Password Script POP-UP HELP!

@rangerschoolAug 11.2009

Hello,

Seeking assistance here. Im new to this forum and was trying to find the right area to post. I apologize if this is not it. ?

I have successfully entered the HTML code for this in a website I am working on.
The problem I am running into is that I am getting a message after entering the username and password that reads” to view this page you need to login to area “authorization required” on [url]www.essex.net:80[/url].
your password will be sent in the clear

Then it asks me to login again. which logs me in perfectly.

~~[B]~~~~[I]~~ I just want to get rid of the additional login screen pop-up I am getting.
This was the script I retrieved from this website below.[/I][/B]

<!– This script and many more are available free online at –>
<!– The JavaScript Source!! ~~[url]~~http://javascript.internet.com[/url] –>

<!– STEP TWO: Paste this code into the BODY of your HTML document –>

<BODY>

<center>
<form name=login>
<table width=225 border=1 cellpadding=3>
<tr><td colspan=2><center><font size=”+2″><b>Members-Only Area!</b></font></center></td></tr>
<tr><td>Username:</td><td><input type=text name=username></td></tr>
<tr><td>Password:</td><td><input type=text name=password></td></tr>
<tr><td colspan=2 align=center><input type=button value=”Login!” onClick=”Login()”></td></tr>
</table>
</form>
</center>

~~[B]~~~~[I][COLOR=”Red”]~~This is what I have now[/COLOR][/I][/B]:

<!– Begin
function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username==”essex” && password==”lk123″) { window.location=”Lake_Forest_Rate_Sheet.html”; done=1; }
if (username==”essex” && password==”org123″) { window.location=”Orange_Rate_Sheet.html”; done=1; }
if (username==”essex” && password==”org111″) { window.location=”Lake_Forest_Rate_Sheet.html”; done=1; }
if (done==0) { alert(“Invalid login!”); }
}
// End –>
</SCRIPT></span><strong><br />
</strong></p>
<p style=”text-align: center”><span><center>
<form name=login>
<table width=225 border=1 cellpadding=3>
<tr><td colspan=2><center><font size=”+2″><b>Log In</b></font></center></td></tr>
<tr><td>Username:</td><td><input type=text name=username></td></tr>
<tr><td>Password:</td><td><input type=text name=password></td></tr>
<tr><td colspan=2 align=center><input type=button value=”Login!” onClick=”Login()”></td></tr>
</table>
</form>
</center></span></p>

Not sure what I was doing wrong.
Im sure its something simple, but its late and I give up after 3 hours.

This is the link for the project. I can change the passwords later once I figure this thing out.
Thanks for your assistance everyone!

~~[URL=”http://www.essexmortgage.net/Rate_Sheets.html”]~~http://www.essexmortgage.net/Rate_Sheets.html[/URL]

to post a comment

JavaScript

6 Comments(s) _↴

@JMRKERAug 11.2009 — #The second log-in request is being provided by your ISP because you are trying to enter a secured directory.

As I see it you have two choices:

1. Remove the JS password logic and go directly to the pages you want in the secured directory. The server will ask for the correct username and passwords to continue. This is the better way to go.

2. Move the HTML files from the secured directory to an unsecured directory. Obviously, less security could be less desirable.

If there is a third way, I'll wait for other forum members responses because I would like to learn also.

?

@rangerschoolauthorAug 11.2009 — #Thank you for the reply. Much appreciated.

I like the first idea below that you suggested I think.

[I]1. Remove the JS password logic and go directly to the pages you want in the secured directory. The server will ask for the correct username and passwords to continue. This is the better way to go.[/I]

Im not to sure how to approach this though. Would I delete portions of the script but somehow retain the pop up I am experiencing now? m not sure how the code should look if this is the case.

Im sorry if Im not making sense. This is a new one on me and the company wants me to get rid of that thing pretty quick. Im trying to figure this out as fast as I can.

I should probably mention Im using Go-daddy template software for this project and basically all I did was tweak the script and add it under a script button. Im wondering if adding it as HTML might have a difference or not?

I can try this to see. LMK what you think.

It sounds like the ISP is prompting this.

Thank you again

@JMRKERAug 11.2009 — #Won't be as pretty as before, but try this ...

