Javascript Scripted Password Entry Login

Good!!

Find extended resources for this script at my newly created site at: http://drewsdesigns.tripod.com/Services.login.htm (PLEASE NOTE THAT MY SITE SERVER IS CASE SENSITIVE !!!)

works like a charm. If user clicks cancel though--you get an ugly script error

Hello-
This works very well-but how can I get the password prompt to display only asterisks instead of the letters the user types?


Thanks.

This was EMailed to me in regard to setting the password field as displaying asterisks:

What I did was use a page with a basic text box web control in asp.net set to password for input. This made the asterisks appear instead of text when a user is typing into it......


here is the vb:
Dim pass As String = TxtPassword.Text.ToLower
If pass = "life" Then Response.Write("<script>window.location=" & Chr(34) & sUrl & Chr(34) & " ;</script>")
If pass <> "life" Then Response.Write("<script>alert(" & Chr(34) & "Login failed!\n\nPlease click OK, --\n\n and supply new credentials ." & Chr(34) & ");</script>")

here is the html:
<asp:TextBox id="TxtPassword" runat="server" TextMode="Password"></asp:TextBox>
<asp:Button id="BtnClick" runat="server" Text="Click"></asp:Button>

1) All it takes is a look at the source code to read the user id and password - one might as well leave the key in the lock and just cover it with a paper bag.

2) To have asterisks displayed while typing the password, there is an <input type="password"> I think (not sure about the syntax, haven't used it for ages).

3) A more secure system would be using the password as the filename of the page to be protected:

<input type="password" onchange="self.location.href=this.value+'.html'">

(Not tested, just meant to illustrate the principle. Drawback: a wrong password will yield a 404 error.)

This is the dumbest security script I've ever seen. Anyone using this deserves to have their stuff nicked.

You lot ought to be ashamed of yourselves for publishing this.

This is pretty foolish. Putting your password in the JS is just asking for trouble.

For those of you concerned about security there is an alternative solution. The use of a HTML encrypter (Made by Svetlin Staev found on dynamicdrive.com and cgiscript.net) is a solution, and the addition of the no right click script within a window without status / location / directories / menubar. If you are overly concerned over security run you file(s) over a secure server (https://), find a ASP variation of this script, or use this script as a "agreement of terms" verification

Question How do I get it to Go After the user has put in the password then they go to the next link?

It works very well. However, it would be more user friendly if both the login and password were displayed on the screen at the same time. Is there a way to do this?

As noted, putting the login and password information in the source is quite ridiculous! Why bother with security then...even the most entry level user can view source.

At least make an ASP validation page that redirects upon submittal, that way it will be server side....still not full proof...but at least not client side!

This is not a solution but a tremendously huge security flaw. There is no way to do client side login safely. The only safe way is to check the password on the server. Having said that, you can collect the username and password using client side javascript but you *have* to post the two pieces of data such that the server will do the validation. You can do this by saving the data into your document and then doing a post.

Brilliant !!!

well done, but a can be improved...

Hi, my site uses frames. I need to know how to get this password thing to load pages in the _bot Frame


Email me with a subject line of Frame on page



Thanks!

One of the best !!!!
very usefull & easy to use !!

Due to CoadToad Member Integration I can not email you 'ME' however the answer to your question is at http://drewsdesigns.8k.com/Services.login.frames.htm .


-- Original Message --

Hi, my site uses frames. I need to know how to get this password thing to load pages in the _bot Frame


Email me with a subject line of Frame on page



Thanks!

easy to read and edit, but not useful security-wise

The newest version of this script is available at: [b]http://www.drewsdesigns.8k.com/Services.login.htm,[/b]

<Added>

PAGE CHANGED TO: http://www.drewsdesigns.8k.com/JS.login.htm
FULL PAGE HTML: http://www.drewsdesigns.8k.com/Help.javascripts.htm

pls. tech me how to makes html password protect my website.

please tell me how to use the nwe version of this code!!! I don't get it!

For those how have asked how to use this script use the following links this WILL be my last post unless a notification of a new version:



Version 2.0 Wizard: http://drewsdesigns.8k.com/WZ.login.htm
Version 2.0: http://drewsdesigns.8k.com/JS.login.htm
Version 2.0 Help: http://drewsdesigns.8k.com/Help.javascripts.htm#js_login
Version 2.0 Help (Email used to help a user): http://drewsdesigns.8k.com/Help.JS.login.txt
Version 1.0 (Archive): http://drewsdesigns.8k.com/Archive.login.htm
Email for questions: webmaster@drewsdesigns.8k.com

gr8 work..

i am just trying to write a code in jsp and pl/sql for authentication purpose ..given the username and password it has to check with the database and then accordingly shld. go to sucessful login page! or try again page ..how do i code that ?please help me..!!!

thankyou
pooja