Posted on 2004-08-08
Medium Priority
Last Modified: 2010-04-05
I know this can be done with Javascript, but I don't know how. And I really don't know how with intraweb.

When a Intraweb Edit control is placed on a page and Password is set, it displays "*" characters, but it probably still sends plain english between the HTTP Client and the intraweb app.

Using any method at all that will work nicely. How do I get the user to type a password and have it sent as MD5 and then evaluate it as MD5 in the intraweb app.

For Acceptance this answer must be directly related to an Intraweb Application form.


Question by:KyleyHarris
  • 3
  • 2
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11751445
The problem is client-side... On the clientside you can use a scripting language or an ActiveX control. The latter one is really gruesome. Thus JavaScripting is the only option here.

If you want to have a secure connection, use https:// instead of http:// since you definitely need a secure connection with passwords. Means you have to set up your server to allow secure connections.

Sorry but there's no solution for this from within the Delphi source. Delphi can only do stuff on the server while you want something done on the client. Client side is scripting or ActiveForms only.

Now, for IntraWeb you must create an inherited version of the editbox that you want to add. You must then alter the HTML code that this component will send to the client to include the MD5 encryption method. Not too easy... Therefore, I suggest using httpS:// instead. Easier to handle anyways. And pretty secure.

Author Comment

ID: 11751793
Thanks for your thoughts, but I do have a javascript for doing MD5 hashing. I simply do not know how to incorporate it into the edit control using the Javascript fields to modify the post data.
LVL 17

Expert Comment

by:Wim ten Brink
ID: 11752317
Oh, ok... Use a non-visible field in your form. When the form is submitted, you read the contents of the edit-field, hash it, empty the edit-field and put the hashed value in the non-visible field.

A hidden field is defined as <input type="hidden" ... If I'm not mistaken.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 11757325
Maybe I'm seeming a little naive. Sorry.

I understand the whole theory of it because I have examined the Yahoo Messenger Login Screen Source, and Downloaded the MD5.js javascript from
which has instuctions on use.

what I don't know is how to create a TIWForm and drop field onto it an work out what to do. :)

If I drop a TIWEdit onto the form with password = true the source generates a <input type="password"> .
If I put a TIWButton onto the form. By the time My code is looking at the TIWEdit.Text property from within the OnClick Event of the TIWButton I  would assume the following has happended

Client received page.
Client Typed clear password
Client Clicked Button
POST event submitted.
My DLL receives post data and calls onclick event and lets me do stuff
Page resent to client with any updates, etc.

Now in some even somewhere in the TIWForm or one of the controls there must be a specific event to insert a call to my javascript on the clientside to do what you
have mentioned above. Hide and clear the Text field. Add a hashed value into the hidden field. My question is how to do it with Intraweb.

Dropping a TIWEdit and setting the property visible to false will create the field.
Hope someone has used intraweb extensively


Author Comment

ID: 11827462
I solved this myself. Here is the answer.

On the Javascript property of TIWApplicationForm add the correct routines for MD5 encryption. I Used the yahoo ones as mentioned in the above hyperlink.

In the scriptevents property of the TIWButton that is the submit button add code to the onclick clientside event


This is based on intraweb 7, using a Edit Field called EPassword, and and Edit Field called HashPassword.

"hex_md5" is the javascript function from above.

HASHPassword was made hidden by overriding OnHTMLTag of HashPassword with

    ATag.Params.Values['type'] := 'hidden';

I will close this question without points as I had to work this out myself. Thanks for trying to assist.

Accepted Solution

Netminder earned 0 total points
ID: 11866607
Closed, 500 points refunded.
Site Admin

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
This is an update to some code that someone else posted on Experts Exchange. It is an alternate approach, I think a little easier to use, & makes sure that things like the Task Bar will update.
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question