 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / HTML, CSS, Scripts / JavaScript / December 2006Scripting Question
<!-- Begin function Login(){ var done=0; var username=document.login.username.value; username=username.toLowerCase(); var password=document.login.password.value; password=password.toLowerCase(); if (username=="member1" && password=="password1") { window.location="page1.html"; done=1; } if (username=="member2" && password=="password2") { window.location="page2.html"; done=1; } if (username=="member3" && password=="password3") { window.location="page3.html"; done=1; } if (done==0) { alert("Invalid login!"); } } // End --> In the above script, is there a way that I can direct a person to a specific worksheet of an excel workbook saved as an XML spreadsheet instead of another web page? If so, can someone please reply with the correct syntax. Thanks. Anthony wrote on 30 dec 2006 in comp.lang.javascript: > <!-- Begin > function Login(){ [quoted text clipped - 12 lines] >} > // End --> Sending the usernames and passwords to anyone on the web is not realy a secure constraint. I think it is more dangerous thad having no login at all, because it gives false security to the user [and webmaster!] Prossessing an xml file for display is another ball game, where others might help you better. > In the above script, is there a way that I can direct a person to a > specific worksheet of an excel workbook saved as an XML spreadsheet > instead of another web page? If the requested file is saved on a server, you could just put in the URL and have the user download the file. If it is saved on the client's pc, there is no access without compromizing the security settings of the individual browser. > If so, can someone please reply with the > correct syntax. Thanks. But again, please do not use the above fake security of using clientside password checking!!! That being said, the above code is a bit strange, as if the programmer did not know the "else" clause. Where more users should be added a loop and array is more versatile, only safe to use in a protected intra(!)net surrounding: =============== test.html ================== <script type='text/javascript'> function Login(f){ var username = f.elements['username'].value.toLowerCase(); var password = f.elements['password'].value.toLowerCase(); var arr = [ ['member1','password1','http://x.yz/page1.html'], ['member2','password2','http://x.yz/page2.html'], ['member3','password3','http://x.yz/page3.html'] ]; for (n=0;n<arr.length;n++) if (username == arr[n][0] && password == arr[n][1]) { window.location.href = arr[n][2]; return false; }; alert('Invalid login!'); return false; }; </script> <form name='login' onsubmit='return Login(this)'> <input name='username'> username<br> <input name='password'> password<br> <input type='submit' value='go'> </form> ==========================================  SignatureEvertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) Thanks, for the help. The script I listed earlier is to be used for a team website on a company intranet. You stated that it is not very good code or even very secure for that matter. Is the code that you wrote in your e-mail better? I expect that it probably is. Finally, can I use this code on my site to do what I want? Thanks, again. > Anthony wrote on 30 dec 2006 in comp.lang.javascript: > [quoted text clipped - 81 lines] > The Netherlands. > (Please change the x'es to dots in my emailaddress) Anthony wrote on 30 dec 2006 in comp.lang.javascript: >> Sending the usernames and passwords to anyone on the web >> is not realy a secure constraint. >> I think it is more dangerous thad having no login at all, >> because it gives false security to the user [and webmaster!] >> That being said, >> the above code is a bit strange, [quoted text clipped - 33 lines] >> </form> >> ========================================== [Please do not toppost on usenet] > Thanks, for the help. The script I listed earlier is to be used for a > team website on a company intranet. You stated that it is not very > good code or even very secure for that matter. Is the code that you > wrote in your e-mail better? I never wrote you an email, this is an usenet posting. No the code is not better security wize, and if you are not proficuient enough to see the security flaw for yourself, PLEASE do not go this way. Password security should be checked ON THE SERVER with serverside code. > I expect that it probably is. No, see above. Even on an intranet, id you think security is important, do not use clientside coded checking, becauseanyone can look at the source and print out all the username/password combinations EVEN BEFORE being checked. If you show us an URL with your code, most of us here can get in within 30 seconds. My code is "better", in the sense that you can add per single row users ad libitum without changing the rest of the code: >> var arr = [ >> ['member1','password1','http://x.yz/page1.html'], ['blag','broum','http://www.cnn.com\'], ['bl222ag','br888oum','http://www.aol.com\'], ['bla444g','b666roum','http://www.google.com\'], >> ['member2','password2','http://x.yz/page2.html'], >> ['member3','password3','http://x.yz/page3.html'] >> ]; > Finally, > can I use this code on my site to do what I want? Certainly, if you are not troubled with the above. SignatureEvertjan. The Netherlands. (Please change the x'es to dots in my emailaddress) |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.