Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Javascript Help

edited September 2007 in Vanilla 1.0 Help
Note: This is not related to Vanilla.

I'm putting in a password protected area for a client. Found a real nice script that worked perfectly. Here is the code, which I saved in a file called login.js: function login() { // CHANGE THESE VARIABLES TO SUIT YOUR SITE \\ var users = new Array(); // CONTINUE TO ADD USERNAME AND PASSWORDS TO THE ARRAY BELOW FOLLOWING THE PATTERN \\ users[0] = new Array("name","password"); var successpage = "protected.html" // THIS IS THE PAGE USERS ARE REDIRECTED TO AFTER A SUCCESSFUL LOGIN \\ // DO NOT EDIT BELOW THIS LINE \\ var loggedin = false var userin = document.getElementById("user").value var passin = document.getElementById("pass").value for (i=0;i<(users.length-1);i++) { if (userin==users[i][0] && passin==users[i][1]) { loggedin = true break } } if (loggedin==true) { window.location = successpage } else { alert("Sorry, you have entered an incorrect username/password.\r\rRemeber, both fields are cAsE sEnSiTiVe!") } } Now, I have another client that wants the same thing, but they don't want a username. Just a password. So, I tried to make the username a hidden field that was automatically filled in, but it came back with a bad combination. So, I tried to eliminate the username call all together - like so: function login() { // CHANGE THESE VARIABLES TO SUIT YOUR SITE \\ var users = new Array(); // CONTINUE TO ADD USERNAME AND PASSWORDS TO THE ARRAY BELOW FOLLOWING THE PATTERN \\ users[0] = new Array("password"); var successpage = "protected.html" // THIS IS THE PAGE USERS ARE REDIRECTED TO AFTER A SUCCESSFUL LOGIN \\ // DO NOT EDIT BELOW THIS LINE \\ var loggedin = false var passin = document.getElementById("pass").value for (i=0;i<(users.length-1);i++) { if (passin==users[i][1]) { loggedin = true break } } if (loggedin==true) { window.location = successpage } else { alert("Sorry, you have entered an incorrect password.\r\rRemeber, it is cAsE sEnSiTiVe!") } } That didn't work either. Is it possible for me to use this script (with modification) that would work with only a password? If not, do you know of any password-only login scripts? That is... that don't require me to have the password be the same as the name of the page its going to (password = password.html)?

I'm not a coder. I can do HTML/CSS but that's it, so any help will be appreciated greatly. Thanks in advance.

- Garvin

Comments

  • Options
    edited September 2007
    Fix:
    if (passin==users[i][0]) { loggedin = true break }
    or var passwd = new Array("password"); ... for (i=0;i<(passwd.length);i++) { if (passin==passwd[i]) { loggedin = true break } }

    Do you put the name and passwords into the js function?
    But don't you just need to read the source to find the password?
  • Options
    You put the names/passwords into the js function. No, its not totally secure. It just needs to be simple. The 1st option didn't work. The second did, perfectly. Thank you! : )
  • Options
    TomTesterTomTester New
    edited September 2007
    Perhaps of use, my silly quick password snippet:
    <table cellspacing="1" cellpadding="5" bgcolor="red"><tr><td bgcolor="white" align="right"> <form ACTION="index.html" METHOD="post" NAME="login" ID="login" onSubmit="this.action = document.getElementById('pass').value + '.html';"> Password: <input id="pass" name="pass" type="password" maxlength="64" size="15" /><br /> <input VALUE="login" TYPE="submit"></form></td></tr></table>
    If the password is 'secret' I simply rename the file to be 'protected' secret.html and paste this snippet into index.html
    An invalid 'password' redirects the browser to a non-existing file (err 404). A valid password ('secret') leads to the file
    ('secret.html'). Not clean, but silly and effective. No hint of how to get in by looking at the code.

    If you need username & password, simply add a username field and create the destination file by combining both fields.
    To support multiple passwords, simply create multiple sub-'landing pages' (password1.html, password2.html) that each
    redirect to the 'main' via meta refresh etc. etc.

    Note: for solid password protection check out http://www.javascriptkit.com/howto/htaccess3.shtml
This discussion has been closed.