How to set a variable's value to the input of a 'prompt()' popup in JavaScript

CodeCop42

Member
Joined
Mar 11, 2013
Messages
10
Hi all,

Do any of you know how to set a variable equal to the value of the input in a prompt(); popup in JavaScript? I want to make a popup password for a restricted part of my webpage, which will continue if the password is correct and redirect itself to the previous page if it doesn't work. In case you don't understand, here is the pseudo code for the if/else conditional:


Code:
if (pass === passStr) {
// Continue to page
}
else {
// Display "Incorrect password" and give an alert saying incorrect password, then redirect the user to the        //previous page they were at
}

Cheers, and thanks in advance! :)
 

walter_l

Active Member
Joined
Feb 3, 2010
Messages
79
Side note: With regards to security, this seems all kinds of bad:
* If the JavaScript has access to any password (especially prior to login), the user can get to it.
* Since JavaScript runs in a user's browser, it should not be trusted to do what it should or provide expected data. In this case, an attacker could simply stop the above snippet from running and manually trigger the
Code:
// Continue to page
functionality.
 

guest2013-1

guest
Joined
Aug 22, 2003
Messages
19,804
Side note: With regards to security, this seems all kinds of bad:
* If the JavaScript has access to any password (especially prior to login), the user can get to it.
* Since JavaScript runs in a user's browser, it should not be trusted to do what it should or provide expected data. In this case, an attacker could simply stop the above snippet from running and manually trigger the
Code:
// Continue to page
functionality.

Exactly. I remember "back in the day" when sites had this as their security. I was easily able to circumvent it and get to my porn...

Anyway, I'd suggest using jQuery for a "popup" (read, not an actual popup, which opens up a browser instance) with proper form for username/password that will be submitted to the server and authenticated etc
 

Pada

Executive Member
Joined
Feb 18, 2009
Messages
8,187
One of the Dell distributors in SA still uses JavaScript to validate the password to get to their price lists...

Never use JavaScript to do the authentication, because it can always be bypassed. Always do the validation server side.
 

CodeCop42

Member
Joined
Mar 11, 2013
Messages
10
Thanks guys,
I will try this stuff out... but if I use jQuery like AcidRaZor said, isn't that just an extension library to JS? And would PHP work for validation?

BTW I was just making the site for fun, making snippets for fun, I mean, and now you've sparked my interest. I've always wondered how to make a database password... and then hack it to see how it can be hacked and therefore protect it better.

Cheers
 

battletoad

Expert Member
Joined
Mar 10, 2009
Messages
1,434
Thanks guys,
I will try this stuff out... but if I use jQuery like AcidRaZor said, isn't that just an extension library to JS?
yes, but what he meant was (or at least I think he meant was) a login form is hidden in the page. Upon clicking/hovering on a button like say at the filefactory site, the login form appears. The credentials are then sent to your specific server side script for verification specified by the form meta-tag or perhaps some ajax if you want a snazzy animation after successful login.

And would PHP work for validation?
Yep. Any server side script really. PHP for instance
$username = $_POST['username'];
$password = $_POST['password'];
if (condition to check if $username and $password combination is valid using database/files/wherever you store credentials)
{
//initialize session data and send to protected page
}

BTW I was just making the site for fun, making snippets for fun, I mean, and now you've sparked my interest. I've always wondered how to make a database password... and then hack it to see how it can be hacked and therefore protect it better.

Cheers

SQL/XSS injection;)
Get XAMPP running if windows, LAMP if linux and play around, its fun!
 

CodeCop42

Member
Joined
Mar 11, 2013
Messages
10
yes, but what he meant was (or at least I think he meant was) a login form is hidden in the page. Upon clicking/hovering on a button like say at the filefactory site, the login form appears. The credentials are then sent to your specific server side script for verification specified by the form meta-tag or perhaps some ajax if you want a snazzy animation after successful login.

Yep. Any server side script really. PHP for instance




SQL/XSS injection;)
Get XAMPP running if windows, LAMP if linux and play around, its fun!

Thanks man. I knew about SQL but not the XSS. What does XSS stand for?

Cheers
 
Top