gameratheart
May 14 2008, 10:20 PM
JavaScript is very handy at making forms, allowing for much more customization and easier ways to send data. So making Login forms using JavaScript may seem to many to be a very feasable idea. However, JavaScript is very bad at protecting Passwords, as since the passwords are not encypted and the whole JavaScript code is in the page, a person could just view the Page Source and find out everything. Even if you use an external JavaScript, it would still be poor as the file name for the external JavaScript would still be revealed. But I have an answer! There is a relatively easy way to make a moderately-secure password system using JavaScript. And here's the trick: you don't use a password at all! First, make a webpage with the following content: CODE <html>
<head>
</head>
<body>
<form name="login">
<INPUT TYPE="password" NAME="password" VALUE="" size="20">
<INPUT TYPE="button" NAME="button" Value="Submit Password" onClick="submitPassword(this.form)">
</form>
</html> This page will work as the Login Page. Now, rename the file you wish to protect so that the bit BEFORE the extension is the same as the password you want to use. To prevent people seeing this file, you should disable indexing for the folder it is in. Now edit the login page again, and in the HEAD tag of the page, add this: CODE <script>
<!--- Hide from old browsers
function submitPass() {
var location;
var password;
password=this.document.login.password.value;
location=password + ".html";
location.href = location;
}
--->
</script> If the file you are protecting uses an extension other than .html, change the ".html" bit to match the extension. This script directs people to the protected file if the password matches, because it uses the entered password as a redirect to the file. So if the password does not match, the users will either be directed to a non-existant file (Error 404), or a completely different file from the one they wanted to get! This method is only "moderately secure", though, because the actual file is not protected and can still be accessed if someone knows the file's name. So you shouldn't use it for high-security files, but if you just want to keep out the general public, this is a good, simple solution. Oh, and just a disclaimer. Some HTML Help websites appear to be distributing scripts similar to my one. While they follow the same principle as my own, they are in no way a basis for my code. This whole tutorial is completely, 100%, my own writing, and any similarities are purely coincidential.
Comment/Reply (w/o sign-up)
Saint_Michael
May 15 2008, 03:09 AM
I would have to disagree that javascript is great at making forms, yeah they can produce some nice little features, but once you get into PHP coding a form in javascript seems 10 years ago. I was thinking though why wouldn't you just code so you can password protect the fold through the hosting admin panel. I know trap17 cpanel has a folder protection process and so if you code the script to follow that password then it saves you the time of trying to hardcode the group of files within that folder. Of course, I think with a bit of tweaking with javascript and php password protection scripting you might be able to add a second layer of protection
Comment/Reply (w/o sign-up)
osknockout
May 16 2008, 02:40 AM
Hey! I remember this method! It's pretty ingenious, but rather vulnerable to man-in-the-middle attacks. And packet sniffing will find that plaintext out in a second. I'd rate it pretty good - assuming you have no malignant character with knowledge of network security. What's the chances of tha- oh wait...  Php does help, but again, man-in-the-middle attacks. I'm pretty sure trap uses ssl. (you know, the https:// stuff). Which itself uses SHA-1 at least if I remember right. Personally, I'd go with SHA-512 cause a break in 2^39 attempts isn't that fun, but we can't be picky with programs developed for us... (edit: ssl, not ssh. duh...)
Comment/Reply (w/o sign-up)
gameratheart
May 23 2008, 07:34 PM
Yes, obviously if you do have any knowledge of PhP or you are using a Hosting Platform with SSL Password Protection (which Trap17 does), you should use these to secure your files instead of the method I mentioned above, as they are much more secure. This tutorial is really meant as a simple alternative for people who are not expirienced with PhP and do not have any other method of Password Protection for their site's content. And Saint, while you may be right that Javascript's abilities pale in comparision to PhP, that doesn't mean Javascript is an old-skool coding platform. Actually, if you know how to use Javascript cleverly enough, you can use it with PhP to make some awesome scripts. Just look at some of the popular forum software on the web today...
