CSS Layouts
Results 1 to 7 of 7

Thread: simple password problem

  1. 07-04-2005, 09:21 AM #1
    sunny
    sunny is offline Junior Coders
    Join Date
    Mar 2005
    Location
    Mumbai,INDIA
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post simple password problem

    hi, Please help me with this problem:
    My code:
    Code:
    <SCRIPT LANGUAGE="JavaScript">

<!-- Begin
function pass()
{
var password = 'menon'
password=prompt('Please enter your password:','');
if (password != null) {
location.href= password + ".html";
}
else 
{
location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
}
 }
// End -->
</SCRIPT>
    with this script i want the user to enter 'menon.html', if his password is menon.
    And if he enters any other password other than 'menon' then he should be taken to another target that's mentioned in else condition.
    The problem is if i Just cancel the prompt box,it takes me to the 'else' target page.And if i enter any other name in the prompt box other than 'menon' it assumes it to be a html document and takes me to that page displaying 'page not found'.
    what i want is that the user should be directed to a different page if he enters any other password other than mentioned and if he cancels the prompt box then he should be directed to another page,
    Any suggestions.
    Reply With Quote Reply With Quote
  2. 07-04-2005, 12:32 PM #2
    jscheuer1's Avatar
    jscheuer1
    jscheuer1 is offline Global Moderator
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    30,495
    Thanks
    82
    Thanked 3,449 Times in 3,410 Posts
    Blog Entries
    12

    Default

    Code:
    <script type="text/javascript">
function pass() {
var password=prompt('Please enter your password:','');
if (password == 'menon')
location.href= password + ".html";
else if (password==null) 
//page for no password
location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
else
//page for wrong password
location.href="http://www.angelfire.com/empire2/funnyland/wrongpass.html"
}
</script>
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate
    Reply With Quote Reply With Quote
  3. 07-04-2005, 03:38 PM #3
    Twey's Avatar
    Twey
    Twey is offline Modtoreador
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    I'd just like to point out that it's really pointless to do this, as anyone can look at the source and see what the password is.
    If you didn't mind not having the "wrong password" page, you could do something like this:
    HTML Code:
    <script type="text/javascript">
function pass() {
var password=prompt('Please enter your password:','');
if (password==null) location.href="http://www.angelfire.com/empire2/funnyland/silasthankyou.html"
location.href= password + ".html";
}
</script>
    ... which would actually be reasonably secure, if less user-friendly, as a wrong password would generate a 404 "Page not found" error.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
    Reply With Quote Reply With Quote
  4. 07-04-2005, 09:56 PM #4
    mwinter
    mwinter is offline Elite Coders
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Twey
    I'd just like to point out that it's really pointless to do this
    Indeed.

    as anyone can look at the source and see what the password is.
    If you (the OP) really must do this, you have to encode the password. Putting it in as plain text really is useless.

    There have been some algorithms cited here before, but they make brute forcing quite simple as you can make obvious guesses as to password length (and that really narrows down the time needed).

    I would suggest, but still not recommend, a proper hash function. Many are simple to produce. The MD4 implementation below weighs in at about 4.6KBs with white space (less than three without) and is very fast. Though a mathematical hash can be brute-forced, there are generally no clues as to what the original data contained.

    Getting everything you've asked for:

    Code:
    <script type="text/javascript" src="md4.js"></script>
<script type="text/javascript">
  var hash = '8a9d093f14f8701df17732b2bb182c74';

  function authenticate() {
    var password = prompt('Please enter your password:');

    location.href = !password
                  ? '...'   /* Cancelled URL */
                  : (String(password).md4() == hash)
                  ? password + '.html'
                  : '...';  /* Invalid URL */
  }
</script>
    The value of hash in this example is the string 'password' hashed by MD4.

