| Author |
Message |
Achaean
Regular
Joined: Mar 22, 2004
Posts: 64
Location: Missouri, USA
|
 Posted:
Sun Apr 04, 2004 8:33 pm |
|
hey, I recently started screwing around and such with java script and I wanted to make a login for my site to a secure place, that I want only certain people to know of, all i need is just one username, and one pw, dont need muliple ones and such, so far ive found some code but not sure where to go from here, I want it to redirect to my ranks page as a test, heres my javascript code, you can see this at http://www.1staxis.com/modules.php?name=test2
Code:<?php
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
include("header.php");
?>
<!-- TWO STEPS TO INSTALL HTACCESS LOGIN:
1. Copy the coding into the HEAD of your HTML document
2. Add the last code into the BODY of your HTML document -->
<!-- STEP ONE: Paste this code into the HEAD of your HTML document -->
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
<!-- Based on FTP log in by: Reinout Verkerk -->
<!-- Original: Gordon Hudson (sales@hostroute.com) -->
<!-- Web Site: http://www.hostroute.com/ -->
<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->
<!-- Begin
function Login(form) {
var username = form.username.value;
var password = form.password.value;
var server = form.server.value;
if (username && password && server) {
var htsite = "http://" + username + ":" + password + "@" + server;
window.location = htsite;
}
else {
alert("Please enter your username and password.");
}
}
// End -->
</script>
</HEAD>
<!-- STEP TWO: Copy this code into the BODY of your HTML document -->
<BODY>
<!-- The hidden form field "server" needs to be the
address of your password protected directory. -->
<br><br><br><br>
<form name=login>
<input type="hidden" name="ranks.php" value="http://www.1staxis.com/modules.php?name=Ranks">
Username:
<input type=text name=username size=20>
<br><br>
Password:
<input type=password name=password size=20>
<br><br>
<input type=button value="Login!" onClick="Login(this.form)" name="button">
</form>
<!-- Script Size: 1.58 KB -->
<?php
include("footer.php");
?>
|
my site is www.1staxis.com, any help would be most appriciated! |
| |
|
    
  |
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Sun Apr 04, 2004 9:26 pm |
|
Why not just make a secret user/pass and only let those people know about that you want to have it? JavaScript (client side) loginins are MUCH less secure than nuke (server side). |
| |
|
|
|
|
Achaean
|
| Posted:
Sun Apr 04, 2004 9:29 pm |
|
alright well heres want i want, dont care how to do it, didnt know how to do the phpnuke, no one i knew knew how to do it, so all i want is maybe 1 user name, or two, that is general, for everyone to use to access my page, can you give me code to do that or help me on it? |
| |
|
|
|
|
Raven
|
| Posted:
Sun Apr 04, 2004 9:31 pm |
|
There is no code. Just register a username/password with nuke as you normally would and then only give that id/pass out to those that you want to have it. |
| |
|
|
|
|
Rikk03
Worker
Joined: Feb 16, 2004
Posts: 164
|
| Posted:
Mon Apr 05, 2004 12:28 am |
|
Why not use user groups? Then change the access levels |
| |
|
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Mon Apr 05, 2004 3:32 pm |
|
In response to this topic: My Privy
http://www.netflake.com/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=19
Description: Requires a htaccess password protected directory somewhere. Need not be on the local server. This is not very secure! You have been warned.
Not the most useful module but...
Here goes.
Edit the modules\My_Privy\language\lang-english.php
and any other lang files you add.
All configuration is done in the language file.
My Privy:
Supports ftp:// and http:// urls that can be
formatted like this:
http://user:pass@www.yourdomain.xxx
ftp://user:pass@www.yourdomain.xxx
Note* I didn't add a graphic check so its best
to only allow resistered users to access this mod.
I have only tested on PHPNuke 6.0 but since there
are no db calls or member functions it should be fine for newer versions.
If not let me know and I'll fix it. But I've no desire
to install a newer version of PHPNuke to test on if its
not needed.
If there is any demand this could be done in conjuntion with a port of Only registered users can see links on this board! Get registered or login!
