• 0

HTML Password Form


Question

EDIT: Problem solved, thanks Hackersoft MS MVP.

EDIT 2: Problem was only solved locally. See this post.

I'm having trouble with a Javascript pop up box not appearing on Internet Explorer. I have tested it with IE7 and IE8 with no success. It works on Firefox 3.6.3 and Opera.

On internet explorer this yellow bar appears;

282fhqr.png

However, once clicked and given temporary permission the page reloads not showing the pop up box and the yellow bar is still present.

I have re-created the situation here;

http://html.comuf.com/

problem.html is the page I need help on. The correct password is real which redirects you to real.html.

I am open to using new scripts but this line/function is crucial;

location.href= password + ".html";

This problem is for a friend of mine who does design work, his client is having trouble with this.

Link to comment
Share on other sites

Recommended Posts

  • 0

No URL, no help.

In order to figure out an issue with code, people need to see the site in its entirety. A screenshot it useless.

Link to comment
Share on other sites

  • 0

I do not have permission to give it out. Why does the URL matter? I've added in the scipt. I apologize if I seem ignorant, but I'm sure this can be solved without giving out the private URL.

Link to comment
Share on other sites

  • 0

You added the script ~after~ I posted, so nice try playing that off--I get emails of all new threads made in here which I why I replied so fast.

A URL matters so we can see ~all~ code used. That and a URL is never private. It's a public domain name. lol.

That's like me telling you my car won't start but I won't bring it in and I want you to fix it based off of my "it won't start" comment.

Anyway, is that script snippet you included the ONLY item he's using for a password prompt? Why not tell him to utilize .htaccess authorization instead: http://www.htaccesstools.com/htaccess-authentication/ if he will just have users utilize one password throughout.

Link to comment
Share on other sites

  • 0

First thing I see is that he's using just prompt and it should really be window.prompt. Not sure if that will cure it though as not really enough details.

Another thing btw. If he's accepting passwords in Javascript using prompt then there is no way I'd go to that site. Extremely unsafe.

Link to comment
Share on other sites

  • 0

Well, just noticed "passwod" is spelt wrong. Also noticed when the IE security settings are lowered it works fine, but clicking the yellow bar to temp. allow it doesn't work.

EDIT: Making it window.prompt worked in allowing the script to run after clicking "temporarily allow".

Are there any alternatives to using JS that are more secure and don't scare the private users due to the IE yellow bar?

Link to comment
Share on other sites

  • 0

Turns out it was only solved locally and the pop up was being generated from Windows Explorer rather than Internet Explorer. See pic below.

1051jwx.png

He is no longer absolutely needing to use this script, he didn't even create it his client did who evidently doesn't know so much about web programming. Unfortunately neither does he or myself, although I may have sparked an interest in me. I have created this test site which uses identical coding.

I noticed this line in particular;

location.href= password + ".html";

I'd like to keep something like that because if it were changed it would greatly inconvenience the client.

Here is the test site

http://html.comuf.com/

problem.html is the page I need help on. The correct password is real which redirects you to real.html.

IT WORKS ON EVERYTHING BUT IE (Tested 7 + 8)

On Internet Explorer the page triggers a scripted window warning (yellow bar) and asks to temporarily allow the website to be allowed. However, even when temporarily allowed the pop up box does not pop up and the yellow bar comes back.

Link to comment
Share on other sites

  • 0

Hi guys,

I've given up trying to use a JS prompt as IE hates it, so I decided to use a form instead.

This is what I have so far:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Company Name</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head> 

<body>
<form name="input" action="http://www.google.ca" method="get">
Please Enter Your Password:
<input type="password" name="user" />
<input type="submit" value="Submit" />
</form> 


</body>
</html>

The part I am working on is line 10;

<form name="input" action="http://www.google.ca" method="get">

Google is just there as a place holder. What I really want to happen is the user's password is redirected to there password.html.

So if password was blue they would be redirected to blue.html

The equivilant is JS was

location.href= password + ".html";

Huge thanks to whoever can help me with this.

Link to comment
Share on other sites

  • 0

Thanks for the link, but it seems like overkill for this task.

Is there no alternative option for something simple like this? User enters password, gets redirected to [PASSWORDTHEYENTERED].html ?

Link to comment
Share on other sites

  • 0

I think so. If JS is behaving badly in IE, try to use an open source JS library. I think most of them work well with IE.

If you can't use that, then go for a dynamic language.

Link to comment
Share on other sites

  • 0

To do this in Javascript you would need to hook a JS function up to the click event of your submit button. Read the value in the password textbox then basically do your location.href statement.

Why are you redirecting to a "password".html page is beyond me. It's a massive security risk (your password is in the url). Also doing anything with passwords in Javascript is extremely bad as anyone can look at your JS code and exploit it.

Link to comment
Share on other sites

  • 0

I think so. If JS is behaving badly in IE, try to use an open source JS library. I think most of them work well with IE.

If you can't use that, then go for a dynamic language.

Honestly I don't even know what either of those are. I Google'd them both and they didn't actually breakdown what each was. This really is a lot more complicated than I thought it would be :p

Then go back to your original thread and read my reply on htaccess authorization. :whistle:

I only need a password field, no usernames. Also, requiring telent is too much to ask for the company to use as they are not the technical type, can barley use a FTP program.

