1


I need a login to let 10 students to view educational material. Simple is good.

Perhaps it just redirects to a page if student logs in correctly. Can you send me a link or example, or best tutorial?

I was told JavaScript alone doesn't work, so the next simplest thing is preferred. If there's an example where I don't have to rename all of my pages 'php', that would be better.
Thanks,

DisEngaged
  • 219
  • 5
  • 13
  • 9
    You can't really do logins in javascript alone. It would be ridiculously easy to bypass. – Brandon Mar 21 '11 at 19:15
  • There's no such thing as minimal security sites, I guess. I was afraid it was a ridiculous question, but I didn't want my client to have to rename all of their pages, if I went with php. – DisEngaged Mar 21 '11 at 19:22
  • 2
    Without knowing what server software you're using I can't link to an example, but Basic Authentication sounds like what you need. It can be used to protect any files, regardless of type or name, and may be quick and easy to set up depending on your server. http://en.wikipedia.org/wiki/Basic_access_authentication – Zikes Mar 21 '11 at 19:26
  • @Brandon actually there is a way which is not so ridiculous. It`s "security by obscurity" method. For example the password is the name of the page where you should go, and just pass it to location.assign(). Vulnerable to dictionary attack. Not much of a protection method though. – Bakudan Mar 21 '11 at 19:44
  • why not to configure authentication in web-server instead? – Free Consulting Mar 21 '11 at 21:04

4 Answers4

1

I used this when I was learning to do secure logon using PHP.

http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/1/

Found it quite helpful.

Vinnyq12
  • 1,519
  • 9
  • 9
  • just remember the article is 7 years old, quite a few things have changed. –  Mar 21 '11 at 19:41
  • 1
    I cannot in good conscience promote the above _very_ outdated tutorial. Don't use MD5 to "encrypt" (read _hash_) passwords. See [this answer](http://stackoverflow.com/questions/1581610/help-me-make-my-password-storage-safe/1581919#1581919) for more secure solutions. – sholsinger Mar 21 '11 at 19:44
1

Simple...

Create a file called functions and insert the following:

session_start();

$_GLOBALS['users'] = array(
    //'username' => 'password'
    'robert' => 'my_pass'
);

function isAuthed()
{
    if(empty($_SESSION['logged_in']))
    {
        if(!empty($_REQUEST['username']) || !empty($_REQUEST['password']))
        {
            if(isset($_GLOBALS['users']) && is_array($_GLOBALS['users']))
            {
                if(isset($_GLOBALS['users'][$_REQUEST['username']]) && $_GLOBALS['users'][$_REQUEST['username']] === $_REQUEST['password'])
                {
                    $_SESSION['logged_in'] = true;
                    return true;
                }
            }
        }
    }else
    {
        return true;
    }
    return false;
}

and then in your secured pages just do:

if(!isAuthed())
{
    die("You're not authorized to see this page");
}

and on your login page just create a form that sends the username, password to the an area of your site that your authorizing

Note: This is not copy and past'able code, this is for example purposes only.

LRE
  • 956
  • 1
  • 10
  • 15
RobertPitt
  • 56,863
  • 21
  • 114
  • 161
0

It depends on exactly what you're trying to do. If you want a pure-JS login system, you could do something fairly simple like XOR'ing a redirect page with a password, storing that in the page and then XOR'ing it again when they type in a password.

If you want an actual login-system, you need a back-end running some server (perhaps Node.js if you're trying to learn JavaScript), some type of database (e.g. MySQL), users stored in that database.

The front-end javascript might be responsible for validating the login via ajax. Using jQuery, something like:

function validateLogin(user, pass, successCallback, errorCallback){
    $.get('/login', {user: user, pass:pass}, function(data){
        if(data.status == 'success'){
            successCallback();
        }else{
            errorCallback();
        }
    }
}
0

You could possibly "do" it with JavaScript if you did some kind of AJAX function which called a php page, and then returned your value. This could work, and it's how a lot of sites do their logins actually. So, your client wouldn't have to rename their site, and you could just set up an array of logins on the php page.

This would NOT be secure at all, but it would work just fine.

I guess you would do something like this (I'm going to use jQuery because it's easier to do Ajax with it. It's really easy to use, and if you're going to learn Javascript, it's probably better nowadays to know the basics and then use a framework library like jQuery)

$(document).ready(function(){
  $("#NAME-OF-SUBMIT-BUTTON").submit(function(){
    var username = $(this).find("#username");
    var password = $(this).find("#password");
    $("NAME-OF-DIV-FOR-RETURN").load('login.php', {['parameters']:,[username,password]},function(responseText){
      if(responseText == 'SUCCESSFUL-RESPONSE-TEXT'){
        $("#NAME-OF-FORM").html("Login Successful");
      }
    });
  });
});

and of course you're going to want to set a session variable or cookie or something on your php page to indicate the user has logged in. Again, this is not very secure, but it's what I would do if it were like a homework assignment or just SUPER temporary. Of course, I would suggest making hard-coded usernames and passwords in an array on your original page in PHP with a postback to itself if you were going to go that temporary. Using Javascript and Ajax for this just seems like a bit much.

But, you requested it!

Ryan
  • 970
  • 15
  • 36