4 Replies Latest reply: Aug 27, 2009 12:37 PM by luadke RSS

    low level password not functioning properly. Help?

    luadke Community Member

      Hi,

       

      I do not mind if people can find the password in the code,

       

      but the problem I am having is that if the end user presses cancel on the dialogue box it re-appears again and again...

       

      or if i change the 'ct' to 0 - then people can bypass the password - which I don't want.

       

      The page is http://blackpaint.co.uk/BlackPaint09/films/

       

      This is the code

       

       

      <SCRIPT>
      var getPass = function(el){
        var ct = 2, thePrompt = 'Please Enter Your Password', theDefault = ' ', pw = '';
        while(ct-- && pw !== 'pass'){
          pw = prompt(thePrompt, theDefault);
          if(pw === null){ ct = 5; }
          thePrompt = 'Password Incorrect, Please Try Again';
          theDefault = 'Password';
        }
        if(pw === 'pass'){
          Shadowbox.open(el);
        }
        return false;
        history.go(-1);
      };
      </SCRIPT>
      
      

       

       

       

      many thanks for any help,

      Luke

        • 1. Re: low level password not functioning properly. Help?
          mans.laughter Community Member

          Hi Luke,

           

          The user action "Cancel" is equivalent to null and will always set ct = 5 each time. You can rewrite the code to do this (this is only 1 of many...):

          <!--
          var getPass = function(el){
            // set password attempts to 3
            var ct = 3, thePrompt = 'Please Enter Your Password', theDefault = ' ', pw = '';
            var correct = false; // flag - you can use a Boolean object instead

            while(ct-- && !correct){
              pw = prompt(thePrompt, theDefault);
              
              if(pw === 'pass'){
                // access granted
                correct = true;
              }else if(pw == null){
                // user pressed Escape key or clicked Cancel
                return false;
              }else{
                // wrong password entered - popup again maximum 2 more times and reset text
                thePrompt = 'Password Incorrect, Please Try Again';
                theDefault = 'Password';
              }
            }// end of loop
            if(pw === 'pass'){
              Shadowbox.open(el);
            }

            return false;
            history.go(-1);

          };
          // -->

           

          So I made the of ct = 3 to give the user 3 attempts and added the correct flag to indicate correct password, set to false. The conditions are:

          - if they got it right, the flag is set to true and end the while loop

          - if Cancel/Escape key is pressed, return false to the variable getPass and exit out of function

          - if they entered wrong password, try again 2 more times

           

          Then Shadowbox.open(el) executes if the password = pass

           

          The 2 lines in red means that the first of the two will be executed and not the second. If you want it to be history.go(-1) then replace all the return false with the history line (which will make the variable getPass not store anything as its an inline function).

           

          This is as much javascript as I remember due to sleep - I gotta brush up on it again. There are better methods to authenticate using javascript, or even PHP (due to your server configuration) if you wanted to learn more, but I just editied in the format you requested. Someone else can elaborate or give an example if they/you want.

           

          Lk.

           

          Message was edited by: Laust Kause  - spelling mistakes and lack of sleep :(

          • 2. Re: low level password not functioning properly. Help?
            luadke Community Member

            Thanks for your answer Laust, I appreciate the help,

             

            I tried to take in all that you said and have replace my code with yours. yet I still get  the same problems that.

             

            1. If the user presses cancel - it still opens up the shadowbox (the link that should be password protected)
            2. If the user gives no - or the wrong password three times then it still opens up shadowbox

             

            Can this be corrected?

             

            http://blackpaint.co.uk/BlackPaint09/films/

             

            Many thanks

            • 3. Re: low level password not functioning properly. Help?
              mans.laughter Community Member

              Hi Luke,

               

              This might be due to the way you have your function set up. You have it inside a variable, where you would normally have it in a function (ex: function test(el)). I'm not sure on how the script/code looks like to see the complete picture. If this script is inside the head tag and you want it to be the first thing the user sees. I modified the example to what should work for you:

              <html>
              <head><title>Unsecure page</title>
              <script type="text/javascript">
              <!--
              function getPass(el){
                // set password attempts to 3
                var ct = 3, thePrompt = 'Please Enter Your Password', theDefault = ' ', pw = '';
                var correct = false; // flag - you can use a Boolean object instead
                
                document.write("Count before loop: " + ct.toString() + "<br/>");
                while(ct-- && !correct){
                  pw = prompt(thePrompt, theDefault);
                   
                  if(pw === 'pass'){
                    // access granted
                    correct = true;
                    document.write("Password correct?: " + correct + "<br/>");
                  }else if(pw == null){
                    // user pressed Escape key or clicked Cancel
                    document.write("User cancelled login" + "<br/>");
                    return false;
                  }else{
                    // wrong password entered - popup again maximum 2 more times and reset text
                    thePrompt = 'Password Incorrect, Please Try Again';
                    theDefault = 'Password';
                    document.write("Password incorrect: " + correct + " Count: " +ct.toString() + "<br/>");
                  }
                }// end of loop
                if(pw === 'pass'){
                  window.location=el;
                }  
              }
              // -->
              </script>
              </head>
              <body onload="getPass('secure.html');">
              This is the unsecure page.
              </body>
              </html>
              
              
              

              Live example of code on dummy site: http://laustkause.awardspace.com/

               

              This does work (modified the code a bit more...). I replaced Shadowbox with a generic redirection function as I don't have Shadowbox.js. Again, can't really tell on how your using it, but the script does work. This script uses the document.write method to show what part of the code has been executed and can easilly be taken out.

               

              Lk.

              • 4. Re: low level password not functioning properly. Help?
                luadke Community Member

                Thanks for your help Laust,

                 

                I managed to get it working another way - but have now come into some problem with getting the shadowbox to be the right size - you'll notice it's really small

                 

                Any ideas??

                 

                Thanks,

                Luke