Javascript Login (User Account)

[Wyatt78]

Hello, I have been working on a website for a while now and have started working on user created accounts for my javascript login. Here is the code for the login:
<h3 align="center">
Sign In</h3>
<form id="Form1" onsubmit="login()">
<p align="center"> User Name: <input type="text" id="userid"></p>
<p align="center"> Password: <input type="password" id="pswrd"></p>
<p align="center"><input type="submit" value="Login"/>
<input type="reset" value="Cancel"/></p>
</form>
<script language="javascript">
UNArray=["User1","User2","User3"]
PWArray=["Password1","Password2","Password3"]
function login(){
for(i=0;i<=UNArray.length;i++){
if(document.getElementById("userid").value==UNArray[i]){
if(document.getElementById("pswrd").value==PWArray[i]){
window.open("Home.html")
}
}
}
}
Here is the code for the "Create An Account" page:
<form id="form1">
Your First Name: <input type="text" name="firstname">
<br/>
<br/>
Desired Username: <input type="text" name="username">
<br/>
<br/>

Email (Optional): <input type="text" name="Email">
<br/>
<br/>
Password: <input type="password" name="password">
<br/>
<br/>
<input type="submit" value="Submit">
</form>
Can Anyone help me with this? Thanks!

[UltimateCoder]

You can not use JavaScript to let people create acounts.
PHP needs to be used.

[Wyatt78]

Thank you, I have downloaded PHP but have no idea of how to install it.

[rnd me]

Quote:

Originally Posted by UltimateCoder

You can not use JavaScript to let people create acounts.

why not?

[Wyatt78]

If you have enough time, I would also like to see what is wrong with this code. I added in some code to make a username appear when you move to the Home page, and a "Signed in as Guest" section if you move to the page without logging in. Here is the code:
<script type="text/javascript">
window.onload=showName
function showName(){
if(localStorage.getItem("DDragon_UserName")=="" || localStorage.getItem("DDragon_UserName")=="undefind"){
document.getElementById("LoggedIn").innerHTML="Signed in as Guest"
}
document.getElementById("LoggedIn").innerHTML="<a href='"+localStorage.getItem("DDragon_UserName")+"Profile.html'>"+localStorage.getItem("DDragon_User Name")+"</a>"
}
function logout(){
localStorage.setItem("DDragon_UserName","")
}
</script>

[Wyatt78]

Quote:

Originally Posted by Wyatt78

If you have enough time, I would also like to see what is wrong with this code. I added in some code to make a username appear when you move to the Home page, and a "Signed in as Guest" section if you move to the page without logging in. Here is the code:
<script type="text/javascript">
window.onload=showName
function showName(){
if(localStorage.getItem("DDragon_UserName")=="" || localStorage.getItem("DDragon_UserName")=="undefind"){
document.getElementById("LoggedIn").innerHTML="Signed in as Guest"
}
document.getElementById("LoggedIn").innerHTML="<a href='"+localStorage.getItem("DDragon_UserName")+"Profile.html'>"+localStorage.getItem("DDragon_User Name")+"</a>"
}
function logout(){
localStorage.setItem("DDragon_UserName","")
}
</script>

Solved this!

[Taro]

Quote:

Originally Posted by rnd me

why not?

Hello,

PHP is server side scripting, so passwords are secure within the servers. JavaScript is more local, so passwords and accounts can be hacked more easily, being that they may be located within the source code of the webpage. But, it should be possible to make JavaScript harder to hack, like finding ways to encrypt source code frequently without accessibility violations.

[felgall]

Quote:

Originally Posted by Taro

like finding ways to encrypt source code frequently without accessibility violations.

The smallest JavaScript encryption script I have come across is about 5k when minimised. Without a server side scripting language you'd also need to manually encrypt all the page content before uploading - and redo everything when you spot a typo in the page.

Using JavaScript encryption would then make the entire page inaccessible to anyone with JavaScript turned off - with the only solution being to provide the unencrypted version to anyone who turns off JavaScript.

If you use anything other than proper encryption then all someone need do is view the script source to see how to bypass the login. The only way to avoid this is to use a server side script.