Solved

window.prompt 'name & password(***)' ???

Posted on 1997-10-18
11
577 Views
Last Modified: 2008-02-26
I need the code for a JavaScript dual-field prompt window (exactly like the Experts Exchange log-on prompt). I need the 2nd field contents obscured by ******.   Please also explain (if you could) how to set the contents of the 2 fields to predetermined string literals.  
Thanks so much,
Tony
Williston,VT
0
Comment
Question by:boatful
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 1

Expert Comment

by:clambake
ID: 1271592
This cannot be done in JavaScript.  Unfortunately JS lacks the ability to customize the three dialog boxes (prompt, alert, confirm) beyond the text message it spits up.

Authentication like the Experts Exchange login prompt are specified in the web server.  Contact your server administrator or ISP to have them restrict access in this manner.
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 1271593
you cannot customize the confirm-box to have the fields you are looking for, BUT you can open a new window to look the way you want it to look. Try this code:

<HTML>
<!-- works in Netscape, not tested in IE -->
<HEAD>
<TITLE> Dialog-Test </TITLE>

  function CheckPwd() {
msgWindow=window.open("","displayWindow","height=150,width=400");
   msgWindow.document.write("<HEAD><TITLE>Password required</TITLE></HEAD>")
   msgWindow.document.write("<BODY bgcolor='gray'><FORM formpwd><table><tr><td>Your name:</td><td><input type=text size=20></td></tr>");
   msgWindow.document.write("<tr><td>Your password:</td><td><input type=password size=20></td></tr>");
   msgWindow.document.write("<tr><td COLSPAN=2 ALIGN=CENTER><input type=button value=' OK '>&nbsp;&nbsp;<input type=button value=' Cancel '></td></tr></table></form>");
   return msgWindow;
  }

</HEAD>
<BODY>
  <form><input type=button onclick="CheckPwd()" value="Open"></form>
</BODY>
</HTML>

This opens a window like the one you want to have. Unfortunately, this is not a simple routine that waits for an OK/Cancel and returns values. You will have to mess around with timers and return-values to detect if, when and how the form was closed and to get what you want to have.
I will help you do this, but I'd like to have the question unlocked first and I'd also appreciate it if you could increase the point-value if you have any points to spare - this definitely is NOT an easy one!
Take a look at the page (just cut&paste the code) and post a comment...
0
 
LVL 1

Expert Comment

by:clambake
ID: 1271594
The problem with attempting client-side authentication is that it will always be insecure.  Holger, do you propose that the document source includes something like:

if (password_entered = "magic_word")
      {
      document.location = "secure_file.html"
      }


0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 6

Expert Comment

by:Holger101497
ID: 1271595
??? well... you tell me!
You asked about a "window.prompt 'name & password(***)' ???"...
where did YOU want to put the password? If you have access to a server that offers server side authetication, that's definitely better if you only want to restrict access to your pages - plus, it is (almost) hack-proof, something that JavaScript can and will probably never be...
Many servers do not support this type of authentication or, more accurately, don't have it enabled for their "clients' homepages". You can also calculate the new URL from the password, which is fairly safe as long as you have an index.html file and people can't look at your directory.

Which type of authentication you use also depends on your needs - server side authentication is safe but fairly unflexible - you can not change the layout of the prompt, you do not have access to the user name that was used without some form of CGI and you cannot set the fields to a "predetermined string literal".
btw.: If you do have CGI, you can also do whatever you want with the data and then send them to a script for verification. This script would either return a page: "Sorry.....blablabla" or the next page for the user...

This is not what you asked, though!! I was trying to answer your question.
0
 

Author Comment

by:boatful
ID: 1271596
Interesting discourse, you guys!  I suppose server side authentication is best, but unfortunately is 1) beyond my present knowledge level and 2) not available to AOL customers (where my web pages reside).
I want to unlock the question so Holger can have the points.  I appreciate his/her thouroughness and was able to adapt the script myself (with timeouts, etc. as needed).  The other paradigm for password protection in JavaScript I found compelling is the following simple routine.  It works great in a frames environment, where the META HTTP-EQUIV=REFRESH call is allowed only if the correct password is entered, toggling a parent variable to true (e.g. parent.ACCESS_GRANTED=true):

Try This. It's The Simpleist Password Protection Thing I Know.  Here Are The Steps...
1)Make An Incorrect Password Page
2)Make A Correct Password Page
3)Make A Log-in Page (code below)
4)Make A Welcome Page That Links ONLY To The Log-In Page

