procer
asked on
Passwords
I wont to make a WWW page that will ask you what your username and password is. I want the script to check in the database, if there are correct. (there may be a lot of username's and password's associated to it). Please help.
Adam.
Adam.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The script below is not mine - so please keep the header information. It is a very good script that "masks" the actual password. I have not been able to crack it thus far.
<!-- ONE STEP TO INSTALL LOGIN CODER:
1. Add the first code into the BODY of your HTML document -->
<!-- STEP ONE: Add the first code into the BODY of your HTML document -->
<BODY>
<center><table border=1>
<tr><form name=members><td rowspan=4>
<select name=memlist size=10 onChange="showmem(this.for m)">
<!-- Original: Dion (dion@mailhub.omen.com.au) -->
<!-- Web Site: http://www.omen.com.au/~dion -->
<!-- This script and many more are available online from -->
<!-- The JavaScript Source!! http://javascriptsource.com -->
<!-- "member name | password | destination pagename |" -->
<option selected value="John Smith|password|mainpage|"> John Smith
<option value="Peter Jones|theirpwd|endpages|"> Peter Jones
<option value="Sue Brown|asdfvcxz|nowheres|"> Sue Brown
<option value="Sally West|zaqxswde|logintop|">S ally West
</select></td>
<td align=right>User:</td><td> <input type=hidden value="0" name=entry>
<input type=text name=memname size=10 value="" onBlur="update(this.form)" ></td></tr >
<tr><td align=right>Password:</td> <td><input type=text name=password size=10 maxlength=8 onBlur="update(this.form)" > *</td></tr>
<tr><td align=right>Page Name:</td><td><input type=text name=pagename size=10 maxlength=8 onBlur="update(this.form)" ><b>.html< /b> *</td></tr>
<tr><td colspan=2 align=center>
<input type=button value="New User" onclick="addnew(this.form) ;">
<input type=button value="Delete User" onclick="delthis(this.form );">
<input type=button value="Show Coding" onclick="create(this.form) ;"></td></ tr>
<tr><td colspan=3 align=center>
<input type=text size=60 name=message value="Note: Starred entries (*) must be exactly 8 letters! (a-z)">
<input type=hidden name=num value=1></td>
</form></tr>
</table>
<hr size=2 width=75%>
<form name=js><textarea cols=75 rows=10 name=scrpt wrap=virtual>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var alpha="ABCDEFGHIJKLMNOPQRS TUVWXYZABC DEFGHI";
function check(form) {
which=form.memlist.selecte dIndex;
choice = form.memlist.options[which ].value+"| ";
if (choice=="x|") {
alert("Please Select Your Name From The List");
return;
}
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring (a,p);
p=a+1;
}
h1=makehash(form.pass.valu e,3);
h2=makehash(form.pass.valu e,10)+" ";
if (h1!=params[1]) {
alert("Incorrect Password!"); return; };
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring (i,i+1)
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a-=(h2.substring(i,i+1)*1) ;
if (a<0) a+=26;
page+=alpha.substring(a,a+ 1); };
top.location=page.toLowerC ase()+".ht ml";
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+ 1);
c=alpha.indexOf(letter,0)+ 1;
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</textarea>
</form>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var script=document.js.scrpt.v alue;
document.js.scrpt.value="C reate your users, their passwords, and their destination pages using the form above.\n\nThen, click 'Show Coding' to see the login HTML and JavaScript that you need to put on your page to password-protect your site with that info.\n\nQuestions about this script or how to put it on your site should be directed to it's author via email: dion@mailhub.omen.com.au\n \n*Honestl y, we don't even totally understand this JavaScript!*";
var alpha="ABCDEFGHIJKLMNOPQRS TUVWXYZABC DEFGHI";
showmem(document.members);
function showmem(form) {
document.members.num.value =document. members.me mlist.leng th;
var which=form.memlist.selecte dIndex;
splt(form.memlist[which].v alue);
form.entry.value=which+1;
for (i=2;i<5;i++) {
form.elements[i].value=par ams[i-2]; };
}
function splt(choice) {