Comment/Reply (w/o sign-up)
hitmanblood
May 23 2008, 11:33 PM
OK first of all javascript shouldn't be used for such purposes like forms and security in general because javascript is not secured at all. And this is the main reason why would I discard it as language of choice for such things. So what is the point. It is very simple javascript is being executed on your clients browser and because of that there have beeen developed many different mathods for obtaining or changing javascript on the page. Javascript should be used only for sending informations back and forth that is I mean on AjAX(asynchronus javascript and XML) and you should use it to make some nice things to your web page like changing on the page in the real time that is without reloading every single part of the page. Like hover overs and mouse clicks when there is no need to send informations to the server and back. You can even use it to send informations back and forth to the server. But don't use it for any security jobs and for gods sake any inputs. But nontheless when you are programming some portal you should be able to check all the data inserted trough the page. Also consider that php is server executed language and you have more control over it that is the main reason why it should be used against javascript not that one or the other are old fashioned or something like that. But the thing is that you have to have control over what your users are inputting and check all the data this is the main reason. And in the end I would like to mention that both languages have its good and bad things.
Comment/Reply (w/o sign-up)
gameratheart
Oct 28 2008, 05:52 AM
I think that all your arguments boil down to one simple fact: JavaScript has its advantages, and also its disadvantages; but if you know another language (like PhP) well enough, you should always go for that language instead, as it's always the better option. I'm not going to defend the merit of JavaScript any longer. The only two reasons I posted this tutorial were: 1. To share my knowledge, 2. To give people who know nothing about security a simple option to keep them going until they learn how to use the proper stuff. As such, I don't want any more arguments about how insecure JavaScript is for this purpose. And Osknockout is right - SSL is some of the best protection you can get.
Comment/Reply (w/o sign-up)
AshTheGamer
Oct 28 2008, 10:12 AM
Great Tutorial, I did this before, Then it came to the stage of an Epic fail because it would accept any password, But this works brill. Thanks.
Comment/Reply (w/o sign-up)
-Sky-
Oct 28 2008, 07:17 PM
Javascript can give errors on your sites I think. SM helped me with that when I had a problem when using <applet> codes. When I removed them all my site was fine but of course that was before my forum had been installed. I'd like to learn how to create web based control panels with Javascript, Microsoft Visual Studio .NET 7.1 Generator, and Visual Basic .NET 7.1. That'd be awesome!  -Sky
Comment/Reply (w/o sign-up)
DeM0nFiRe
Oct 30 2008, 11:58 AM
Heh, that's a pretty sneaky way of doing it. As said, though, PHP would be a better way to go. When the topic said a secure password system I thought you were talking about logging into like a website and I was going to say "Yeah? doesn't everyone use JavaScript to make it secure?"
Comment/Reply (w/o sign-up)
encryptedwrath
Oct 30 2008, 06:37 PM
A better way to show that code would be to explain which fragment does what when uploaded to web , but it's still useful anyhow
Comment/Reply (w/o sign-up)
iGuest
Nov 13 2008, 10:53 PM
This isn
Make A Moderately-secure Password System Using Javascript
hey, yeah I'm one of those newbs you designed this thing for. I need to implement this in my site for a homework assignment and I copied it just the way that you have it up there. Aaaaaaaand . . . It doesn't work.
:..(
The only two things that I added was a background image and a link back to the previous page (in case the person typing the password gave up).
Those two things couldn't possibly have any effect on the form, could they?
If you could help, that would be great.
-
Osman Sufi
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : make, moderately, secure, password, system, javascript, file, redirection, hide, password,
- Rfi (remote File Inclusion) What Is It? How Do I Stop It?
Another website security tutorial (0)
Sql Injection, How To Do It, And How To Prevent It
NOT a hacking tutorial, learn how to secure PHP scripts (0) Sql Injection, its one of those terms that is banged around the internet, and not everyone knows
what it is. Basically it is what it says it is, its a way of injection SQL code into a script (in
this case a PHP script) that connects to, and queries a databae, specifically an SQL based database.