But since I have no use for it I won't bother with it unless someone can demonstrate a real need for it that would be useful to others.
sixonetonoffun
http://www.netflake.com |
| |
|
|
|
|
Achaean
|
| Posted:
Mon Apr 05, 2004 6:47 pm |
|
ok but there is only one problem, I dont want registered members to see the page, just certain people i know, thats why I want to create a login, with just one username and password, this is to be on a seperate page and not included in my forums or anything, is there no simple way to do this? |
| |
|
|
|
|
Raven
|
| Posted:
Mon Apr 05, 2004 6:55 pm |
|
A couple of alternate approaches.
1. - Create an 'easter' egg. Then, only tell those special people where to find it  . When they do, they click on it and expose the special page.
2. - Modify blocks/block-module.php to check the username/id and if it's your special one, then display the link in the Site Navigation block. |
| |
|
|
|
|
Achaean
|
| Posted:
Mon Apr 05, 2004 7:00 pm |
|
yea but I wanted to do a login page, something a bit better looking, is there no code for a simple login code, to go to a hidden page? I dont need the hidden page secure itself, just ill hide it and link the login to it |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Apr 05, 2004 7:15 pm |
|
If that is all you wanted what was the point with the login script at all? Make an index.html drop into an htpasswd protected directory and your done.
The form just sends the info in the url instead of having the generic popup prompt.
I figured if you had a fancy indexed directory this would work nicely. I miss understood your intent. I thought you had some pix or files (Huge directory of files) and didn't want to hassle with entering them into a database.
So I guess if you only give us half the problem you only get half the answer or in this case several answers.
Simple login scripts... see google there are many in fact I even posted one not long ago. This won't run on versions of MySQL older then 4.1 but if you'd like your welcome to look at it. This is just a demo no extras just a "Simple" login script with a simple demo index.php:
http://www.netflake.com/modules.php?op=modload&name=Downloads&file=index&req=getit&lid=18 |
| |
|
|
|
|
Achaean
|
| Posted:
Mon Apr 05, 2004 9:13 pm |
|
ok i did your myprivvy module, and I was having a small problem with it i edited the file in the language folder, and got that set, but its saying file not found and such, how do i configure the htaccess page? just what do i need to do other than change the language files to get it working? |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Apr 05, 2004 9:59 pm |
|
|
|
|
|
Raven
|
| Posted:
Mon Apr 05, 2004 10:20 pm |
|
I really think you're making this WAY more complicated than it needs to be. Why not make your 'special' page a module that is active but hidden? Then, just tell your private group the hidden module's name? You could even add code to the module to only allow those certain users access in the event it gets compromized. |
| |
|
|
|
|
Achaean
|
| Posted:
Tue Apr 06, 2004 6:46 am |
|
well i was thinking about that, but i didnt want to post the link to the hidden module, instead i wanted everyone to know that we do have a tactics page, but only clan members can access it so, thats why i want to do a login page, but it seems to be obviously a little more complicated for just 1 user and a password |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 06, 2004 6:51 am |
|
It really is not hard to do. It's just understanding exactly what you are trying to do that is causing all the chatter. I still contend just create a clone of the nuke login block and modify it to call up the tactics page instead of the news module. |
| |
|
|
|
|
Achaean
|
| Posted:
Tue Apr 06, 2004 4:57 pm |
|
are you talking about the login to the forums? |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 06, 2004 5:01 pm |
|
No. The login block that comes with nuke, or any login block that anyone has. Just clone it, rename it, and modify it to point to your 'secret' page instead of News or whatever. |
| |
|
|
|
|
Achaean
|
| Posted:
Tue Apr 06, 2004 8:11 pm |
|
ok heres what i decided to do, I found a javascript code in a tutorial with this code, ive inserted it and also edited the robots to do its task also, but for some reason once again i get an error, this is just in one page, the index, and I was wondering if any of you knew a small coding error i made or something to make it,
