Please support our JavaScript / DHTML / AJAX advertiser: Lunarpages Web Hosting
Views: 4840 | Replies: 4 | Solved
 |
•
•
Join Date: Nov 2006
Posts: 38
Reputation: 
Rep Power: 3
Solved Threads: 1
Light Poster
<h3>Administrator Login Here:</h3>
<p>ENTER USER NAME :
<input type="text" name="text2">
</p>
<p> ENTER PASSWORD :
<input type="password" name="text1">
<input type="submit" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"admin",text1.value,"admin") >
</p>
</form>
<script language = "javascript">
function validate(text1,text2,text3,text4)
{
if (text1==text2 && text3==text4)
load('http://localhost:8080/vote-0.3/admin/');
else
{
alert("You should'nt be there");
}
}
function load(url)
{
location.href=url;
}
</script>this code is working fine in IE but not in mozilla-firefox. when I click the submit button nothing happens in firefox.....what can be done?....thanks
Last edited by apontutul : Aug 23rd, 2007 at 3:22 am.
•
•
Join Date: Jun 2006
Location: India
Posts: 7,054
Reputation: 
Rep Power: 25
Solved Threads: 372
Your code is far from being a proper XHTML document, but works in IE, since its really forgiving. A few things:
- All the form elements should go in the form tag. Its only when they go inside the form tag, a name attribute given to them is valid, otherwise name attribute for non-form elements is deprecated.
- The language attribute of
<script>tag is deprecated. Use 'type ' instead. Something like<script type="text/javascript">. - Its always recommended to place your script in the header section or include it at the bottom of your page.
- The way you are accessing the elements is completely wrong. One possible way would be to just pass the form element to the validate function and let the function pull out values from the form. Something like this:
<input type="submit" value="Push" onclick="validate(this.form);" />
I don't accept change. I don't deserve to live.
Happiness corrupts people.
Failing to value the lives of others cheapens your own.
Happiness corrupts people.
Failing to value the lives of others cheapens your own.
•
•
Join Date: Nov 2006
Posts: 38
Reputation:
Rep Power: 3
Solved Threads: 1
Light Poster
thanks got it working....
another thing, can you tell me how to get a login dialog box at the start i.e "on loading" of a page?
another thing, can you tell me how to get a login dialog box at the start i.e "on loading" of a page?
•
•
Join Date: Jul 2006
Location: Deptford, London
Posts: 987
Reputation:
Rep Power: 6
Solved Threads: 52
Posting Shark
Erm.. not using javascript. It's not a good way to adequately password protect pages. The best you can do with javascript is:
- hide everything but the password form on the page (wrap everything in an html element, set display:none; or visibility:hidden; in css) unless the user enters the correct password (then set everything visible, using display:; or visibility:visible; respectively). unfortunately, everything on the page can be seen using view > source.
- have the page redirect when the user enters the correct password ( as you're doing here ); again, anyone can look at the source, and find out the URL of the restricted page.
- the best javascript 'password protection' i've seen did this: have a page with a password form; when the user enters anything in the password field; the script redirects to a folder with the name of the correct password; the basic principle is, that it's difficult for the average user to know where the folders on a webserver are, unless you give some hint ( links, common folder names, etc ). every incorrect guess will redirect to some unmapped location on your server; not ideal, but it restricts access. the bad point here, is that any user watching an 'admin' can see what the password-named folder is.. but, it's the best javascript password restriction method that I can imagine. You could take it a step further, and transform the password entered by some text/ascii math function before redirecting, but, the script suffers from the same vulnerability I mentioned if someone sees an admin login, although, its less obvious if the function generates some long non-dictionary string of characters.
the real solution, is not to use javascript for password restriction. use some method server-side that only sends pages to users that are authorized.
aswell as a good set of tutorials for javascript, some for basic server side authorization, and somewhere in there the client-protocol-server relationship, would be quite useful...
If you want to go ahead with JS validation regardless of that advice, and you just want an input dialog to pop-up; this code _should_ do that:
http://www.java2s.com/Code/JavaScrip...nputDialog.htm
I haven't tested it atall, but it looks alright, although it's old-school quirks mode HTML. It would need the same fixes as s.o.s mentioned with regard to your posted code in order to make it 'new standards compliant'
- hide everything but the password form on the page (wrap everything in an html element, set display:none; or visibility:hidden; in css) unless the user enters the correct password (then set everything visible, using display:; or visibility:visible; respectively). unfortunately, everything on the page can be seen using view > source.
- have the page redirect when the user enters the correct password ( as you're doing here ); again, anyone can look at the source, and find out the URL of the restricted page.
- the best javascript 'password protection' i've seen did this: have a page with a password form; when the user enters anything in the password field; the script redirects to a folder with the name of the correct password; the basic principle is, that it's difficult for the average user to know where the folders on a webserver are, unless you give some hint ( links, common folder names, etc ). every incorrect guess will redirect to some unmapped location on your server; not ideal, but it restricts access. the bad point here, is that any user watching an 'admin' can see what the password-named folder is.. but, it's the best javascript password restriction method that I can imagine. You could take it a step further, and transform the password entered by some text/ascii math function before redirecting, but, the script suffers from the same vulnerability I mentioned if someone sees an admin login, although, its less obvious if the function generates some long non-dictionary string of characters.
the real solution, is not to use javascript for password restriction. use some method server-side that only sends pages to users that are authorized.
aswell as a good set of tutorials for javascript, some for basic server side authorization, and somewhere in there the client-protocol-server relationship, would be quite useful...
If you want to go ahead with JS validation regardless of that advice, and you just want an input dialog to pop-up; this code _should_ do that:
http://www.java2s.com/Code/JavaScrip...nputDialog.htm
I haven't tested it atall, but it looks alright, although it's old-school quirks mode HTML. It would need the same fixes as s.o.s mentioned with regard to your posted code in order to make it 'new standards compliant'
Plato forgot the nullahedron..
•
•
Join Date: Feb 2008
Posts: 1
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Re: javascript code not working in firefox Another issue with the code that is shown...
(this may ony be a problem with older browsers).
You have given the submit butten a "name" of "submit".
I strongly suggest you name it something else becasue it can cause a name conflict with the form.submit() method and cause form submits to fail.
(this may ony be a problem with older browsers).
You have given the submit butten a "name" of "submit".
I strongly suggest you name it something else becasue it can cause a name conflict with the form.submit() method and cause form submits to fail.
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
