FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

javascript/ajax only to have login/user editor

   Frihost Forum Index -> Scripting -> Others
 


Saber
well I have been told to have a simple login for access to a file.
I only have access to using javascript and ajax, so yah...

I have a simple login script that works to access the file, but its nnot secure, and thats more or less fine(someone can just look at the js file)
Quote:

function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();

if (username=="" && password=="") {
loggedin=true;
window.location=".html";
}

if (username=="" && password=="") {
loggedin=true;
window.location=".html";
}

if (loggedin==false) {
alert("Invalid login!");
}
}



Now my problem is that I need to make the available log ins to be editable, (adding/removing, and edit), is that even possible with just javascript/ajax?

-saber
Diablosblizz
Heres a little more secured:

Quote:
<script>
<!--
document.write(unescape("function%20LogIn%28%29%7B%0D%0Aloggedin%3Dfalse%3B%0D%0Ausername%3D%22%22%3B%0D%0Apassword%3D%22%22%3B%0D%0Ausername%3Dprompt%28%22Username%3A%22%2C%22%22%29%3B%0D%0Ausername%3Dusername.toLowerCase%28%29%3B%0D%0Apassword%3Dprompt%28%22Password%3A%22%2C%22%22%29%3B%0D%0Apassword%3Dpassword.toLowerCase%28%29%3B%0D%0A%0D%0Aif%20%28username%3D%3D%22%22%20%26%26%20password%3D%3D%22%22%29%20%7B%0D%0Aloggedin%3Dtrue%3B%0D%0Awindow.location%3D%22.html%22%3B%0D%0A%7D%0D%0A%0D%0Aif%20%28username%3D%3D%22%22%20%26%26%20password%3D%3D%22%22%29%20%7B%0D%0Aloggedin%3Dtrue%3B%0D%0Awindow.location%3D%22.html%22%3B%0D%0A%7D%0D%0A%0D%0Aif%20%28loggedin%3D%3Dfalse%29%20%7B%0D%0Aalert%28%22Invalid%20login%21%22%29%3B%0D%0A%7D%0D%0A%7D%20"));
//-->
</script>


I wrote that myself.. Its harder to search for the password.

Enjoy!
Saber
Thanks, but the problem with it is that I need to be able to change the list of users and such at random times.

but thanks for the idea.

-saber
Aredon
The list of valid users and passwords should NEVER reach the client for any reason whatsoever.
All username and password combinations and login variations should be processed server-side and should never be processed client-side.
There do exist "secure" hash algorithms however even they have been reported broken.
Although they have been reported broken, there are not too many people in the world that actually have the reverse engine code handy.
EVEN if you are using Ajax for the login, it doesn't matter because JavaScript will wind-up processing the data client side.

You can however process the data server-side and use Ajax to notify the user if their password is incorrect:
http://www.jamesdam.com/ajax_login/login.html
ritesh26
Here is the sample program for AJAX, you can modify it as per ur requirements.
Code:


<script type="text/javascript" language="javascript">
    function makeRequest(url) {
        var http_request = false;

        if (window.XMLHttpRequest) { // Mozilla, Safari, ...
            http_request = new XMLHttpRequest();
            if (http_request.overrideMimeType) {
                http_request.overrideMimeType('text/xml');
                // See note below about this line
            }
        } else if (window.ActiveXObject) { // IE
            try {
                http_request = new ActiveXObject("Msxml2.XMLHTTP");
            } catch (e) {
                try {
                http_request = new ActiveXObject("Microsoft.XMLHTTP");
                } catch (e) {}
            }
        }

        if (!http_request) {
            alert('Giving up :( Cannot create an XMLHTTP instance');
            return false;
        }
        http_request.onreadystatechange = function() { alertContents(http_request); };
        http_request.open('GET', url, true);
        http_request.send(null);

    }

    function alertContents(http_request) {

        if (http_request.readyState == 4) {
            if (http_request.status == 200) {
                alert(http_request.responseText);
            } else {
                alert('There was a problem with the request.');
            }
        }

    }
</script>
<span  style="cursor: pointer; text-decoration: underline"
    onclick="makeRequest('test.html')">
        Make a request</span>


If you want to sent ur parameter as POST method you use change this code

http_request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
http_request.open('POST', url, true);
http_request.send(parametr);
Aredon
The code ritesh26 posted is good as well as the makeRequest function.
However the following code is flawed:
Code:

http_request.onreadystatechange = function() { alertContents(http_request); };
        http_request.open('GET', url, true);
        http_request.send(null);

Order DOES matter. Make sure to put the open method call prior to assigning a function to the onreadystatechange event handler.
Code:

http_request.open('GET', url, true);
http_request.onreadystatechange = function() {
alertContents(http_request);
};
http_request.send(null);

Failing to order the two correctly will make it so you cannot re-use the XMLHttpRequest object. Such a problem can be solved if you use the little-known abort method before re-requesting.
However if you order the two correctly then calling the abort method is extra and unnessasery and you can re-request just with a new open call.
Reply to topic    Frihost Forum Index -> Scripting -> Others

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.