SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Dec 2002
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Immediate login Script help?!

    Ok i have this script below..it works to get into the site, but the problem is you can access other parts of the site without logging in. So does anyone know how to make the other parts of the site not accesible till you login with this script below?

    <html>

    <head>

    <!-- TWO STEPS TO INSTALL MULTIPLE USERS:

    1. Copy the first code into the HEAD of your HTML document
    2. Put the last coding into the BODY of your HTML document -->

    <!-- STEP ONE: Copy this code into the HEAD of your login HTML document -->

    <SCRIPT LANGUAGE="JavaScript">

    <!-- This script and many more are available free online at -->
    <!-- The JavaScript Source!! http://javascript.internet.com -->

    <!-- Begin
    function Login(){
    var done=0;
    var username=document.login.username.value;
    username=username.toLowerCase();
    var password=document.login.password.value;
    password=password.toLowerCase();
    if (username=="streetsonic" && password=="sonics") { window.location="http://www.sonicfighters.com/main.htm"; done=1; }
    if (username=="knuxs" && password=="shoe") { window.location="http://www.sonicfighters.com/main.htm"; done=1; }
    if (username=="sonicmaster" && password=="pika") { window.location="http://www.sonicfighters.com/main.htm"; done=1; }
    if (username=="poo" && password=="boo") { window.location="http://www.sonicfighters.com/main.htm"; done=1; }

    if (done==0) { alert("Invalid login!"); }
    }
    // End -->
    </SCRIPT>

    <!-- STEP TWO: Paste this code into the BODY of your HTML document -->

    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>Members</title>
    </head>

    <BODY>

    <center>
    <form name=login>
    <p align="center"><img border="0" src="header1.jpg" width="500" height="71"></p>
    <table width=225 border=1 cellpadding=3 bgcolor="#0000FF" bordercolor="#000080">
    <tr><td colspan=2><center><font size="+2"><b>Members-Only Area!</b></font></center></td></tr>
    <tr><td><b>Username/b></td><td><input type=text name=username></td></tr>
    <tr><td><b>Password/b></td><td><input type=text name=password></td></tr>
    <tr><td colspan=2 align=center><input type=button value="Login!" onClick="Login()"></td></tr>
    </table>
    </form>
    </center>

    <p> <p align="center">

    <!-- Script Size: 1.60 KB --><img border="0" src="soniccirc.gif" width="109" height="109">
    <form method="POST" action="_vti_bin/shtml.exe/login9.htm" onSubmit="" webbot-action="--WEBBOT-SELF--">
    <p align="center"><a href="http://www.sonicfighters.com/sign_up1.htm"><b>Sign
    Up</b></a></p>
    </form>
    <p align="center">



    </body>

    </html>

  2. #2
    Bangarang! Karloff's Avatar
    Join Date
    Mar 2003
    Location
    Manchester, United Kingdom
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Uhm... first of all, you can't secure a website with pure client side JavaScript as far as I know. All it takes is to peer in the source and there you have the usernames and passwords.

    At least try and use some JavaScript authentication that not everyone would understand immediately (like the one above ). Have a look at http://pajhome.org.uk/crypt/md5/index.html

    You can set a cookie (if the client has cookies enabled) after the user logged in to maintain access privileges accross other sections. Those sections must check for the cookie though. Alternatively you could use a hidden frame.

    Either way, using JavaScript only it won't take longer than a few clicks to get past the protection. You should really consider using PHP or ASP to achieve what you want.
    Karl


    I'm desperately trying to figure out why Kamikaze pilots wore helmets. - George Carlin


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •