Solved

Userid/Passsword Validation

Posted on 1997-06-20
8
630 Views
Last Modified: 2008-02-26
What is wrong with the following script?


<HTML><HEAD>
<SCRIPT LANGUAGE="JavaScript">

<!-- Hide from JavaScript-Impaired Browsers
al="`1234567890-=~!@#$%^&*()_+qwer"
+"tyuiop[]QWERTYUIOP{}|asdfghjkl;A"
+"SDFGHJKL:zxcvbnm,./ZXCVBNM<>?";
ab1="";
bctr=0;
function ckPwd(){
 tst=document.isn.username.value
 +"*"+document.isn.passwrd.value+"*";
 ls=document.pd.value;
 a=eval(ls.substring(0,2))-91;
 ls=ls.substring(2,ls.length);
 nls="";
 flg=0;
 while (ls.length>12){
  ab=eval(ls.substring(0,2))-89;
ab1=(ab1==""?""+ab:ab1);
  oab1=ab1;                                
  ls=ls.substring(2,ls.length);    
  for (var i=0;i<ab;i++){          
   nr=eval(ls.substring(0,2))-a;
   ls=ls.substring(2,ls.length);
   nls+=al.charAt(nr);
   }            
  nls+="*";                    
  if (nls.indexOf(tst)>-1){          
   ls="";            
   flg=1;                    
   }                          
  }    
 if (flg==1){
  tstOk();            
  }      
  else{                    
  bctr++;                                  
  if (bctr>3){                    
   location.href="wrongpage.html";
   }                            
  else{                        
   alert("Sorry. Bad Username or Password."
   +" Failed Attempt #"+bctr+".");
   }                            
  }                                  
 }                    
                             
function tstOk(){            
 ab1=ab1+""+a;
  alert("OK. You Entered a Valid Username and Password, "
  +document.isn.username.value+"! Taking you to the"
  +" restricted page as soon as you click OK.");
 location.href="rightpage.html"+ab1;
 }                                        
                                   
function srand() {                
 today=new Date();              
 rand=today.getTime();          
 picker=""+rand                            
 picker=picker.charAt((picker.length-4));
 rec=eval(picker);              
 }                                  
// End Hiding -->    
                             
</SCRIPT> </HEAD> <BODY BGCOLOR="black" text="grey""><CENTER>
<FORM NAME="pd">
<!-- IMPORTANT: After you run the pseudo-encrypter, you  
will get a "hidden" form element constructed especially for your own user
names and passwords. Paste that form element right below this note and
above the end of form tag. -->      
                           
</FORM>                            
                                   
<!-- You may put any page content you wish here
                               
The HTML below for the password entry is presently set for blue background and $
                                         
<FORM NAME="isn">              
<TABLE BORDER=2 CELLPADDING=5 CELLSPACING=0 BGCOLOR=BLUE>
<TR><TD COLSPAN=2 ALIGN=CENTER><FONT SIZE=4 COLOR=WHITE FACE="helvetica,arial,g$
<TR><TD><FONT SIZE=3 COLOR=GREY><B>Your User Name:</B></FONT></TD>
<TD><INPUT TYPE="text" NAME="username" VALUE="" SIZE=10></TD></TR>
<TR><TD><FONT SIZE=3 COLOR=grey<B>Your Password:</B></FONT></TD>
<TD><INPUT TYPE="password" NAME="passwrd" VALUE="" SIZE=10></TD></TR>
<TR>              
<TD COLSPAN=2 ALIGN=CENTER>                                          
<INPUT TYPE="button" NAME="btn" VALUE=" Submit " onClick="ckPwd();return false;$
</TABLE></FORM>                            
                                   
<b>To Recieve Access:</b><br>      
Username- John<br>                            
Password- 4$3gb%a              
<SCRIPT LANGUAGE="JavaScript">                                                  
                                         
<!-- Hide JavaScript from Java-Impaired Browsers
document.isn.username.focus();                                       // End Hiding -->
                                                                     
</SCRIPT>                                                                      
                                           
</BODY>                            
</HTML>          
0
Comment
Question by:npc101
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:viro
ID: 1267374
Try this version:

                  <HTML><HEAD>
                  <SCRIPT LANGUAGE="JavaScript">

                  <!-- Hide from JavaScript-Impaired Browsers
                  al="`1234567890-=~!@#$%^&*()_+qwer"
                  +"tyuiop[]QWERTYUIOP{}|asdfghjkl;A"
                  +"SDFGHJKL:zxcvbnm,./ZXCVBNM<>?";
                  ab1="";
                  bctr=0;
                  function ckPwd(){
                   tst=document.isn.username.value
                   +"*"+document.isn.passwrd.value+"*";
                   ls=document.pd.value;
                   a=eval(ls.substring(0,2))-91;
                   ls=ls.substring(2,ls.length);
                   nls="";
                   flg=0;
                   while (ls.length>12){
                    ab=eval(ls.substring(0,2))-89;
                  ab1=(ab1==""?""+ab:ab1);
                    oab1=ab1;
                    ls=ls.substring(2,ls.length);
                    for (var i=0;i<ab;i++){
                     nr=eval(ls.substring(0,2))-a;
                     ls=ls.substring(2,ls.length);
                     nls+=al.charAt(nr);
                     }
                    nls+="*";
                    if (nls.indexOf(tst)>-1){
                     ls="";
                     flg=1;
                     }
                    }
                   if (flg==1){
                    tstOk();
                    }
                    else{
                    bctr++;
                    if (bctr>3){
                     location.href="wrongpage.html";
                     }
                    else{
                     alert("Sorry. Bad Username or Password."
                     +" Failed Attempt #"+bctr+".");
                     }
                    }
                   }
                     
