JavaScript Popup Password Help

[Sup3rCow]

Hi People,

I am currently trying to create a JavaScript Popup Password that when you enter the page it Popup and ask for a password. Now this is working, but can I create deferent login password (even through other files), but no PHP or database servers please.

Oh, and can I make USERNAME and PASSWORD popups?

Here is my current HTML Code:

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<script type="text/javascript"><!--
var password = "password";
var string = prompt("Please enter the password", "");
if(string!=password) {
alert("Wrong password!");
window.location="about:blank";
}
//--></script>
<body>
It Works!
</body>
</html>

Thank you in advance
Sup3rCow

 

[AndyCT]

As it stands all someone has to do is look at your source code (right click->view source) and they will have the password. If you are programming for the real world then you will need a database solution in my opinion (which means a server sided language like PHP).

 

[Sup3rCow]

Don't worry about that i'm going to scramble my html code so you can't see the password. I don't really want to use a database or PHP so can you please help me. Oh and BTW I find scripts on the Internet, but you can easily bypass the system.

 

[ld13]

Don't worry about that i'm going to scramble my html code so you can't see the password.

Using what? The only tech that is largely still secure is ... ioncube. And that is still crackable to some degree.
And lets not forget, javascript is always executed by the browser... if the browser is able to see the code, so can any end user.

 

[stricken]

security 101 : F.

 

[Other Pineapple Smurf]

Don't worry about that i'm going to scramble my html code so you can't see the password. I don't really want to use a database or PHP so can you please help me. Oh and BTW I find scripts on the Internet, but you can easily bypass the system.

ROFLMAO

EDIT: OK, I've stopped laughing my ass off and it is possible to do what you want but you need a better understanding of your approach. One of the more popular ways to store passwords is to use salt.

But your going to have to google it yourself: javascript password salt

 

[murraybiscuit]

hunter2

 

[wishblade]

hmmm... me wonders what site this is for? :twisted:

maybe hopefully something to do with money transfers, etc :twisted:

 

[boswald]

Using javascript is not going to work at all. With Chrome or even Firefox and Greasemonkey you can just edit the code sitting on the browser so no matter what you do to your code you can always just replace it with 1 == 1

 

[murraybiscuit]

or you just disable javascript and surf to the redirected url.

 

[KobusDJ]

To test more passwords, use : - if string is not pass1 OR pass2 OR pass3 ..... and so forth.

I can not see how you will be able to "hide" or "scramble" the JavaScript. All modern browsers have developer tools (Opera Dragonfly, Firefox Firebug, and even IE9) that will show everything on a web page as interpreted by the browser..... and even allow changes as mentioned by boswald in a previous post above.

 

[Sup3rCow]

Ok thanks I am understanding what you guys are saying, forgot about disabling the javascript. But is there a way for password protecting a page\pages without using databases.

I know there scripts like this:

<body><script>

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1

for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}

//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==134603040&&passcode==126906300)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD

{
window.location="members.htm"}
else{
alert("password/username combination wrong")}
}
</script>

<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">

<input type="button" value="Submit" onClick="submitentry()">
</form>
</body>
</html>

but if you go to the source of the page you'll see were the page is leading and so bypass the password.

So again is there HTML scripts for password protecting web page/pages with multible username and password.
Thanks Sup3rCow

 

[boswald]

.htaccess if you using apache, web.config if you in iis

 

[Sup3rCow]

Thats my problem all I can work with is HTML and Javascript. But Javascript is a bad idea.

 

[murraybiscuit]

Depending on your host you can either set up password enabled dirs in the hosting control panel or via support request.

 

[Sup3rCow]

The person I an doing this for is being hosted by @lantic and they have nothing. I asked him to use another one, but no. Now I have the problem. What do you guys think about CyberSmart web hosting??

 

[KobusDJ]

What may work is ... password = document name. e.g. password = MyProtectedPage and document = MyProtectedPage + ".htm"
If you use it like this, not the password, nor the link is in your JavaScript/HTML. Basically the user must type the name of the link. - if he knows it.

NB! Directory browsing must be Off/Disabled

 

[stevenv]

Thats my problem all I can work with is HTML and Javascript

Is this for a course/training or for a commercial product?

If course/training: they course is really poor if they expect you to secure a website without back-end access control mechanisms.
If commercial product: the company will be really poor soon if they expect you to secure a website without back-end access control mechanisms.

 

[Sup3rCow]

@KobusDJ: Thats an idea it can work, but passwords would be better. I'll keep your idea for my last solution.
@stevenv: Its none of the above. He wants a site were people can normally browse and the a page the "members" can access and view like "private stuff"

 

[KobusDJ]

Simple Example