So how do you inject code into code? Think about this logically and with some code examples, the
following code takes the users input in POST variables: CODE $user = $_POST ; $pass = $_POST ;
$query = mysql_query("SELECT * FROM users WHERE username='$user' AND passw....
How To Create Pdf Files Using Free Tool
Introduction to use a free tool to create PDF file (10) Now, that you don't need to have expensive software like Acrobat to create PDF. All you need is
Microsoft Office and a software name doPDF. You can download the freeware from
http://www.dopdf.com/download.php After downloading dopdf.exe, follow the instruction below 1.
Double click to install it, as display at image 1.jpg, choose a language and click OK 2. You will
see 2.jpg click next 3. Click I accept the agreement see 3.jpg, click next 4. Now you will see
4.jpg, select the folder to install it and click next 5. When seeing 5.jpg, This is the folder group
in Star....
How To Remember Complex Passwords
Use the BEST password system ever! (14) The Trap17 forums have a whole subforum devoted to those amongst use who have failed to remember
their passwords, and have locked themselves out of their free web hosting account. If you forget
your password, you can go to Free Web Hosting, No Ads > FREE WEB HOSTING > FREE WEB HOSTING
REQUESTS > Free Web Hosting : Password Reset and ask the friendly admins there to reset your
password for you. Remember the days when your password on the Internet could be something like
andrew18 ? And you could use that same password on all three websites that you visited....
How To Extract The Audio From Youtube Videos
get an mp3 file from youtube (6) How To Extract The Audio From YouTube Videos This lovely simple tutorial will tell you how
to extract the audio from YouTube videos. Obviously , I am not in any way advocating that you take
copyrighted music that is available illegally in video-form on YouTube and extract the audio from
those videos rather than going down to HMV and buying the music. In this tutorial I will be using
the following video: http://uk.youtube.com/watch?v=gUhhRc5eWNw Firstly, you download the video,
which is simple. Just go to www.downloadyoutubevideos.com and paste the video....
Lesser Known Useful Javascript Features
(2) Variables Javascript assigns every variable a type which changes as we assign different
values to the variable. We can get the type of a variable using the ' typeof ' operator.
For eg., CODE var hello = "Welcome to Trap17"; var year = 2008; alert(typeof hello );
alert(typeof year ); The above lines will output the type of the first variable 'hello'
as String and the second variable 'year' as Number . The types of Javascript variables
are Boolean, Function, Number, Object and String . A variable with no explicitly assigned v....
Debug Exe Files
How to debug an exe file. (4) Think that we have written a program, and some codes are wrong. We can go back to compiler and
change the code, and compile again. But I will show you how to correct our mistakes without using
the compiler. Let's start: I have written a program in Delphi. Let's see my mistake. I
have created a form like this. After this I wrote the codes in the Compare Button click as
below. CODE 1. procedure TForm1.ComparebuttonClick(Sender: TObject); 2. var 3.
a,b:integer; 4. begin 5. a := StrToInt(EditA.Text); 6. b := StrToInt(EditB.Text); 7. 8. ....
Tutorial : Hide Folder Without Any Softwares
Descriptive enough! (21) It's easy, just a few steps and your folder will be hidden First step : Create folder, name it
using alt+0160 Second : A folder will be created with name 1 space, then right click the folder,
properties, customize, change icon, see for a blank icon and press apply Enjoy Video tutorial
uploaded by me http://www.youtube.com/watch?v=EW8dD3KeUJk Have fun.....
Simple Javascript And Password System
How to protect your pages with password (10) The quickest way to get a password protection system up and running is to use a Prompt box in
JavaScript that has a title like "Enter your Email Address". Only you and the relevant users know
what the password should be, could even be one each, that can be sorted out at the next page then
pass the "input" directly through the url by changing the .href, like
http://www.iSource.net.nz/users/?leTmeIn= The page that then processes this should also check for
the referring page, and three fails from an IP if you like the php (the next page): CODE //
processdownloads.p....
