Password reset button

How do i include a reset button so that i could change or reset the old password and save the new password. Would appreciate if there is a reply. Thank you

<html>
<head>
  <title> Log</title>
</head>
<body>
<div id="header">
    <div class="pageWidth">
    </div>
</div>
<div>

    <table align = center>
                <tr height = 100 /tr>
                <tr height = 200
                    <td width = 400 align = center id = "box" /td>  
                        <table>
                                <form name="login">
                                <tr id = "spacing" ></tr>
                                <tr align = center <td  colspan =2 /td></tr>
                                    <tr><td width=5>Username:</td><td width=300><input type="text" name="username" autofocus></td></tr>
                                    <tr><td width=5>Password:</td><td width=300><input type="password" name="password"></td></tr>
                                    <tr><td colspan = 2 align=right><input id="login" type="submit" onclick="check(this.form)" value="Login"/>
                                </table>
                                </div>
                                </form>
    </table>

<script type="text/javascript" src="login.js"></script> 

</body>
</html>

JAVASCRIPT


function check(form)
{
 if(form.username.value == "name" && form.password.value == "pass")
  {
    window.open('');
  }

 else if(form.username.value == "name1" && form.password.value == "pass1")
  {
    window.open('');
  }

 else if(form.username.value == "name2" && form.password.value == "pass2")
 {
   window.open('');
  }

 else
 {
   window.open('');
  }
}

I wouldn’t trust anything JavaScript related when it comes to passwords.

Be very very very very very careful if you even think of handling passwords from JavaScript.

In case I wasn’t clear - do not use JavaScript for password-related stuff. Hand it on to a server-side solution instead. PHP at a minimum.

1 Like

because the machine that i am using cannot support php file. So is there any ways to do it for javascript ? i would like to implement the change password in one of the tab that i have. So how do i change it so that it will update the javascript ?

Then what server-side language does it support?
What ever it is, use that.

Do not use JavaScript for passwods

is there a way to have jquery login and reset password ?

You could use JavaScript / jQuery for some things

It could check to make sure the format is valid before the form is submitted and give the user a type of “invalid format” or “cap lock is on” message.

But the form input values should be sent to the server and tested thoroughly there before anything is actually done with the data.

If the name and password make it through the tests. then have the server send a “password reset requested” email to that users email address with an expiring “token”

this need to use php right ? other than php is there any other way ?

As has already been said it needs to be done server-side, so that means PHP, ASP, Python or something else that runs on your server. But not client-side software.

Server-side is where that all needs to be done. Anything else opens you up to a huge range of security problems. Everything that ends up in the client browser is wide open and visible to exploit. Which yes, include all of the JavaScript that you intend to use as well.

I trust that you do not want any of the passwords to be easily visible by anyone that visits the page?

1 Like

Oh because this is just a simple trial. Hopefully there could be some way to do what i want with javascript. To add on to secuirty. I can just encrypt it right ? since i am left with no choice as i dont think my machine support php those ( server side)

[quote=“forforfor, post:10, topic:225718, full:true”]
Oh because this is just a simple trial. Hopefully there could be some way to do what i want with javascript.[/quote]

No, there is not. All of the experts here have been telling you DO NOT DO IT!

[quote=“forforfor, post:10, topic:225718, full:true”]
To add on to secuirty.[/quote]

There is no JavaScript security. Do not trust anyone that tries to sell that to you either.

[quote=“forforfor, post:10, topic:225718, full:true”]
I can just encrypt it right ?[/quote]

That will not be successful. There are many people here and elsewhere that will happily exploit any JavaScript-based password attempts that you try. Myself included.

In that case, do not use passwords.

Are we making ourselves clear?

3 Likes

Why does encrypting do no good?

var base64encrypted = "U2tpbGxlZEhhY2tlcg==";
var enteredPassword = document.querySelector("#password").value;

if (encryptPassword(enteredPassword) === base64encrypted) {
    // give keys to the kingdom - you are the chosen one
}

Because this:

var encryptPassword = function (password) {
    return "U2tpbGxlZEhhY2tlcg=="; // encrypt override
}

That is a very simple example. Do not use passwords in JavaScript.

Extra for experts - try to figure out the password that was used.

SkilledHacker :slight_smile:

1 Like

That was fast.

@forforfor Watch and learn.

1 Like

Only because I cheated https://www.base64decode.org/ :slight_smile:

Heh - that’s where I encoded it :slight_smile:

1 Like

You still haven’t answered what language your site does have

1 Like

I think that he’s dealing with a local offline page.

2 Likes

Since all Linux, Windows and Apple computers can support PHP, perhaps if you tell us what setup you have that isn’t one of those that doesn’t support PHP so we can then tell you what server side languages the system you are using does support.

As a good example of why you should not use JavaScript for security, even when it’s encrypted, I was decrypting some JavaScript that was designed to check if you have the correct license code, and realized that the same code can be used to create your own licenses.

The code started out like this (adjusted to protect the guilty):

var a = function() {
    (new Function("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", function(a) {
        for (var b = [], c = 0, d = a[e]; c < d; c++) b[b[e]] = String[f](a[g](c) - 4);
        return b.join("")
    }("random characters in here"))).apply(this, [a, b, c, d, e, f, g, h, i, j]);

and after some detective work and renaming variables to more meaningful names, I had decoded the random characters, resulting in not just code that checks the license, but actually creates the license too.

function createLicense(prefix, charsList) {
  var charCodeMod10 = function(str) {
    var charCode = str.charCodeAt(0).toString();
    return charCode.substr(charCode.length - 1);
  };
  return prefix + charsList[1] + charCodeMod10(charsList[0]) + charCodeMod10(charsList[2]);
};

A nice little proof of concept page that lets you create sample licenses is at https://jsfiddle.net/ozhemcd6/ which serves as a good demonstration of the process.

The original site remains deliberately unidentified and I don’t think that anyone could find out the original place (that’s not a challenge, guys), but I thought I’d raise this here as a learn by example situation.

3 Likes