Code:<?php
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
include("header.php");
?>
<html>
<head>
<title>1stAD Tactics Center</title>
<META HTTP-EQUIV="Robots" NAME="Robots"
CONTENT="noindex, nofollow">
<!-Function which provides the page if the visitor gets the password right->
<Script Language="JavaScript">
<!-Hide from non-JavaScript Browsers
function correct() {
document.write("<html><head><title>Password Correct!</title></head><body bgcolor='#ffffff'><center><font color='#000000' face='arial' size='4'>
Welcome to the 1stAd Tactical Center."+"<p><a href='http://www.1staxis.com/modules.php?name=Donations'><font color='#0000ff' face='arial' size='2'>
Click here to enter the private area.</a>"+"</p></center></body></html>");
document.close();
}
<!-Error function if visitor gets the password wrong->
function error() {
document.write("<html><head><title>Password Incorrect!</title>
</head><body bgcolor='black'>"+"<font color='#ffffff' size='5' face='arial'>"+"
<center><h1>Oops!</h1><br><b>
Invalid Password - <b>"+password+"</font><br><br>
<font color='#ffffff' size='3' face='arial'>Click Try Again to have another go or Close to give up.</font><br><br>
<input type='button' value='Try Again' onClick='self.location.reload()'>
<BR><BR>"+"<input type='button' value='Close' onclick='window.close()'></body></html>");
document.close();
}
// Stop hiding->
</script>
</head>
<body bgcolor="#ffffff">
<!- Password function ->
<script>
<!-Hide from non-JavaScript Browsers
var password = prompt("Please enter your password:","");
// FIRST PASSWORD
switch(password){
case"google" : window.location="javascript:correct()"
break ;
//SECOND PASSWORD
case"greatland" : window.location="javascript:correct()"
break ;
//ERROR MESSAGE IF PASSWORD IS INCORRECT
default : window.location="javascript:error()"
break ;
}
//Stop hiding->
</script>
</body>
</html>
<?php
include("footer.php");
?>
|
This is everything in my module, i have also added this in my robots file,
Code:Disallow /cgi-bin/
Disallow /passpage.htm
|
can anyone help? |
| |
|
|
|
|
Achaean
|
| Posted:
Wed Apr 07, 2004 5:36 pm |
|
does anyone know why this wont work on phpnuke is it a simple error or something? |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Wed Apr 07, 2004 6:27 pm |
|
This line
<!-Hide from non-JavaScript Browsers
is wrong just delete it or add a space after the dash
There is another error which I didn't hunt down. |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Wed Apr 07, 2004 6:47 pm |
|
Ok here's the deal. All your code was word wrapped thats whats wrong I think. If you look at this line:
Code:
document.write("<html><head><title>Password Incorrect!</title> </head><body bgcolor='black'>"+"<font color='#ffffff' size='5' face='arial'>"+" <center><h1>Oops!</h1><br><b> Invalid Password - <b>"+password+"</font><br><br> <font color='#ffffff' size='3' face='arial'>Click Try Again to have another go or Close to give up.</font><br><br> <input type='button' value='Try Again' onClick='self.location.reload()'> <BR><BR>"+"<input type='button' value='Close' onclick='window.close()'></body></html>");
|
Should all be one line does that make sense?
I fixed all those and stripped the comments out and it works "ok" without errors. |
| |
|
|
|
|
Raven
|
| Posted:
Wed Apr 07, 2004 8:38 pm |
|
From the office of the painfully obvious
Please tell me you are not serious about using this script? In the event you are, I would also suggest that you have an opening banner that says something like
Greetings to all would be crackers out there. I cordially invite you to not only break in to my secret page but also to hack me in any other way you can. Also, please pass this along to every cracker and script kiddie that's out there. Thanks so much!
p.s. I don't believe anything I've ever read about javascript's insecurity. |
| |
|
|
|
|
Achaean
|
| Posted:
Wed Apr 07, 2004 9:44 pm |
|
hehe alright i found another script from the web, and just for you Raven hehe, Ive heavily encrypted the data, so its pretty much a tough one to break, anyway hehe thanks for your guys help. BTW, hehe its not javascript. hard for anyone to break it hehe   |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
