AFAIK this cannot work in JavaScript alone, as JavaScript is a client-side technology, which can simply be turned off, thus rendering your login useless.
If I remember rightly, you’re using Joomla, right?
Isn’t this functionality already built in?
On a side note I always try to move users away from AJAX logins as you need SSL to truly lock down the connection between the client and server since man in the middle attacks are easy to accomplish with forms like this
The code you posted looks ok and you seem to be moving in the right direction.
I just found a simple login script on my PC.
I didn’t write it myself, rather it came from Stack Overflow (unfortunately, I cannot find the link any more).
Anyway, this works ok, so maybe you can have a look at it and get a couple of ideas.
You need to create this file:
access.php
<?php
//put sha1() encrypted password here - example is 'hello'
$password = 'aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d';
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if (sha1($_POST['password']) == $password) {
$_SESSION['loggedIn'] = true;
} else {
die ('Incorrect password');
}
}
if (!$_SESSION['loggedIn']): ?>
<html><head><title>Login</title></head>
<body>
<p>You need to login</p>
<form method="post">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
exit();
endif;
?>
And on every password protected page, you should put:
Can I tweak it to include a username with Windows Authentication too?
How about something like:
// define session variables
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
// windows username
if (!isset($_SERVER['REMOTE_USER'])) {
$_SERVER['REMOTE_USER'] = '';
}
// form post username
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = '';
}
if (isset($_POST['password']) && isset($_POST['username'])) {
// check username and password
if (($_POST['password']) == 'test' && ($_POST['username']) != '') {
// set session variables
$_SESSION['loggedIn'] = true;
// check user has windows authentication
if ($_SERVER['REMOTE_USER'] != '')
$_SESSION['user'] = $_SERVER['REMOTE_USER'];
}else{
// if not populate with posted username
$_SESSION['user'] = $_POST['username'];
}
}
}else {
die ('Incorrect details');
}