|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
SlickEdit: Code in over 40 languages across 7 platforms. SlickEdit’s unmatched power, speed, and flexibility allows even the most accomplished developers to write better code faster. Download a free trial today! |
|
#1
June 21st, 2006, 11:30 AM
|
||||
|
||||
|
Very simple login/password protected page
There are a few pages I have on my mysite that I would rather not users from accidently stumbling across (they are stats on hits etc, not anything else
 ) and I was trawling the web for this and the best I could find was this one.Code:
<SCRIPT LANGUAGE="JavaScript">
if (username=="user in lowercase" && password=="their password in lowercase") {
loggedin=true;
window.location="location the user will be directed to if correct";
}
/// Functions() (NON-EDITABLE)
function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","Show automaticly a username in UPPER or lowercase");
username=username.toLowerCase();
password=prompt("Password:","Show automaticly a password in UPPER or lowercase");
password=password.toLowerCase();
/// Login Names and P-words (EDITABLE)
if (username=="user001" && password=="1234") {
loggedin=true;
window.location="http://nmba.usa.tripod.com";
}
if (username=="user002" && password=="1234") {
loggedin=true;
window.location="http://nmba.usa.tripod.com";
}
/// Alert for incorrect (EDITABLE BUT NOT RECOMENDED)
if (loggedin==false) {
alert("Login failed!\n\nPlease supply new credentials.");
}
}
</SCRIPT>
</head>
<BODY onLoad="LogIn();">
However, there is one small flaw in the cunning plan, it lets the page load and then asks for the username/password! Doh! and then when youv'e got the user/pass ok it goes off (in this case) to a nmba.usa.tripod.com website. How can I modify this javascript code to validate the user/pass BEFORE loading the page where the code resides? And BTW I don't mind if this can be hacked into to as it is to only to prevent the average user from seeing the page.
|
|
#2
June 21st, 2006, 01:50 PM
|
||||
|
||||
|
authentication
I don't think tripod gives you many options. The best way would be to use something like Apache mod_auth AND a server-side language like PHP to authenticate users.
If you do it this way, the URL is visible in view-source and that's the page that needs login, not the redirecting page. If using this javascript technique is the only option you have, it may help deter a few more users if you obfuscate the code. (then again it may be an irresistable challenge for some) Try this (at least for the URL) Code:
<html>
<head>
<script type="text/javascript">
function uniToDec(){
var str = document.getElementById("text_in").value;
var temp = "", c = 0, out = "";
while(c <= str.length-1){
while(str.charAt(c)!='')temp = temp+"&#"+str.charCodeAt(c++)+";";
c++;
out=out+temp;
temp="";
}
document.getElementById("text_out").value = out;
}
</script>
</head>
<body>
<form>
Input Text Area<br />
<textarea name="text_in" id="text_in" cols="75" rows="10"></textarea><br />
Output Text Area<br />
<textarea name="text_out" id="text_out" cols="75" rows="10"></textarea><br />
<input type="button" onclick="uniToDec();" value="Unicode Chars to Decimal Nums" />
</form>
</body></html>
|
|
#3
June 21st, 2006, 02:54 PM
|
||||
|
||||
|
Cheers Mittineague, I'll do some code-crunching on that!
|
|
#4
June 25th, 2006, 10:07 PM
|
||||
|
||||
the best way i came up with so far.
the best way to encode a password in which only the correct stuff can log into it is, i wont give you the whole code, but just an idea.
i have a business called C.R. Services and i have clients, all clients i have, i have more-so personal relationship with, therefore i can give them files to run exc. now what i did was create three different arrays and in one array listed the base two placement values (2 to the power of __) and also the base 16 (16 to the power of __) also a array that stored the following... var alphabet=" abcdefghijklmnopqrstuvwxyz0123456789"; for (var x=0;x<password.length;x++) { _letterIndex[x]=alphabet.indexOf(password.charAt(x)); } and then did a lot of crazy math, moded the outcome number by 1000000 and then saved it like this... [first letter of password][value of mixed up coding][last letter of password]_[first letter of username][value of mixed up coding for username][last letter of username]@[security code entered by user] so an example of this would be... l534859032346_m-58493930234d@45982349 password of the above: lawn06 username of the above: myfriend security code: 45982349 good luck at this... colton22 - http://www.freewebs.com/colton22
|
|
#5
June 27th, 2006, 08:10 AM
|
||||
|
||||
|
colton22, that's a nifty script and crazy algorithm for encoding.
Overall though, I'd strongly discourage relying on Javascript to password protect a page. I think Mittineague mentioned it above, but your script will be available to everyone who can see it... anyone motivated enough can crack your crazy algorithm. I do not mean to discredit colton22's post... if you absolutely positively without-a-doubt have to use Javascript, definitely investigate some type of encryption.
__________________
Daryl's Homepage | My Blogroll | My Profile | Firefox supporter! DevArticles Forum Moderator "The net is a waste of time, and that's exactly what's right about it." -- William Gibson
|
|
#6
June 29th, 2006, 05:11 PM
|
||||
|
||||
well with my code...
with my code, the file being protected's url is in the cookie I GIVE the client or the client ajusts (with a html page i give them). so actually only hackers who remotly copy files or read them through ports are able to read the cookie and/or website who access the same name of the cookie can get into it, i can eliminate the other websites by making secure=true; but otherwize, hackers, belive me, i know, can get anything
 * so yea, madcowdzz is right, server side languages are the best because...1.) no worries of the <noscript> tag because all script is compiled on the server before sent to the user. 2.) password benifts... colton22
|
|
#7
June 30th, 2006, 12:21 PM
|
||||
|
||||
|
Thanks Colton22
I'll will definately look into that. The idea of javascript was started from the login to the phpMyAdmin screen, an alert pops up which already has your username probably from a cookie and the page form only when you get the password correct. It looks like javascript but should use php. I should be able to find out since the source code is on the hosted server. BTW I still cannot use your menu in IE ver5.2 for mac yet! I talked about it on someone elses thread.
|
|
#8
July 3rd, 2006, 12:03 AM
|
||||
|
||||
my password thing above is better then i thought
one of my friends is a hacker, and he has tried several times to hack into the temp website i had up, he failed every time, the only way you can go through is if you have software to access and read the cookie stored and/or you have access to the computer that the cookies is stored on.
im soo happy, lol colton22 also i will send my entire website code if requested at Colton22@comcast.net
|
|
| Viewing: Dev Articles Community Forums > Programming > JavaScript Development > Very simple login/password protected page |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
