Solved

Passwords

Posted on 1998-07-13
4
238 Views
Last Modified: 2012-06-27
I wont to make a WWW page that will ask you  what your username and password is. I want the script to check in the database, if there are correct. (there may be a lot of username's and password's associated to it). Please help.

Adam.
0
Comment
Question by:procer
  • 2
4 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1266477
With the passwords on the server, you need serverbased security.
Are you asking how to implement server side JavaScript security or how to get clientside JavaScript to interact with a database?

You best bet in any case is serverside and if you have a database running on the server you must surely be allowed to modify the security settings of your pages. This is a job for the system administrator. (unix is mostly using the .htaccess files, NT is using the NT protection and ASP can also help some)

For clentside password protection, have a look at http://passwords.javascriptsource.com

Michel
0
 

Accepted Solution

by:
RjB earned 80 total points
ID: 1266478
The thing you have to remember about Javascript is that it's almost never secure.  Any user can browse the source to see what you're doing -- so that's the wrong place to put a password database.  Any secret worth keeping, then, needs to be kept server side and known only to a CGI program or a servlet or something like that.

That being said (and if your web hoster'll give you that kind of lattitude) there are a couple of ways to let server-side apps know what the user's put in.  Two ideas are to stick username and password information into cookies or to stick the info inside hidden elements of a form element.  Personally I prefer the cookie option. Both of these are pretty trivial to do in Javascript (on 4.0 browers at any rate).

Good luck!

0
 
LVL 11

Expert Comment

by:kmartin7
ID: 1266479
The script below is not mine - so please keep the header information.  It is a very good script that "masks" the actual password. I have not been able to crack it thus far.


<!-- ONE STEP TO INSTALL LOGIN CODER:

   1.  Add the first code into the BODY of your HTML document  -->

<!-- STEP ONE: Add the first code into the BODY of your HTML document  -->

<BODY>

<center><table border=1>
<tr><form name=members><td rowspan=4>
<select name=memlist size=10 onChange="showmem(this.form)">

<!-- Original:  Dion (dion@mailhub.omen.com.au) -->
<!-- Web Site:  http://www.omen.com.au/~dion -->

<!-- This script and many more are available online from -->
<!-- The JavaScript Source!! http://javascriptsource.com -->