    Mike


    The contents of md4.js:

    Code:
    String.prototype.md4 = (function() {
  function f(x, y, z) {return (x & y) | (~x & z);}
  function g(x, y, z) {return (x & y) | (x & z) | (y & z);}
  function h(x, y, z) {return x ^ y ^ z;}

  return function() {
    var a = 0x67452301,
        b = 0xefcdab89,
        c = 0x98badcfe,
        d = 0x10325476,
        m = String(this).toUTF8(),
        x = [],
        y = m.length,
        aa, bb, cc, dd, i, j, n;

    function r(a, b, c, d, k, s) {
      return (a + f(b, c, d) + x[k]).rotl(s);
    }
    function s(a, b, c, d, k, s) {
      return (a + g(b, c, d) + x[k] + 0x5a827999).rotl(s);
    }
    function t(a, b, c, d, k, s) {
      return (a + h(b, c, d) + x[k] + 0x6ed9eba1).rotl(s);
    }

    n  = y % 64;
    n  = (n < 56)
       ? 56 - n
       : 120 - n;
    m += '\x80';

    for(i = 1; i < n; ++i) {m += '\0';}

    y *= 8;

    for(i = 0; i < 8; ++i) {
      m += String.fromCharCode(y & 0xff);
      y /= 0x100;
    }

    for(i = 0, n = m.length / 64; i < n; ++i) {
      aa = a;
      bb = b;
      cc = c;
      dd = d;

      for(j = 0; j < 16; ++j) {
        x[j] = m.charCodeAt(i * 64 + j * 4)
             | (m.charCodeAt(i * 64 + j * 4 + 1) << 8)
             | (m.charCodeAt(i * 64 + j * 4 + 2) << 16)
             | (m.charCodeAt(i * 64 + j * 4 + 3) << 24);
      }

      a = r(a, b, c, d, 0, 3);
      d = r(d, a, b, c, 1, 7);
      c = r(c, d, a, b, 2, 11);
      b = r(b, c, d, a, 3, 19);
      a = r(a, b, c, d, 4, 3);
      d = r(d, a, b, c, 5, 7);
      c = r(c, d, a, b, 6, 11);
      b = r(b, c, d, a, 7, 19);
      a = r(a, b, c, d, 8, 3);
      d = r(d, a, b, c, 9, 7);
      c = r(c, d, a, b, 10, 11);
      b = r(b, c, d, a, 11, 19);
      a = r(a, b, c, d, 12, 3);
      d = r(d, a, b, c, 13, 7);
      c = r(c, d, a, b, 14, 11);
      b = r(b, c, d, a, 15, 19);

      a = s(a, b, c, d, 0, 3);
      d = s(d, a, b, c, 4, 5);
      c = s(c, d, a, b, 8, 9);
      b = s(b, c, d, a, 12, 13);
      a = s(a, b, c, d, 1, 3);
      d = s(d, a, b, c, 5, 5);
      c = s(c, d, a, b, 9, 9);
      b = s(b, c, d, a, 13, 13);
      a = s(a, b, c, d, 2, 3);
      d = s(d, a, b, c, 6, 5);
      c = s(c, d, a, b, 10, 9);
      b = s(b, c, d, a, 14, 13);
      a = s(a, b, c, d, 3, 3);
      d = s(d, a, b, c, 7, 5);
      c = s(c, d, a, b, 11, 9);
      b = s(b, c, d, a, 15, 13);

      a = t(a, b, c, d, 0, 3);
      d = t(d, a, b, c, 8, 9);
      c = t(c, d, a, b, 4, 11);
      b = t(b, c, d, a, 12, 15);
      a = t(a, b, c, d, 2, 3);
      d = t(d, a, b, c, 10, 9);
      c = t(c, d, a, b, 6, 11);
      b = t(b, c, d, a, 14, 15);
      a = t(a, b, c, d, 1, 3);
      d = t(d, a, b, c, 9, 9);
      c = t(c, d, a, b, 5, 11);
      b = t(b, c, d, a, 13, 15);
      a = t(a, b, c, d, 3, 3);
      d = t(d, a, b, c, 11, 9);
      c = t(c, d, a, b, 7, 11);
      b = t(b, c, d, a, 15, 15);