How To Hide Your Important Files And Folders
In Ms. Windows, Without Using Programmes. (7) Most of people share their computers with others -family, mates, buddy or whoever- and that sharing
threatens their secrets and private file to be revealed, letting some people to know things they
shouldn't know.. My Securing Way: Operation - Camouflage Use an Icon
Editor to generate a 1x1 Transparent Icon and Save it .. > 1 Open CMD.. Start >> Run or Press
WindowsLogo+R.. Lets Say you wanna hide a Folder named " secure " and it's located in
E:\folder\ so Write E: and Press Enter then Write Cd folder and Enter then Attrib +s +h....
Install An Aef Forum Onto The Trap17
From a zip file (11) Installing an AEF Forum on the Trap17 Server Preparation for Installing the AEF Forum
The following items are required for the installation of the packaage onto your site: 1. - a copy
of the AEF Forum zip package from http://anelectron.com/download.php 2. - a MySql Database 3. - a
Database User 4. - a password for the Database User 5. - Privileges allowed for the Database User
The details for ensuring that you have all of these items are as follows: 1. - a copy of the AEF
Forum zip package from http://anelectron.com/download.php . Simply browse to t....
Create A Simple Html Editor With Php And Javascript
(3) Ok, I will teach you how to create a simple HTML editor that runs online with buttons that add HTML
tags. Before we start: You should have basic knowledge of these languages. HTML/XHTML
Javascript PHP You will need Ability to use filesystem functions. Chmodding abilities
Features of Editor Online PHP safe Full HTML support A Few Bad Features Can only create new
documents or overwrite Fairly unsafe Now we are ready to begin. The PHP Script This will be
our PHP script that we will use to make the file. Make a file called save.php Here is the....
Change Your Computer Password
Change Your Computer Password (6) This Topic will teach how can you change your without knowing your old Passward 1. Click "Start"
Then Click "Run". 2. In the dialog box type in "CMD" and select "OK". (Opens Command Prompt) Or you
can manually open CMD by navigating to "C:\WINDOWS\system32\cmd.exe". 3. Once Command Prompt is
open, type in "net user" and hit enter. This will display all user accounts. 4. Now type in the
following command: " net user (ACCOUNTNAME) * " and hit enter Example: net user Trap * (Dont
forget to add the asterisk) 5. Now it will ask for a new password, enter a password and....
Mootools - My Favourite Javascript Library
(3) It kind of amazes me that there's not even a mention of the Mootools javascript library
throughout this whole forum. So here I'll do a brief introduction and a tutorial on how to
produce the famous accordion effect. MooTools is a compact, modular, Object-Oriented javascript
framework designed to make writing extensible and compatible code easier and faster. MooTools lets
you get the job done efficiently and effectively. It is slightly based on the powerful Prototype
javascript framework , of which Scriptaculous runs on. (But frankly, I dislike Scriptaculou....
Javascript Scroll Bar
A scroll bar for your webpage using javascript (13) In this tutorial I will show you how to create two buttons in the bottom left of the screen that,
when hovered over, will scroll the page. Now to start with, we must create a our buttons, the first
line will create a div element, or block. Using blocks you can position items anywhere on a page.
We use the ID property just to let us know what the block is used for, as for the first block, its
obvious that it contains the vertical buttons and the second two blocks contains the horizontal
buttons. The style property of the div tag tells the browser how to draw it, in the....
How To Make A Simple File Based Shoutbox Using Php And Html
(8) A simple tut to make a simple shoutbox. Let me jump right in. First of all you need the standard
equipment for PHP, an IDE like XAMPP and an editor like PHP EDITOR 2OO7. Were going to make a
simple guestbook using three files, webpage.php, shout.php and shout.txt. Webpage.php can be
changed to whatver you want, it will be the page on which the guestbok is shown, you could even use
this code and add it to another php page n your site. Shout.php is the proccessing page and
shout.txt is where the shouts are stored. Firstly we need to make the visual design of the box.....
