0

How can I add a client side JavaScript hashing function? I have created this function : 

<script type = "text/javascript">
function myHash(){
    var password = document.getElementById("password")
    var hash = '';
    for(i=0;i<password.length;i++){
        var temp = password.charAt(i).charCodeAt(0);
        temp = Math.pow(temp,5)%14;
        hash += String.fromCharCode(temp);
    }
    return hash;
}
</script>

Put this file in polls/static/polls folder.

Following is the HTML form :

<HTML>
<HEADER>
    {% load static %}
    <script type="text/javascript src = '{% static 'hashing.js' %}'"></script>
    <link rel="stylesheet" href="../../static/css/css.css">
    <TITLE>LOGIN</TITLE>
    <h1>POLLING APP</h1>
</HEADER>
<BODY>
        <h1>USER LOGIN :-</h1>
        <br />
        <br />
        <br />
        <FORM id="login_form" method="post" action="/login/user_login/" onsubmit="return myHash()">
        {% csrf_token %}
                Username:
                <input type="text" name="username" value="" id="username" size="50" />
            <br />
            <br />
                Password:
                <input type="password" name="password" value="" id="password" size="50" />
                <br />
                <br />
        <INPUT type="submit" name="submit" value="submit"/>
        </FORM>
</BODY>
</HTML>

The polls/views.py file is as follows :

from django.http import HttpResponse,  HttpResponseRedirect
from django.shortcuts import get_object_or_404, render
from .models import Question,  Choice
from django.urls import reverse
from django.template import RequestContext
from django.contrib.auth import authenticate, login, logout
#from django.template import loader

#def index(request):
 #   return HttpResponse("Hello world! you are at the polls index")
# Create your views here.
def index(request):
    print(request.user)
    latest_question_list = Question.objects.order_by('-pub_date')#[:5]
   # template=loader.get_template('polls/index.html'
    context={'latest_question_list':latest_question_list}
    return render(request,'polls/index.html',context)


def detail(request, question_id):
    #return HttpResponse("You're looking at question %s." % question_id)

    question=get_object_or_404(Question,pk=question_id)

    return render(request, 'polls/detail.html', {'question': question})
def results(request, question_id):

    question=get_object_or_404(Question,pk=question_id)
    return render(request,'polls/results.html',{'question':question})

def vote(request, question_id):
    print('something happened!')
    question=get_object_or_404(Question,pk=question_id)
    try:
        selected_choice = question.choice_set.get(pk=request.POST['choice'])
    except(KeyError):
        return render(request,'polls/detail.html',{'question':question,
                                                   'error_message':'you didn\'t select a choice'})
    else:
        selected_choice.votes+=1
        selected_choice.save()
    return HttpResponseRedirect(reverse('polls:results', args=(question.id,)))

def login(request):
    return render(request,'polls/login.html')


def user_login(request):
    context = RequestContext(request)
    print(context)
    if request.method == 'POST':
          username = request.POST['username']
          password = request.POST['password']
          print([username,password])
          user = authenticate(username=username, password=password)
          a=user.is_superuser

          if user is not None:
              if user.is_active:
                  login(request)
                  # Redirect to index page.
                  return HttpResponseRedirect("/login/polls/")
              else:
                  # Return a 'disabled account' error message
                  return HttpResponse("You're account is disabled.")
          else:
              # Return an 'invalid login' error message.
              print  ("invalid login details " + username + " " + password)
              #return render_to_response('login.html', {}, context)
              return HttpResponse('some shit happenned1')
    else:
        # the login is a  GET request, so just show the user the login form.
        #return render_to_response('login.html', {}, context)
        return HttpResponse('some shit happenned !!!')

def user_logout(request):
    logout(request)
    return HttpResponseRedirect('/login/')

I need to secure the password at client side using the myHash() function. I want the server to receive the encrypted password, decrypt it (I have the decryption function as well.) and authenticate the username and password.

halfer
  • 19,824
  • 17
  • 99
  • 186
Prakhar Singh Dhaila
  • 151
  • 1
  • 1
  • 5
  • 1
    This seems to have been answered here https://stackoverflow.com/questions/4121629/password-encryption-at-client-side Long story short it's not a good idea. – Richard Housham Jul 27 '17 at 15:24
  • I recommend encrypting using Forge Js : https://github.com/digitalbazaar/forge, and check this answer too https://stackoverflow.com/a/3716003/1690893 – A.Raouf Jul 27 '17 at 16:05
  • Isn't it just easier to implement a TLS connection using domain certificates? That will encrypt your whole page, any data that you send to it, and it will guarantee the integrity of your JavaScript pages too. If you just use JS to encrypt/hash your passwords, then a MITM attack would simply attack the JavaScript. – halfer Jul 28 '17 at 18:49
  • If you are sure you want to go down this road, then it's worth explaining what problem you are having specifically with this. As it stands, it is unclear what you're asking, or too broad. – halfer Jul 28 '17 at 18:51

0 Answers0