Web Analytics Made Easy -
StatCounter Login script to secure multiple webpages - CodingForum


No announcement yet.

Login script to secure multiple webpages

  • Filter
  • Time
  • Show
Clear All
new posts

  • Login script to secure multiple webpages

    Hey guys,

    my first post on this forum, hopefully someone can help me out with my query.

    I have programmed a webserver for an embedded system, that will dish out DHTML pages with javascript within them when connected to the required pages. Im just wondering how i can "secure" this information, with some kind of login script that will require a valid login/password (preferably encrypted). I would also like the script to "redirect" the user to the login webpage if they try to access the content pages, as well as keep track of the "session" so that each time they change the page it doesnt require another login, unless they have logged out of course. Ive done some reading, not sure whether to store this "session" information in a cookie or whether there is another way. This will also need to be completely client based.

    I hope someone can help me out, i would be very appreciative if anyone can give me any suggestions or point me in the right direction.
    Thanks in advance


  • #2
    Ok. Well, the cookie part will be hard with client-side scripting. I would suggest NOT USING a client-side language for this job. They are easily hacked, and the password has to be the name of the target page. very unreliable...Try PHP, it was built for this kind of password stuff..........
    If you want a simple password script, use the Dynamic Drive script:

    i'm only 12, gimme some slack


    • #3
      Hey Ian,

      thanks for the reply.
      Because this is an embedded project, and not using a typical windows or linux based webserver, (and i havent yet built any security into the webserver...yet), this was just meant to be a simple password discouragement. It doesnt need to employ militant security as it is only for internal use of a company.

      One other thing, it needs to have a PDA interface that i have built so far (and using net front 3.2 browser for the javascripting), ive never used PHP and have only learnt a small amount of javascript in the past day or so, so im not really sure what is client side and what is server side. Do you believe that PHP will do the trick?

      I know C ok, the syntax is javascript isnt that much different, however i am yet to find a really comrehensive reference for javascript.

      Thanks Again


      • #4
        Server side security.


        Two things. If it is corporate or applicational bsed informtion that this web server/client page is transferring through its pages or framework, and you need to encrypt this for security purposes, you might want to look at an 8 bit XML security development solution upon tranmittal of your pages, or information, and use a server side based code solution for your initial password.

        If it is simply general information you are loking to secure such as personal stuff, use an SSL (secure sockets layer) encryption, or simple server side disablement password solution.

        Your choice on this one my man.



        • #5
          I would really suggest just using PHP, unless you can develope the script that millions of programmers all over the world can't come up with...The one that makes it impossible for them to view your source, or copy images.

          If you think you can develope that script, people would pay millions ($)!
          Last edited by ianmarlowe; Aug 2, 2005, 09:33 AM. Reason: typo
          i'm only 12, gimme some slack


          • #6
            Thanks guys, ill see what i can come up with.



            • #7
              one more quick question

              ok...one more quick question.

              i have this javascript code in a file that i found and slightly modified from here http://www.codeproject.com/jscript/jspass.asp

              file demo.js
              var loggedon = false;
              ......some missing code here
              function login() // called by 'login' button (modified by Adam Hazeldene 2005)
                if ( S.UserLogin( document.all['username'].value, 
              					document.all['usecookies'].checked ) == true)
              	window.location = ""; //redirect to index page if logon permitted
              	loggedon = true;
                else loggedon = false; 
              function logout() // called by 'logout' button
                loggedon = false;
              function hasloggedon()
              	if (loggedon != true)
              		window.location = ""; //redirect to index page if logon permitted
              	else return;

              then in my main file i have this
              file elt.htm
              <script src="demo.js"></script>
              <meta http-equiv="Pragma" content="no-cache"> 
              <meta http-equiv="expires" content="0">
              <meta http-equiv="cache-control" content="no-cache">
              <meta name="ProgId" content="FrontPage.Editor.Document">
              <script language="JavaScript" type="text/javascript">
              	window.onload = "hasloggedon();"
              When i try to navigate to the page "elt.htm", it loads the correct url "logon.htm" in the address bar, however i get a 401 error. When i hit refresh, the logon page comes up however doesnt work correctly when i click on login. It says that it has produced errors and doesnt redirect at all. The wierd thing is that i believe that it is setting the "loggedon" variable to true, because when i load the "elt.htm" page (after the errors on the logon page, it lets me navigate to the requested page "elt.htm").

              Im sorry if this sounds confusing, im not sure how else to explain it!

              if anyone has any suggestions? I know you told me to use PHP, and i may yet do that if this doesnt work!

              Thanks Again


              • #8
                the best javascript password program i know

                hey the best password multipage that I tryed to hack to see if it would be good for my web-page. Which I couldn't . Anyway it's located at: