...

View Full Version : how write code for a username/password form?



tartman
09-19-2011, 05:18 PM
Hey,
Does anyone have an example of code written to create a form that protects a website. Code that allows any visitor into a site using the same username and password that I give them? This site isn't NASA, I just want to email a universal pass and username to certain people and they all use it. No registration. Where and how do I get the username and password?
I'm real new so go slow....
Thanks,
T.

Ejean91
09-19-2011, 06:09 PM
HEAD>

<SCRIPT LANGUAGE="JavaScript">
<!-- I highly suggest to add atleast some protection to make the script into an external js document... that way its just a tiny bit more secure... -->

function LogIn(){
loggedin=false;
username="";
password="";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
if (username=="guest" && password=="login") {
loggedin=true;
window.location="home-page.html";
}
if (username=="guest2" && password=="login2") {
loggedin=true;
window.location="home-page2.html";
}
if (loggedin==false) {
alert("Invalid login!");
}
}
</SCRIPT>

<BODY>

<center>
<form><input type=button value="Login!" onClick="LogIn()"></form>
</center>

Simple search using google under "username and password html code" found this code. It is a very basic code, so don't allow your users to post personally identifiable information such as address, credit cards, account numbers, etc.

if you want to add more users keep adding these:


if (username=="CUStom username" && password=="lyour password") {
loggedin=true;
window.location="URL FOR THEM TO VISIT WHEN LOGGED IN";
}

tartman
09-19-2011, 06:50 PM
thank you so much! T.

tartman
09-19-2011, 06:54 PM
Thank you!
T.

DanInMa
09-19-2011, 07:06 PM
just to be clear that script will not protect actually your site. people can still go to the desired page manually or read the name and password by simply "viewing source" on the page.

Ejean91
09-19-2011, 09:06 PM
just to be clear that script will not protect actually your site. people can still go to the desired page manually or read the name and password by simply "viewing source" on the page.

wouldnt this

I highly suggest to add atleast some protection to make the script into an external js document
take care of the issue? I'm not too familiar with encryption and stuff like that, but i'm sure with this base code the OP could possibly make it work for him/her.

i think what would pose an issue is the fact that it is a javascript code. even with javascript security, all they'd have to do is disable javascript on their browser to view the source. Maybe javascript isn't what he's looking for.

M.Jackson
09-19-2011, 09:39 PM
php would be the best bet, and with a hard-coded password, it shouldn't be difficult.

What you do is write a simple form into the first html page like this:


<form action=checklogin.php method=post>
<fieldset id=login_info>
<label>Password <input type=text name=password class=text_input></label>
<input id=submit_btn type=submit value="Submit">
</fieldset>
</form>

Then you write a 'checklogin.php' file with contents something like:



<?php
session_start();
ob_start();
$submitted_password=$_POST['password'];
if($submitted_password == 'whatever'){
$_SESSION['logged_in']='yep';
header("location:someplace.php"); //wherever you want them to go after they log in
}
else{
header("location:failedpage.html"); //where you want bad attempts to go
}
ob_end_flush();
?>


Then, before the <!doctype html> tag in your files <that have to be names *.php> throw in a:



<?php
session_start();
if(!(isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != 'yep')) {
header("location:failedpage.html"); //where you want bad attempts to go
}
?>


I feel like there may be an error in there somewhere, but all of that code was stripped from a working site and de-identified. It should do the trick just fine and no one can see your password.

Ejean91
09-20-2011, 02:43 PM
i was going to suggest php too, i jsut didn't know how in-depth he wanted to go with his password security.

Thanks for posting that though, that might help if i wanted to create a guestbook for my sharepoint site.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum