Hey All,
I put a login form on a website, but when you view the source code, you can see both. Is there any way to hise these from the code?
Here is the code for the form.
<form>
<input type="text" name="text2" class="txtBox" value="-Enter your name-" />
<input type="password" name="text1" class="txtBox" value="-Your Password-" />
<input type="button" value="Login" name="Submit" onclick=javascript:validate(text2.value,"member750",text1.value,"3access16") >
<br class="spacer" /><br />
<br />
<br class="spacer" />
<label class="yellow"><a href="join.html" class="register">I Want to Join!</a></label>
<br class="spacer" />
</form>
<script language = "javascript">
function validate(text1,text2,text3,text4)
{
if (text1==text2 && text3==text4)
load('members/index.html');
else
{
load('join.html');
}
}
function load(url)
{
location.href=url;
}
</script>
Store them in a database or external file that’s protected in any method of your choosing. Read them into variables and pass them that way.
On this line in bold.
<input type=“button” value=“Login” name=“Submit” onclick=javascript:validate(text2.value,“member750 3access16
You just have edited your reply right after I responded
Sorry about that, I scrolled over :). It’s been a long morning!
Never, ever, ever use just client-side code to validate a login scheme. Even if you had some means of hiding the the user/pass details from the source code, simply disabling Javascript allows someone to circumvent the check.
Do login checking on the server-side, in your PHP code. In the very simplest of ways …
<?php
// Use method="POST" in the HTML <form> tag, then
$user = $_POST['text2'];
$pass = $_POST['text1'];
if ($user == 'member750' && $pass = '3access16') {
// login is OK
} else {
// login is bad
}
?>
Ok, what would I name that page and how would I rewrite the form?
I very much appreciate it.
K89
November 11, 2010, 10:12pm
7
<?php
if($_POST){
if($_POST['username'] == 'member750' && $_POST['password'] == '3access16'){
echo 'Login success';
}
else {
echo 'Login failure';
}
}
else {
echo '<form action="" method="post">';
echo 'Username: <input type="text" name="username" /><br />';
echo 'Password: <input type="password" name="password" /><br />';
echo '<input type="submit" value="Login" />';
echo '</form>';
}
?>
Hey all, I got it… I appreciate everyones help with this.
Nevermind, There was some weird file on the site causing issues.
OK, found another issue… Once logged in, how do I redirect it to the members section?