      a += aa;
      b += bb;
      c += cc;
      d += dd;
    }
    m  = (a & 0xff).pad(2, 16)
       + ((a >> 8) & 0xff).pad(2, 16)
       + ((a >> 16) & 0xff).pad(2, 16)
       + ((a >> 24) & 0xff).pad(2, 16);
    m += (b & 0xff).pad(2, 16)
       + ((b >> 8) & 0xff).pad(2, 16)
       + ((b >> 16) & 0xff).pad(2, 16)
       + ((b >> 24) & 0xff).pad(2, 16);
    m += (c & 0xff).pad(2, 16)
       + ((c >> 8) & 0xff).pad(2, 16)
       + ((c >> 16) & 0xff).pad(2, 16)
       + ((c >> 24) & 0xff).pad(2, 16);
    m += (d & 0xff).pad(2, 16)
       + ((d >> 8) & 0xff).pad(2, 16)
       + ((d >> 16) & 0xff).pad(2, 16)
       + ((d >> 24) & 0xff).pad(2, 16);

    return m;
  };
})();

Number.prototype.pad = function(l, r, c) {
  return (+this).toString(r || 10).pad(l, c || '0');
};
Number.prototype.rotl = function(n) {
  n &= 0x1f;

  return (this << n) | (this >>> (32 - n));
};

String.prototype.pad = function(l, c) {
  var S = String(this),
      n = Math.max(l - S.length, 0);

  while(n--) {S = c + S;}
  return S;
};
String.prototype.toUTF8 = function() {
  var S = new String(this),
      s = '',
      c;

  for(var i = 0, n = S.length; n > i; ++i) {
    c = S.charCodeAt(i);

    if(0x0080 > c) {
      s += S.charAt(i);
    } else if(0x0800 > c) {
      s += String.fromCharCode(0xc0 | ((c >>> 6) & 0x1f),
                               0x80 | (c & 0x3f));
    } else if((0xd800 > c) || (c > 0xdfff)) {
      s += String.fromCharCode(0xe0 | ((c >>> 12) & 0x0f),
                               0x80 | ((c >>> 6) & 0x3f), 0x80 | (c & 0x3f));
    } else {
      c += 0x40;
      s += String.fromCharCode(0xf0 | ((c >>> 8) & 0x07),
                               0x80 | ((c >>> 2) & 0x3f));
      c  = ((c & 0x03) << 10) | (S.charCodeAt(++i) & 0x3ff);
      s += String.fromCharCode(0x80 | (c >>> 6),
                               0x80 | (c & 0x3f));
    }
  }
  return s;
};
    Reply With Quote Reply With Quote
  5. 07-05-2005, 04:10 AM #5
    IanMarlowe
    IanMarlowe is offline Regular Coders
    Join Date
    Jul 2005
    Location
    Kuwait-I'm American
    Posts
    127
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    wow...
    //\\ //\\// || //\\//\\ //\\ ||_
    SOFTWARE
    Reply With Quote Reply With Quote
  6. 07-05-2005, 08:14 AM #6
    sunny
    sunny is offline Junior Coders
    Join Date
    Mar 2005
    Location
    Mumbai,INDIA
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Post

    well, I just wanted a simple pasword script.Anyway Thanks For all those replies.
    Reply With Quote Reply With Quote
  7. 07-05-2005, 08:33 AM #7
    Twey's Avatar
    Twey
    Twey is offline Modtoreador
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Also, SHA1:
    http://pajhome.org.uk/crypt/md5/sha1.js

    ... and the more up-to-date MD5:
    http://pajhome.org.uk/crypt/md5/md5.js

    Quote Originally Posted by IanMarlowe
    wow...
    Nice work, Mike.
    Last edited by Twey; 07-05-2005 at 08:36 AM.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules