Hello everyone. I am currently working on the HTML / Javascript front end of a web forum system (perlBB). I have a couple of questions that would I would like to ask.

1. Is the way to include an external javascript file in a page like this?

<head>
<link href="md5.js" rel="text/javascript">
</head>

2. On my login page I need to get a username and password from the user with a form. I then need to read the password field with Javascript and pass the value to a function that will return the MD5 hash of it. Then the plaintext password gets replaced with the hash on the form and the form is submitted. Will this work?

<html>
<head>
<script language="javascript" type="text/javascript">
function process_form(form) {
var password = form.password.value;
var pwd_hash = hex_md5(password);
form.password.value = pwd_hash;
document.login.submit();
}
</script>
</head>
<body>
<form action="forum.cgi?login+1" method="post" onsubmit="process_form(this.form)" name="login">
Username: <input type="text" name="username"><br>
Password: <input type="password" name="password"><br>
Save a 1 hour cookie please <input type="checkbox" name="cookie"><br>
<input type="submit" value="Login">
</form>
</body>
</html>

Note: I'm using an open source MD5 javascript implementation, whose function are not shown here.

I am of course already testing out this approach. If someone could point if I've gone wrong somewhere and how I should be doing this it would be really usefull. Any advice appriciated.

Steven.

To Q1; that's probably the most common way. There is another way; using IMPORT directives; but the way you've put will work fine.

To Q2, you don't need:

document.login.submit()

you just need to return true at the end of that handler function.

Well, I've got the bit I just mentioned working. The next thing I need to do is set a cookie on the client machine once the user has logged in. My server side script serves a page with this code in it:

<html><head><title>Logged in</title><script type="text/javascript">
function redirect() {document.cookie='user_info=Mushy-pea~ad38488e6ea5e40358afc6fc4870575a;
expires=Sat, 27 Jan 2007 21:59:29 GMT;
path=http://localhost/restricted';
window.location="http://localhost/restricted/forum.cgi?display_page+1001"}</script>
</head><body><script type="text/javascript">setTimeout("redirect()", 5000)</script>

This is an example. The specifics are generated dynamically of course. However, I can find no evidence that a cookie is created on the client. Does it look like I have done something wrong here?

Steven.

This article has been dead for over six months. Start a new discussion instead.