Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
11-27-2012, 12:18 PM #1
- Join Date
- Nov 2012
- manchester, UK
- Thanked 0 Times in 0 Posts
Password/Login - single input multiple output
Is it possible to have like a password input field, but instead of it just checking if the password is correct or not I want it to be able to accept multiple inputs but redirect to different but specific hidden webpages.
For example if I have a client website and serviing new clients. I want there to be a single input field, but depend on the correct code that is put in it directs the user to different webpages. For example if I give John Smith access code: zx12345, and David Roberts access code: er9876 and Barry Bobs access code: byt35f.... etc etc... When they go to a login page they enter their given unique access code and it directs the user to their private page. There is only one input field for all/any login requests. Invalid codes should be given a "invalid code - please contact website admin" or redirected to a similar error page.
It could be possible that the access code is simply the webpage url, eg when John Smith enters zx12345 that the browser is redirected to http://xxxx/zx12345.html however, ideally it should be encripted such as:
Any coding whiz kids out there that can help, would be appreciated.
11-27-2012, 02:47 PM #2
- Join Date
- Apr 2012
- St. Louis, MO
- Thanked 101 Times in 101 Posts
If anyone knows of a website that can offer ColdFusion help that isn't controlled by neurotic, pedantic jerks* (stackoverflow.com), please PM me with a link.
* The neurotic, pedantic jerks are not the owners; just the people who are in control of the "popularity contest".
Users who have thanked WolfShade for this post:
11-27-2012, 02:50 PM #3
- Join Date
- Jun 2002
- London, England
- Thanked 2,573 Times in 2,551 Posts
I am sorry to say that this, although perfectly possible, is completely insecure and a waste of time. Anyone can see the passwords (whether encrypted or not) and redirect urls simply with View Source. All log-ins should be carried out using server-side scripting.
Your best plan might be to give the web pages the same names as the users or their access codes. The user John Smith would be redirected to johnsmith.html. Access code abc123 would redirect to abc123.html. That is also insecure, but rather less insecure than anything where the redirect url is visible in the code. Your access codes should be at least 10 characters in length, and completely random (knowing one code does not allow you to guess another one).
Atr the end of the day security is a matter of how damaging it might be if an unauthorised user obtained access to your site. If money or its equivalent is involved you will need better security. Otherwise this ought to be sufficient.
All advice is supplied packaged by intellectual weight, and not by volume. Contents may settle slightly in transit.
Last edited by Philip M; 11-27-2012 at 02:52 PM.
All the code given in this post has been tested and is intended to address the question asked.
Unless stated otherwise it is not just a demonstration.