password textbox

infinitylimit · #11 (**permalink**) 06-07-04, 08:10 PM

I think security isn't such a huge issue you can do this.

<script type="javascript">
function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}

function check_md5(s){
if (hex_md5(s) == "YOUR MD5 HERE"){
window.location = s + .html?";
}
else{
return false;
}
}
function echo_md5(s){
alert(hex_md5(s));
}
</script>

Then in your html do this
<form onSubmit="echo_md5(this.password.value);">
<input type="text" name="password">
<input type="submit" value="generate MD5">
</form>

After using the above replace the YOUR MD5 HERE with what the alert box says. Also name your secondpage the name of your password.

Then make your passform and put onsubmit="check_md5(this.password.value);"

This will stop most.... code wasn't tested but the prinicple should work.

-IL

infinitylimit · #12 (**permalink**) 06-08-04, 11:41 AM

I was bored enough to make a working demo of this.

http://clients.infinitylimit.com/demos/md5password.htm

neozen · #13 (**permalink**) 06-16-04, 02:08 PM

as someone said using this:

<?
$password = "whatever";

if ($password == "$password"){

header("Location: http://mysite.com/secret.php");
}
else{
echo "sorry wrong pasword, please try again";
}
?>

may alow access to secret.php and therefore be unusefull.
the thing is if instead of redirecting you @requireonce() the secret page it's uri will be parsed by php and never revealed in the adress bar.

guess that might work.

darkcarnival · #14 (**permalink**) 06-16-04, 10:51 PM

well you can add a if clause that asks to see if your a admin or a member or whatever.

ShadowCat · #15 (**permalink**) 07-07-04, 09:56 AM

I just thought of this, and am not sure it would work. You could do

Code:

<html>
<head>

<script src="ext"></script> 
<SCRIPT Language="JavaScript">
var passwd;

function protect(passwd) {
if (passwd==PASSWORD) {
window.location=RIGHTPAGE;
}
else {
window.location=WRONGPAGE;
}
}
</SCRIPT>
</head>
<body>
<form name="protected">
<input type="password" name="inputPwrd"></input>
<input type="button" name="enter" value="Enter" onClick="javascript:protect(document.protected.inputPwrd.value)"></input>
</body>
</html>

Then you would create a .txt file that says:

Code:

PASSWORD = "thepass";
RIGHTPAGE = "goodlocation";
WRONGPAGE = "badlocation";

and name name it ext.txt

This is very low security, but you could protect the page, so that no one could look at it. Whether getting info from a protected txt file would work, i'm not sure. That would give a decent amount of security, and I doubt anyone would know how to crack it with your audience.
Hope that helps!

PaYcE--->
-=Shadow*Cat=-