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring (a,p);
p=a+1;
}
}
function addnew(form) {
newmem=getfields(form);
var who=prompt("New User's Name:","");
form.memlist[form.memlist. length] = new Option(who, newmem, false, true);
if (navigator.appName=="Netsc ape") {
document.js.scrpt.value=sc ript;
history.go(0);
}
else {
showmem(document.members);
}
}
function getfields(form) {
newmem="";
for (i=2;i<5;i++) {
newmem+=form.elements[i].v alue+"|"; };
for (i=3;i<5;i++) {
a=form.elements[i];
if (a.value.length!=8)
alert(a.name+" Requires 8 characters!");
for (k=0;k<8;k++) {
b=a.value.substring(k,k+1) ;
c=b.toUpperCase();
if (alpha.indexOf(c,0)<0) {
alert(a.name+" Must Use Letters A Through Z Only!"); break; };
}
}
return(newmem);
}
function delthis(form) {
if (confirm("Delete "+form.memname.value+"?")) {
form.memlist.options[form. entry.valu e-1]=null;
form.message.value=form.me mname.valu e+" Deleted";
form.memlist.selectedIndex =0;
if (navigator.appName=="Netsc ape") {
document.js.scrpt.value=sc ript;
history.go(0);
}
else {
showmem(document.members);
}
}
}
function update(form) {
form.memlist[form.entry.va lue-1].val ue=getfiel ds(form);
form.message.value=form.me mname.valu e+"'s record was updated";
}
function create(form) {
var html="<center><form name=login>\n";
html+="<table border=1 cellpadding=3>\n\n";
html+="<!-- Original: Dion (dion@mailhub.omen.com.au) -->\n";
html+="<!-- Web Site: http://www.omen.com.au/~dion -->\n";
html+="<!-- This script and many more are available online from -->\n";
html+="<!-- The JavaScript Source!! http://javascriptsource.com -->\n\n";
html+='<tr><td colspan=2 align=center><font size="+2"><b>Members-Only Area!</b></font></td></tr> \n';
html+="<tr><td>Username:</ td><td><se lect name=memlist>\n<option value='x'>";
for (j=0;j<form.memlist.length ;j++) {
splt(form.memlist.options[ j].value);
h1=makehash(params[1],3);
h2=makehash(params[1],10)+ " ";
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring (i,i+1);
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a+=(h2.substring(i,i+1)*1) ;
page+=alpha.substring(a,a+ 1);
}
html+="\n<option value='"+params[0]+"|"+h1+ "|"+page+" '>"+params [0];
};
html+="\n</select></td></t r>\n";
html+="<tr><td>Password:</ td><td><in put type=password size=10 maxlength=8 name=pass></td></tr>\n";
html+='<tr><td colspan=2 align=center><input type=button value="Login" onclick="check(this.form)" ></td>\n';
html+="</tr>\n</table>\n</ form>\n";
document.js.scrpt.value=ht ml+script+ "</center> ";
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+ 1);
c=alpha.indexOf(letter,0)+ 1;
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</center>
<!-- Script Size: 6.50 KB -->
<!-- ONE STEP TO INSTALL LOGIN CODER:
1. Add the first code into the BODY of your HTML document -->
<!-- STEP ONE: Add the first code into the BODY of your HTML document -->
<BODY>
<center><table border=1>
<tr><form name=members><td rowspan=4>
<select name=memlist size=10 onChange="showmem(this.for
<!-- Original: Dion (dion@mailhub.omen.com.au)
<!-- Web Site: http://www.omen.com.au/~dion -->
<!-- This script and many more are available online from -->
<!-- The JavaScript Source!! http://javascriptsource.com -->
<!-- "member name | password | destination pagename |" -->
<option selected value="John Smith|password|mainpage|">
<option value="Peter Jones|theirpwd|endpages|">
<option value="Sue Brown|asdfvcxz|nowheres|">
<option value="Sally West|zaqxswde|logintop|">S
</select></td>
<td align=right>User:</td><td>
<input type=text name=memname size=10 value="" onBlur="update(this.form)"
<tr><td align=right>Password:</td>
<tr><td align=right>Page Name:</td><td><input type=text name=pagename size=10 maxlength=8 onBlur="update(this.form)"
<tr><td colspan=2 align=center>
<input type=button value="New User" onclick="addnew(this.form)
<input type=button value="Delete User" onclick="delthis(this.form
<input type=button value="Show Coding" onclick="create(this.form)
<tr><td colspan=3 align=center>
<input type=text size=60 name=message value="Note: Starred entries (*) must be exactly 8 letters! (a-z)">