Simple Scripts In Html And Javascript
Things like BackgroundColorChanger and so (7) like in the topic, here is a description how to change the Backgroundcolor "On The Fly", by klicking
on a button or radio-box first, we ned the html-and body-tags, create a new html-file on your
desktop and write the following: QUOTE browser interpretation: html - tag
means "hey, browser, here comes HTML" in the body-tag you define the looking of your site. you can
add things like "bgcolor" for the background, "text" for the textcolor and link / alink / hlink /
vlink to define the linkcolor ( ) the scripttag is the tag, we'll need now (sorr....
Flat-file Cms
tutorial inspired by jlhaslip (4) Ok, for this tutorial i am only going to show you how to add updates to your site simply by storing
the information into a text file, and then displaying it with predefined formatting... OK lets get
down to business... Lets start out by making a PHP file and call it mycms.php put this code at
the top of the page. What this will do is allow us to edit the selected update when it comes time
and show and hide the add an update field and validate the form.. function ShowHide(id1,
id2) { if (id1 != '') expMenu(id1); if (id2 != '') expMenu(i....
*nix File Permissions - An Overview
(6) I was originally going to post this in a reply, but felt it would deviate from the topic.
Here's a brief overview of the three numbers in a permission "code": -The first number is for
the owner of the file. If you set a file at 600, the owner will have read and write access and
everyone else is locked out. -The second number is for the users group (users are placed into groups
to get special rights sometimes). Generally you will not give write access to a user's group.
-The third number is for the rest of the world, including web users. Setting any value that wi....
How To Set A Password In Bios
the password is asked during start up (6) first let me tell you what is setting a password in bios is the password set at bios is asked when
you start your pc even before your operating system is booted heres the steps 1.as soon as you start
your pc press 'del' or 'Esc' continiously and you'll find the bios screen
2.when you spot the bios screen go to the security section in security section there are two option
of setting password 1.admin pass - you can't del this pass in bios without knowing the
password(only for advanced users) 2.user pass - you can delete bthis password from bios ev....
How To: Make A Simple Php Site
Making one file show up on all pages using php (21) I have looked all over the site and could not find anything that was like this simple, or just like
this at all.. For some people i know that you are using a basic HTML site...and having a big menu
if you want to add somthing you have to go into every one of the pages and add or remove or edit
what you want to do, but with somthing verry simple all you would have to do is edit one file, and
all of the pages that have the PHP script on them would suddenly change to what that one file is.
So to start off if you are planning on using this little tirck, the page that you a....
Transfer File Of Any Size Using Winsock Control
Winsock Help (5) This tutorial shows how to transfer file of any size using winsock control. - Open VB; - Select
standard exe; - Press Ctrl + t to show the add component window; - Select winsock control and
microsoft common dialog; - Add one winsock control in the project; - Name it winsock1; - If you want
to add chat then add another winsock and name it winsock2; - Insert another winsock object if you
want to add chat also; - Add a microsoft common dialog box; - Name it cd; - We will use this
winsock1 object to transfer the file and winsock2 for chat; ------------- The basic idea : ....
Making Winrar Archives
and adding password to winrar archives (15) **** This tutorial will show you how to put files into .rar Archive and pass worded (if wanted)
**** What You Will Need Before continuing you will need a couple of thing, first of all you
need WINRAR , which is a very powerful archive manager. It can reduce size for you email
attachments, decompress RAR, ZIP and other types of files downloaded from the internet. You can get
winrar at http://www.rarlabs.com The other thing is that make sure your using Windows XP because
this is what I used to make this tutorial. I think it works with any other windows not....
Image Rollovers In Javascript
A Write-Once, Use-Anywhere Approach (11) Tutorial: Image Rollovers w/ Javascript, by Rob J. Secord, B.Sc. (SystemWisdom) See a
working Sample of this Script! Download a ZIP containing all working files in this tutorial!