Remove this:

<i>
 </i>&lt;SCRIPT LANGUAGE="JavaScript"&gt;
 
 &lt;!-- This script and many more are available free online at --&gt;
 &lt;!-- The JavaScript Source!! <a href="http://javascript.internet.com">http://javascript.internet.com</a> --&gt;
 
 &lt;!-- Begin
 function Login(){
 var done=0;
 var username=document.login.username.value;
 username=username.toLowerCase();
 var password=document.login.password.value;
 password=password.toLowerCase();
 if (username=="member1" &amp;&amp; password=="password1") { window.location="page1.html"; done=1; }
 if (username=="member2" &amp;&amp; password=="password2") { window.location="page2.html"; done=1; }
 if (username=="member3" &amp;&amp; password=="password3") { window.location="page3.html"; done=1; }
 if (done==0) { alert("Invalid login!"); }
 }
 // End --&gt;
 &lt;/SCRIPT&gt;

Change this:

<i>
 </i>&lt;BODY&gt;
 
 &lt;center&gt;
 &lt;form name=login&gt;
 &lt;table width=225 border=1 cellpadding=3&gt;
 &lt;tr&gt;
 &lt;td&gt; 
 &lt;center&gt;
 &lt;font size="+2"&gt;&lt;b&gt;Members-Only Area!&lt;/b&gt;&lt;/font&gt;
 &lt;/center&gt;
 &lt;/td&gt;
 &lt;/tr&gt;
 &lt;tr&gt;
 &lt;td&gt;
 &lt;ul&gt;
 &lt;li&gt;&lt;a href="Lake_Forest_Rate_Sheet.html"&gt;Lake_Forest_Rate_Sheet&lt;/li&gt;
 &lt;li&gt;&lt;a href="Orange_Rate_Sheet.html"&gt;Orange_Rate_Sheet&lt;/li&gt;
 &lt;li&gt;&lt;a href="Lake_Forest_Rate_Sheet.html"&gt;Lake_Forest_Rate_Sheet&lt;/li&gt;
 &lt;/ul
 &lt;/td&gt;
 &lt;/tr&gt;
 &lt;/table&gt;
 &lt;/form&gt;
 &lt;/center&gt;

Should present with the ISP login only.

@rangerschoolauthorAug 12.2009 — #Good evening!

Thank you again. Well it looks like that may have worked. Now just two things I have to tweak.

They dont want anyone to see that there are rate sheets listed on these.

They just want a login by itself to appear with nothing stating rate sheets.

Can this be done?

Then they have two separate passwords for two branches to take them to either the Orange Branch rate sheet or the Lake Forest Branch rate sheet.

I was trying to mess with it but I didnt want to screw it up.

Let me know what you think.

Thank you again for everything. I appreciate it.

@JMRKERAug 12.2009 — #... Now just two things I have to tweak.

They dont want anyone to see that there are rate sheets listed on these.

They just want a login by itself to appear with nothing stating rate sheets.

Can this be done?

Then they have two separate passwords for two branches to take them to either the Orange Branch rate sheet or the Lake Forest Branch rate sheet.

...[/QUOTE]

You have several choices...

1. Rename you 'Rate' sheets to something like RS1qazxsw.html and RS2qazxsw.html or some code name that you can remember.

2. Encrypt the name of the filename with a 'key value'. Decrypt the with the key to create the actual filename.

Note: This will not stop someone from decoding the rate sheet name, but it might slow them down

and you still have the ISP security to get by before the actual HTML page is shown.

3. Change page display to something like this:

<i>
 </i> &lt;ul&gt;
 &lt;li&gt;&lt;a href="L_F_R_S.html"&gt;Page 1&lt;/li&gt;
 &lt;li&gt;&lt;a href="O_R_S.html"&gt;Page 2&lt;/li&gt;
 &lt;li&gt;&lt;a href="L_F_R_S.html"&gt;Page 3&lt;/li&gt;
 &lt;/ul&gt;

But then the user would need to know which page to use to get the information you want to display.

4. You might be able to use the password as the 'key value' for #2. That way you would have only one entry to make before getting to the ISP log-in popup.

When you use a public language for security purposes, you can usually only obtain the lowest security levels. Your ISP is providing the higher level of security.

@AlzheimersAug 12.2009 — #The most secure way to hide what kind of data is in a form is to use the server to generate the webpage based on the login, using a preprocessor like PHP or ASP.NET. You set up a form linked to a page called "results.php" (for example) then use a case/switch statement to render the html body according to the user's needs.

This way, search engines or "curious" users who try to load the page without submitting the proper key won't see any hints of what the contents are.

Also in #JavaScript _↴

iframe IE mac submit form Drop down menu problem Problem with Regular Patter

Success!

Help @rangerschool spread the word by sharing this article on Twitter...

Tweet This

Password Script POP-UP HELP!

6 Comments(s) _↴

Also in #JavaScript _↴

Success!

Social

Version

Password Script POP-UP HELP!

6 Comments(s) ↴

Also in #JavaScript ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #JavaScript _↴