<input type=hidden name=num value=1></td>
</form></tr>
</table>
<hr size=2 width=75%>
<form name=js><textarea cols=75 rows=10 name=scrpt wrap=virtual>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var alpha="ABCDEFGHIJKLMNOPQRS
function check(form) {
which=form.memlist.selecte
choice = form.memlist.options[which
if (choice=="x|") {
alert("Please Select Your Name From The List");
return;
}
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring
p=a+1;
}
h1=makehash(form.pass.valu
h2=makehash(form.pass.valu
if (h1!=params[1]) {
alert("Incorrect Password!"); return; };
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a-=(h2.substring(i,i+1)*1)
if (a<0) a+=26;
page+=alpha.substring(a,a+
top.location=page.toLowerC
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+
c=alpha.indexOf(letter,0)+
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</textarea>
</form>
<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var script=document.js.scrpt.v
document.js.scrpt.value="C
var alpha="ABCDEFGHIJKLMNOPQRS
showmem(document.members);
function showmem(form) {
document.members.num.value
var which=form.memlist.selecte
splt(form.memlist[which].v
form.entry.value=which+1;
for (i=2;i<5;i++) {
form.elements[i].value=par
}
function splt(choice) {
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring
p=a+1;
}
}
function addnew(form) {
newmem=getfields(form);
var who=prompt("New User's Name:","");
form.memlist[form.memlist.
if (navigator.appName=="Netsc
document.js.scrpt.value=sc
history.go(0);
}
else {
showmem(document.members);
}
}
function getfields(form) {
newmem="";
for (i=2;i<5;i++) {
newmem+=form.elements[i].v
for (i=3;i<5;i++) {
a=form.elements[i];
if (a.value.length!=8)
alert(a.name+" Requires 8 characters!");
for (k=0;k<8;k++) {
b=a.value.substring(k,k+1)
c=b.toUpperCase();
if (alpha.indexOf(c,0)<0) {
alert(a.name+" Must Use Letters A Through Z Only!"); break; };
}
}
return(newmem);
}
function delthis(form) {
if (confirm("Delete "+form.memname.value+"?"))
form.memlist.options[form.
form.message.value=form.me
form.memlist.selectedIndex
if (navigator.appName=="Netsc
document.js.scrpt.value=sc
history.go(0);
}
else {
showmem(document.members);
}
}
}
function update(form) {
form.memlist[form.entry.va
form.message.value=form.me
}
function create(form) {
var html="<center><form name=login>\n";
html+="<table border=1 cellpadding=3>\n\n";
html+="<!-- Original: Dion (dion@mailhub.omen.com.au)
html+="<!-- Web Site: http://www.omen.com.au/~dion -->\n";
html+="<!-- This script and many more are available online from -->\n";
html+="<!-- The JavaScript Source!! http://javascriptsource.com -->\n\n";
html+='<tr><td colspan=2 align=center><font size="+2"><b>Members-Only Area!</b></font></td></tr>
html+="<tr><td>Username:</
for (j=0;j<form.memlist.length
splt(form.memlist.options[
h1=makehash(params[1],3);
h2=makehash(params[1],10)+
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a+=(h2.substring(i,i+1)*1)
page+=alpha.substring(a,a+
}
html+="\n<option value='"+params[0]+"|"+h1+
};
html+="\n</select></td></t
html+="<tr><td>Password:</
html+='<tr><td colspan=2 align=center><input type=button value="Login" onclick="check(this.form)"
html+="</tr>\n</table>\n</
document.js.scrpt.value=ht
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+
c=alpha.indexOf(letter,0)+
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>
</center>
<!-- Script Size: 6.50 KB -->
BTW - You can change the script so that the user must type in his name or handle rather than pick it from a menu (as well as the password).
Are you asking how to implement server side JavaScript security or how to get clientside JavaScript to interact with a database?
You best bet in any case is serverside and if you have a database running on the server you must surely be allowed to modify the security settings of your pages. This is a job for the system administrator. (unix is mostly using the .htaccess files, NT is using the NT protection and ASP can also help some)
For clentside password protection, have a look at http://passwords.javascriptsource.com
Michel