Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Nov 2012
    Location
    manchester, UK
    Posts
    4
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Question Password/Login - single input multiple output

    Hi,

    Is it possible to have like a password input field, but instead of it just checking if the password is correct or not I want it to be able to accept multiple inputs but redirect to different but specific hidden webpages.

    For example if I have a client website and serviing new clients. I want there to be a single input field, but depend on the correct code that is put in it directs the user to different webpages. For example if I give John Smith access code: zx12345, and David Roberts access code: er9876 and Barry Bobs access code: byt35f.... etc etc... When they go to a login page they enter their given unique access code and it directs the user to their private page. There is only one input field for all/any login requests. Invalid codes should be given a "invalid code - please contact website admin" or redirected to a similar error page.

    It could be possible that the access code is simply the webpage url, eg when John Smith enters zx12345 that the browser is redirected to http://xxxx/zx12345.html however, ideally it should be encripted such as:

    http://www.javascriptkit.com/epassword/index.htm


    Any coding whiz kids out there that can help, would be appreciated.

  • #2
    Regular Coder
    Join Date
    Apr 2012
    Location
    St. Louis, MO
    Posts
    985
    Thanks
    7
    Thanked 101 Times in 101 Posts
    Not purely JavaScript. You'd need a server-side language and a database, or it won't be secure.
    ^_^

    If anyone knows of a website that can offer ColdFusion help that isn't controlled by neurotic, pedantic jerks* (stackoverflow.com), please PM me with a link.
    *
    The neurotic, pedantic jerks are not the owners; just the people who are in control of the "popularity contest".

  • Users who have thanked WolfShade for this post:

    steveparkinson (11-27-2012)

  • #3
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,253
    Thanks
    203
    Thanked 2,557 Times in 2,535 Posts
    I am sorry to say that this, although perfectly possible, is completely insecure and a waste of time. Anyone can see the passwords (whether encrypted or not) and redirect urls simply with View Source. All log-ins should be carried out using server-side scripting.

    Your best plan might be to give the web pages the same names as the users or their access codes. The user John Smith would be redirected to johnsmith.html. Access code abc123 would redirect to abc123.html. That is also insecure, but rather less insecure than anything where the redirect url is visible in the code. Your access codes should be at least 10 characters in length, and completely random (knowing one code does not allow you to guess another one).

    Code:
    Enter Your Access Code <input type = "text" id = "acode" onblur = "redirect()">
    
    <script type = "text/javascript">
    
    function redirect() {
    var url = document.getElementById("acode").value.toLowerCase();
    url = url.replace(/[^a-z0-9]/gi,"");  // only letters and numbers allowed
    url += ".html";
    window.location.href = url;
    }
    
    </script>
    Also, have a look at http://www.codingforums.com/showthread.php?t=10114

    Atr the end of the day security is a matter of how damaging it might be if an unauthorised user obtained access to your site. If money or its equivalent is involved you will need better security. Otherwise this ought to be sufficient.

    All advice is supplied packaged by intellectual weight, and not by volume. Contents may settle slightly in transit.
    Last edited by Philip M; 11-27-2012 at 02:52 PM.

    All the code given in this post has been tested and is intended to address the question asked.
    Unless stated otherwise it is not just a demonstration.

  • Users who have thanked Philip M for this post:

    steveparkinson (11-27-2012)


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •