Code Forums - View Single Post

Redline · 06-13-2006, 11:33 AM

I got it to work with this code

HTML Code:

<script language="javascript" type="text/javascript" src="UserList.js"> </script>
<script language="javascript" type="text/javascript">
	function login() {
		var loggedin = false
		var userin = document.getElementById('user').value
		var passin = document.getElementById('pass').value
		for (i=0;i<users.length;i++) {
			if (userin==users[i][0] && passin==users[i][1]) {
				loggedin = true
				break
			} else {}
		}
		if (loggedin==true) {
			alert("yay")
		} else {
			alert("Wrong username/password")
		}
	}
</script>

Essentially specifying a source in a script tag seems to make it ignore everything within the opening/closing tags.

Now, using Javascript for user authentication is a major security problem. It's very easy for a user to view source, see where the user credentials are stored, and steal them. And your loggedin flag sits on the client. Seems too risky for me.

06-13-2006, 11:33 AM	#2 (permalink)
Redline PHP Student Join Date: Oct 2004 Location: Forest Grove, OR Posts: 150	I got it to work with this code HTML Code: <script language="javascript" type="text/javascript" src="UserList.js"> </script> <script language="javascript" type="text/javascript"> function login() { var loggedin = false var userin = document.getElementById('user').value var passin = document.getElementById('pass').value for (i=0;i<users.length;i++) { if (userin==users[i][0] && passin==users[i][1]) { loggedin = true break } else {} } if (loggedin==true) { alert("yay") } else { alert("Wrong username/password") } } </script> Essentially specifying a source in a script tag seems to make it ignore everything within the opening/closing tags. Now, using Javascript for user authentication is a major security problem. It's very easy for a user to view source, see where the user credentials are stored, and steal them. And your loggedin flag sits on the client. Seems too risky for me. __________________ Current Project