I may have to end up just displaying a picture tutorial for users to add the site to their trusted sites :crazy:

To do this in Javascript you would need to hook a JS function up to the click event of your submit button. Read the value in the password textbox then basically do your location.href statement.

Why are you redirecting to a "password".html page is beyond me. It's a massive security risk (your password is in the url). Also doing anything with passwords in Javascript is extremely bad as anyone can look at your JS code and exploit it.

Everything I have tried in JS IE has disallowed or showed a warning asking to temp allow, that doesn't go away. This isn't exactly private information. It directs the user to the page where their paid for text or images are where they can save it. I assume the .html file is deleted at a later date.

Link to comment
Share on other sites

  • 0

Not sure if this helps, but here's the HTML code and JS code. I feel its bad practice but oh well.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<title>Company Name</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<script type="text/javascript" src="https://www.google.com/jsapi"></script>
		<script type="text/javascript">
			google.load("jquery", "1.4.2");
		</script>
		<script>
		$(document).ready(function(){

			$('#submit').click(function(){
				location.href = $('#user').attr('value')+'.html';
			});

		});
		</script>
	</head>
	<body>
		Please Enter Your Password:
		<input type="password" name="user" value="" id="user"/>
		<input type="submit" value="Submit" id="submit" />
	</body>
</html>

  • Like 1
Link to comment
Share on other sites

  • 0

Thanks a lot. I really appreciate it. As mentioned above it isn't storing any crucial confidential information.

I'm now going to study what you just did and get learning so next time an annoying kid comes to Neowin wanting everyone to solve his own problems I can help him :shiftyninja:

Link to comment
Share on other sites

  • 0

I think php is the way to go here.

http://www.tizag.com/phpT/forms.php

Your form would call a php file passing the password along through POST. You would name your text field "password." When the user clicks the submit button, it will send "password=blue" along with the call to the php file.

From within the php file you can call the value for "password" :

$password = $_POST['password'];

You can then compare the value of $password to decide what to display:

if ($password == "blue")
{
     include('blue.html');
}

Link to comment
Share on other sites

  • 0

I think php is the way to go here.

http://www.tizag.com/phpT/forms.php

Your form would call a php file passing the password along through POST. You would name your text field "password." When the user clicks the submit button, it will send "password=blue" along with the call to the php file.

From within the php file you can call the value for "password" :

$password = $_POST['password'];

You can then compare the value of $password to decide what to display:

if ($password == "blue")
{
     include('blue.html');
}

Is it dynamic? Is there a command allowing for whatever the user types + .html? Because that is what makes it simple for the Admin. Having to add a line of code each time vs. uploading a new html file would be much harder.

Link to comment
Share on other sites

  • 0

Is it dynamic? Is there a command allowing for whatever the user types + .html? Because that is what makes it simple for the Admin. Having to add a line of code each time vs. uploading a new html file would be much harder.

if($_POST['pass']) {

header("Location: ".$_POST['pass'].".html");

}

  • Like 1
Link to comment
Share on other sites

  • 0

Just curious, why would you want the html file to have the password as name? :o

I didn't set up their system of providing customers with their resources, I'm just trying to keep it in place without having to change too much. Their choice.

It's out of convenience. They give customer 123 the password of abc and upload abc.html. Customer goes home, types abc and gets his paid for articles or text.

Link to comment
Share on other sites

  • 0

What's the point of a password if it's going to be dynamic and not depend on a username?

Its complicated. No one else knows the user name, so username functions as the magic word. :p

Link to comment
Share on other sites

  • 0

I think php is the way to go here.

http://www.tizag.com/phpT/forms.php

Your form would call a php file passing the password along through POST. You would name your text field "password." When the user clicks the submit button, it will send "password=blue" along with the call to the php file.

From within the php file you can call the value for "password" :

$password = $_POST['password'];

You can then compare the value of $password to decide what to display:

if ($password == "blue")
{
     include('blue.html');
}

if($_POST['pass']) {

header("Location: ".$_POST['pass'].".html");

}

Is the primary reason for using PHP over the HTML version due to security? The PHP version is much safer?

Link to comment
Share on other sites

  • 0

Is the primary reason for using PHP over the HTML version due to security? The PHP version is much safer?

That and flexibility.

For example, we only redirect/include the file if its found:

<?php
if($_POST['submit']) {
	//Search for all HTML files in the folder and store it in an array
	$files = glob("*.html");

	//Get the filename from the form and add the .html extension.
	$filename = $_POST['pass'].".html";

	//Check if there are matches
	if(in_array($filename, $files)) {
		//Send a user to the HTML file
		header("Location: ".$filename);

		// Or include it
		//include $filename;
	}
	else {
		//Nothing
		echo '404';
	}
}
?>
<form method="post" action="">
	Please Enter Your Password:
	<input type="password" name="pass" value="" />
	<input type="submit" name="submit" value="Go!" />
</form>

  • Like 2
Link to comment
Share on other sites

This topic is now closed to further replies.