<!-- "member name | password | destination pagename |" -->
<option selected value="John Smith|password|mainpage|">John Smith
<option value="Peter Jones|theirpwd|endpages|">Peter Jones
<option value="Sue Brown|asdfvcxz|nowheres|">Sue Brown
<option value="Sally West|zaqxswde|logintop|">Sally West
</select></td>
<td align=right>User:</td><td><input type=hidden value="0" name=entry>
<input type=text name=memname size=10 value="" onBlur="update(this.form)"></td></tr>
<tr><td align=right>Password:</td><td><input type=text name=password size=10 maxlength=8 onBlur="update(this.form)"> *</td></tr>
<tr><td align=right>Page Name:</td><td><input type=text name=pagename size=10 maxlength=8 onBlur="update(this.form)"><b>.html</b> *</td></tr>
<tr><td colspan=2 align=center>
<input type=button value="New User" onclick="addnew(this.form);">
<input type=button value="Delete User" onclick="delthis(this.form);">
<input type=button value="Show Coding" onclick="create(this.form);"></td></tr>
<tr><td colspan=3 align=center>
<input type=text size=60 name=message value="Note:  Starred entries (*) must be exactly 8 letters! (a-z)">
<input type=hidden name=num value=1></td>
</form></tr>
</table>
<hr size=2 width=75%>
<form name=js><textarea cols=75 rows=10 name=scrpt wrap=virtual>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
function check(form) {
which=form.memlist.selectedIndex;
choice = form.memlist.options[which].value+"|";
if (choice=="x|") {
alert("Please Select Your Name From The List");
return;
}
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring(a,p);
p=a+1;
}
h1=makehash(form.pass.value,3);
h2=makehash(form.pass.value,10)+" ";
if (h1!=params[1]) {
alert("Incorrect Password!"); return; };
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring(i,i+1)
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a-=(h2.substring(i,i+1)*1);
if (a<0) a+=26;
page+=alpha.substring(a,a+1); };
top.location=page.toLowerCase()+".html";
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+1);
c=alpha.indexOf(letter,0)+1;
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</textarea>
</form>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var script=document.js.scrpt.value;
document.js.scrpt.value="Create your users, their passwords, and their destination pages using the form above.\n\nThen, click 'Show Coding' to see the login HTML and JavaScript that you need to put on your page to password-protect your site with that info.\n\nQuestions about this script or how to put it on your site should be directed to it's author via email:  dion@mailhub.omen.com.au\n\n*Honestly, we don't even totally understand this JavaScript!*";
var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
showmem(document.members);
function showmem(form) {
document.members.num.value=document.members.memlist.length;
var which=form.memlist.selectedIndex;
splt(form.memlist[which].value);
form.entry.value=which+1;
for (i=2;i<5;i++) {
form.elements[i].value=params[i-2]; };
}
function splt(choice) {
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring(a,p);
p=a+1;
   }
}
function addnew(form) {
newmem=getfields(form);
var who=prompt("New User's Name:","");
form.memlist[form.memlist.length] = new Option(who, newmem, false, true);
if (navigator.appName=="Netscape") {
document.js.scrpt.value=script;
history.go(0);
}
else {
showmem(document.members);
   }
}
function getfields(form) {
newmem="";
for (i=2;i<5;i++) {
newmem+=form.elements[i].value+"|"; };
for (i=3;i<5;i++) {
a=form.elements[i];
if (a.value.length!=8)
alert(a.name+" Requires 8 characters!");
for (k=0;k<8;k++) {
b=a.value.substring(k,k+1);
c=b.toUpperCase();
if (alpha.indexOf(c,0)<0) {
alert(a.name+" Must Use Letters A Through Z Only!"); break; };
   }
}
return(newmem);
}
function delthis(form) {
if (confirm("Delete "+form.memname.value+"?")) {
form.memlist.options[form.entry.value-1]=null;
form.message.value=form.memname.value+" Deleted";
form.memlist.selectedIndex=0;
if (navigator.appName=="Netscape") {
document.js.scrpt.value=script;
history.go(0);
}
else {
showmem(document.members);
      }
   }
}
function update(form) {
form.memlist[form.entry.value-1].value=getfields(form);
form.message.value=form.memname.value+"'s record was updated";
}
function create(form) {

var html="<center><form name=login>\n";
html+="<table border=1 cellpadding=3>\n\n";
html+="<!-- Original:  Dion (dion@mailhub.omen.com.au) -->\n";
html+="<!-- Web Site:  http://www.omen.com.au/~dion -->\n";
html+="<!-- This script and many more are available online from -->\n";
html+="<!-- The JavaScript Source!! http://javascriptsource.com -->\n\n";
html+='<tr><td colspan=2 align=center><font size="+2"><b>Members-Only Area!</b></font></td></tr>\n';
html+="<tr><td>Username:</td><td><select name=memlist>\n<option value='x'>";
for (j=0;j<form.memlist.length;j++) {
splt(form.memlist.options[j].value);
h1=makehash(params[1],3);
h2=makehash(params[1],10)+" ";
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring(i,i+1);
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a+=(h2.substring(i,i+1)*1);
page+=alpha.substring(a,a+1);
}
html+="\n<option value='"+params[0]+"|"+h1+"|"+page+"'>"+params[0];
};
html+="\n</select></td></tr>\n";
html+="<tr><td>Password:</td><td><input type=password size=10 maxlength=8 name=pass></td></tr>\n";
html+='<tr><td colspan=2 align=center><input type=button value="Login" onclick="check(this.form)"></td>\n';
html+="</tr>\n</table>\n</form>\n";
document.js.scrpt.value=html+script+"</center>";
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+1);
c=alpha.indexOf(letter,0)+1;
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</center>

<!-- Script Size:  6.50 KB  -->
0
 
LVL 11

Expert Comment

by:kmartin7
ID: 1266480
BTW - You can change the script so that the user must type in his name or handle rather than pick it from a menu (as well as the password).
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
This article will give core knowledge of JavaScript and will head in to your first JavaScript program. I am Durvesh Naik and I am here to deal with this series of JavaScript. I will teach you JavaScript in part wise , as its quite boring to read big…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now