                  function tstOk(){
                   ab1=ab1+""+a;
                    alert("OK. You Entered a Valid Username and Password, " 
                    +document.isn.username.value+"! Taking you to the"
                    +" restricted page as soon as you click OK.");
                   location.href="rightpage.html"+ab1;
                   }
                     
                  function srand() {
                   today=new Date();
                   rand=today.getTime();
                   picker=""+rand
                   picker=picker.charAt((picker.length-4));
                   rec=eval(picker);
                   }
                  // End Hiding -->
                     
                  </SCRIPT>
</HEAD>
<BODY BGCOLOR="black" text="grey"">
<CENTER>
<FORM NAME="pd">
                  <!-- IMPORTANT: After you run the pseudo-encrypter, you
                  will get a "hidden" form element constructed especially for your own
                  user
                  names and passwords. Paste that form element right below this note and
                  above the end of form tag. -->
</FORM>
                     
                  <!-- You may put any page content you wish here
                     
                  The HTML below for the password entry is presently set for blue
                  background and $ -->
                     
<FORM NAME="isn">
<TABLE BORDER=2 CELLPADDING=5 CELLSPACING=0 BGCOLOR=BLUE>
<TR>
<TD COLSPAN=2 ALIGN=CENTER>
<FONT SIZE=4 COLOR=WHITE FACE="helvetica,arial">
</TD>
<TR>
<TD>
<FONT SIZE=3 COLOR=GREY>
<B>Your User Name:</B>
</FONT>
</TD>
<TD>
<INPUT TYPE="text" NAME="username" VALUE="" SIZE=10>
</TD>
<TR>
<TD>
<FONT SIZE=3 COLOR=grey<B>Your Password:</B></FONT>
</TD>
<TD>
<INPUT TYPE="password" NAME="passwrd" VALUE="" SIZE=10>
</TD>
<TR>
<TD COLSPAN=2 ALIGN=CENTER>
<INPUT TYPE="button" NAME="btn" VALUE=" Submit " onClick="ckPwd();return false;">
</TABLE>
</FORM>
                     
                  <b>To Recieve Access:</b><br>
                  Username- John<br>
                  Password- 4$3gb%a
<SCRIPT LANGUAGE="JavaScript">
<!-- Hide JavaScript from Java-Impaired Browsers
  document.isn.username.focus();
// End Hiding -->
</SCRIPT>
</BODY>
</HTML>

Hope it's help!
0
 

Author Comment

by:npc101
ID: 1267375
Both versions give an "ls has no properties" error. What's wrong with it?
0
 
LVL 3

Accepted Solution

by:
garik earned 100 total points
ID: 1267376
You assign ls=document.pd.value - pd is a form, it doesn't have a value as far as I know. Then, apparently for testing, you combine username and password from isn form and assign it to tst - perhaps, that's what you want to use instead of document.pd.value? Although it still doesn't work because of eval() statements.
Anyway, if you could tell what you actually want from this script, I'd gladly help you.

Cheers
0
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

 

Author Comment

by:npc101
ID: 1267377
I want the script to limit access to a series of pages on my website by using a username-password system. The script must be secure so that it cannot be view from the login page, or it will be easy to crack.

Cheers.
0
 
LVL 3

Expert Comment

by:garik
ID: 1267378
As far as I know, there is no way to protect you script from viewing - the most tricky solutions are easily bypassed by disbaling JavaScript in the browser to see ANY script - embedded or .js file.
The easiest way to setup an authentication without using server-side solutions is to use file names as passwords. F.ex., for multiple user accounts, you could have subdirectories named as username and an entry page named as password. For user "joe" with password "sixpack" correct URL is
username+"/"+password+".html" = "joe/sixpack.html"
Therefore, you users instead of 401's (Access denied) would get 404's (Not found) if they use wrong username/password combination. Directory listing (the only way to crack this system except for guessing) can be either prohibited on the server, or, if you don't have access to the server, by providing a proper index.html (or whatever your server requires).
BTW, why can't you use server's authentication facilities?
0
 
LVL 3

Expert Comment

by:garik
ID: 1267379
mistyped: ".. bypassed by disabling JavaScript in the browser.."

0
 

Author Comment

by:npc101
ID: 1267380
I don't use server authentication as the server I use doesn't use CGI (it's a pain, I know) so I can't.
0
 
LVL 3

Expert Comment

by:garik
ID: 1267381
Actually, I've meant basic HTTP authentication supported by some Web servers like Apache or NCSA - they use plain .htaccess/.htpasswd files to protect directories.

Newer servers usually have built-in authentication and maintain users database.

BTW, it's location.href in MSIE, but document.location in Netscape, so you have to check User Agent to do a redirection right:

navigator.userAgent.indexOf("MSIE") < 0 ?
      top.document.location="Home.html" :
      top.location.href="Home.html";
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I would like to talk about localizing (Internationalization) JavaScript applications. Introduction When creating an application that is going to be used by many people around the globe, it is important to remember that not everyone speak…
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question