<HTML>
<!-- Password Log-in JavaScript Copyright 1996-1997, Smallfri Inc. -->
<!-- http://www.nsis.com/~coadydk/ -->
<HEAD>
<TITLE>Password Log-in</TITLE>
<SCRIPT language="JavaScript">
<!-- Script Segment
    password = "correct-password"; // Password Needed To Enter The Web Page
    relocateloc = "welcome1.htm" //
Location You'll Be Pushed To If Your Password Is Inncorrect
    if (prompt("What Message I Want To Be Displayed When Someone Try's
To Log-in ie, Please Enter Your Correct Password", "") != password) {
location.href=relocateloc}
// End Script -->
</SCRIPT>
<!-- Log-in Script End -->
</HEAD>
<BODY BGCOLOR=#FFFFFF>
<!-- Begin Axcess Granted Push -->
<!-- This "Push" Is Extreamly Important
    For The Password Log-in To Work The
    Page Called "axcess_granted_page.html'
    Is The Page That They Goto If The
    Password Is Correct Make The Page Name
    Complacated So It Won't Be An Easey Guess! -->
<META HTTP-EQUIV=REFRESH CONTENT="1; URL=axcess_granted_page.html">
<!-- End Axcess Granted Push -->
</BODY>
</HTML>

You Can Edit Almost Anything But Don't Add Things To The Body Section Execept
What's Allready There, Ie:Text, Images, Extra HTML, Ext.

This One Also Has A Couple Of Comments So You Can Easly Understand the routine.
0
 
LVL 10

Expert Comment

by:kollegov
ID: 1271597
Hey why not to use
"password" in form, it at least give you **** :)

<HTML> <head>
<script>
 function checkpass()
 {if(document.forms[0].elements[0].value=="correctone")
  document.forms[0].action="valid.html"
 }
</script>
</head>

<body>
<FORM  method="get" action="notvalid.html" onSubmit="checkpass()">
Enter your passwors here:
<input name type="password"  >
<input type="submit" Value="go" >
</form>
</BODY>
</HTML>

Sure that's also insequre, but better than nothing
and not so sophisticated :)
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 1271598
Well, first of all: Sorry, boatful. I got mixed up and thought you had posted the comment clambake had posted - that's why I wrote "You tell me!"...

2) For some reason, I did not get an e-mail that you posted a comment... so I didn't post an answer...

3) KOLLEGOV: a) boatful said he/she had solved the problem by adjusting the script I had posted and unlocked the question so I could answer to get the points... why do you post an answer then??
    b) My answer also contains the "password" field, but in an extra window, which is what boatful wanted.


boatful:
I'd appreciate it if you could unlock the question again ;-))

btw: What happens to your solution if I disable JavaScript and then open the page?? "Open sesame" ? You might prefer a solution where users without JS cannot enter rather than enter automatically *gg*
* also, both your password and the URL of the next page show up as plain text in the source of the document. Anybody smart enough to choose "View Source" can simply read the PW or even go to the next page right away...
It is "safer" to forward the user to a page that is in some way calculated from the PW. This way, neither the correct word nor the PW show up in the page and it is almost impossible to guess... something as simple as ROT13 will do ;-)... even document.location=PW+".html" is good enough! That way you can even have multiple passwords that lead to different pages (maybe some of them with a META-Refresh ;-)
0
 
LVL 10

Expert Comment

by:kollegov
ID: 1271599
Sorry, Holger :)
Boatful,please, reject my answer.



0
 

Author Comment

by:boatful
ID: 1271600
Sorry kollegov, but in all fairness I'd like the points to go to Holger.  It's been an education.................
Boatful (Tony Shaw, Williston, VT)
0
 
LVL 6

Accepted Solution

by:
Holger101497 earned 50 total points
ID: 1271601
Thanks ;-) I appreciate that! Not everybody thinks that way and many people give points for incomplete answers that just quote parts of previously posted comments! It will always be a pleasure to answer your questions ;-))

btw: Have you tried what happens to your JS-solution with the Refresh if JS is disabled?? Take a look at my last comment...

btw2: To the people at ExEx: Last time I definitely checked the e-mail notofication box, but I still didn't get an e-mail!!!
0
 

Author Comment

by:boatful
ID: 1271602
Holger,
Truthfully, I didn't know it was possible to disable JS in Navigator, but I will try it and see what transpires.  The site I'm building uses JS EXTENSIVELY to access html database arrays and assemble customized material for my clients (none of which would be possible anyway with JS disabled) !!  I intend to advertise to folks in my profession and permit them to access the 'shareware' version online.  I will give folks a month or two of free usage (emailing needed passwords -- changed monthly) and after that give them the option to 1) subscribe to the site for a monthly fee, or 2) buy the 'software' on floppy.  Scores of html and gif files are involved, so only the most determined hackers will succeed at downloading everything they need run the 'program' unauthorized.
Thanks again for your help...and persistence!!
Tony
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (http://www.experts-exchange.com/A_3488.html), typical array handling might look like this: (CODE) B…
This article discusses the difference between strict equality operator and equality operator in JavaScript. The Need: Because JavaScript performs an implicit type conversion when performing comparisons, we have to take this into account when wri…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question