Note: If you are not interested in reading this entire tutorial and/or have a basic understanding of
the underlying concepts, you may safely skip to the Implementation section to get the code!
Description : A Dynamic Image Rollover Script tested to work in 4 major internet browsers: MSIE,
FireFox, Netscape and Opera. Using only Javascript combined with regular HTML Images ( ....
Css And Javascript Combined For Dynamic Layout
use of different CSS files at same site (9) This tutorial is meant for people that are dealing with problems while coding their site at 100% of
width. Important notice: Some people has JavaScript disabled, so they will not be able to load CSS
file (take this in account when creating your website). How this script works. In the HEAD of your
HTML document will apply this command, so variable.js file will be load at start: CODE
In browser JavaScript file variable.js is loaded. This Javascript file consist of this parameters,
copy this code and name it variable.js CODE // JavaScript Document if (sc....
How To: Change Your Website's Index File
a simple trick using .htaccess (24) How To: Change Your Website's Index File a simple trick using the .htaccess file A simple
tutorial which only involves editing one little file. Useful for those of us who have mime-typed
extensions or who are creating lots of test design files and want an easy way to make the design
they like best their default file. Create a file called .htaccess in the /public_html/ folder if
you don't have it. I think one should be there already when you get your site so if it isn't
you should create it anyway! In the file write the following: CODE Direct....
How To: Change An Image When A User Clicks On It
using both php and javascript (12) How To: Change An Image When A User Clicks On It using both php and javascript - a powerful
combination I have seen quite a few how tos offering a method of doing this but none of which
resembled my method of making use of both php and javascript. This code is fairly repetitive and
most of the functions are easy to pick-up if you haven't heard of them before. Here it is...
Create your two images. Call them anything you like, you'd just need to change their filenames
in $imgano $imgayes. In fact with this script you can easily create more than one pair....
How To: Hide The Real Url Of Your Images
using php (28) Hiding The Real URL To Your Images Using php to protect the real url to your images In this
tutorial I will explain how you can easily hide the real .gif or .jpg url to your images by masking
it with php. This is not hard to do. A basic amount of php knowledge is required for this tutorial.
Note: This will not protect your images for content robbers. 1. Create a new php file and save
it as img.php in the public_html directory 2. Add the following code to img.php. All important
notes and information are explained in the remming. CODE $ext = $_REQUES....
Image Preloader With Progress Bar Status
Pure Client-Side JavaScript tested in 4 Browsers! (28) Tutorial: Image Preloader with Progress Bar, by Rob J. Secord, B.Sc. (SystemWisdom)
Description : A Tutorial for a Client-Side Image Preloader with Dynamic Real-Time Progress Bar
Indicator written in JavaScript! Tested to work with 4 Major Internet Browsers: Firefox, MSIE,
Netscape, Opera (Complete sample solution provided at end of tutorial, just put it on your
web-server, add your images and go!) Intended Audience : Beginner to Intermediate Web
Developers. Although this tutorial will cover some advanced aspects of JavaScript, I will try to
explain it all ....
Css Trick: Hide Disabled Internet Explorer Vertical Scrollbar
(30) I'm working on a website and a few minutes ago I got very tired from the Internet Explorer
vertical scrollbar. This vertical scrollbar is always there, even if the length of the page does not
require a vertical scrollbar. In this case, Internet Explorer will disable the scrollbar though not
remove it. In my opinion this would be correct behaviour. The disabled however not hidden scrollbar
means that a switch between a preview of your website in Mozilla Firefox and MS Internet Explorer
will lead to an annoying change of the location of your layout. To disable this an....
Looking for make, moderately, secure, password, system, javascript, file, redirection, hide, password,
|
Searching Video's for make, moderately, secure, password, system, javascript, file, redirection, hide, password,
See Also,
|
advertisement
|
|
