loginsysteempje
bl00d0script - 12/12/2008 18:39
Onbekend
ik heb een login systeempje in html samen met .js gemaakt. maar is het mogelijk om er een regristratie formulier bij te maken dat je alleen wachtwoord en gebruikersnaam invult. bijv vul je bij wachtwoord en gebruikersnaam: koekje . in. en dan vervangt ie dit in login.js:
username = new Array("u1","u2","u3","u4","u5","u6","u7","u8","u9","u10");
password = new Array("p1","p2","p3","p4","p5","p6","p7","p8","p9","p10");
username = new Array( "u1" , "u2" , "u3" , "u4" , "u5" , "u6" , "u7" , "u8" , "u9" , "u10" ) ;
password = new Array( "p1" , "p2" , "p3" , "p4" , "p5" , "p6" , "p7" , "p8" , "p9" , "p10" ) ;
Dat moet hij dan vervangen na het invullen naar:
username = new Array("koekje","u2","u3","u4","u5","u6","u7","u8","u9","u10");
password = new Array("koekje","p2","p3","p4","p5","p6","p7","p8","p9","p10");
username = new Array( "koekje" , "u2" , "u3" , "u4" , "u5" , "u6" , "u7" , "u8" , "u9" , "u10" ) ;
password = new Array( "koekje" , "p2" , "p3" , "p4" , "p5" , "p6" , "p7" , "p8" , "p9" , "p10" ) ;
17 antwoorden
Gesponsorde links
djb - 12/12/2008 19:14
PHP beginner
this wel een beetje hackbaar vind je niet?
Kan je het niet met php doen?
Want met JS is het gewoon bron bekijken en inloggen;)
BigBug - 12/12/2008 19:28
PHP expert
Login scripts behoor je te maken met serverside talen. En als je het dan toch zo nodig met js wilt encrypt het dan...
bl00d0script - 12/12/2008 19:34 (laatste wijziging 12/12/2008 19:40)
Onbekend
oke dit snap ik niet. heeft niet iemand gewoon een code?
@djb.
De javascript code versleutel ik. van:
<!-- Begin
function Login(form) {
username = new Array("u1","u2","u3","u4","u5","u6","u7","u8","u9","u10");
password = new Array("p1","p2","p3","p4","p5","p6","p7","p8","p9","p10");
page = "index2" + ".html";
if (form.username.value == username[0] && form.password.value == password[0] || form.username.value == username[1] && form.password.value == password[1] || form.username.value == username[2] && form.password.value == password[2] || form.username.value == username[3] && form.password.value == password[3] || form.username.value == username[4] && form.password.value == password[4] || form.username.value == username[5] && form.password.value == password[5] || form.username.value == username[6] && form.password.value == password[6] || form.username.value == username[7] && form.password.value == password[7] || form.username.value == username[8] && form.password.value == password[8] || form.username.value == username[9] && form.password.value == password[9]) {
self.location.href = page;
}
else {
alert("Either the username or password you entered is incorrect.\nPlease try again.");
form.username.focus();
}
return true;
}
// End -->
<!-- Begin
function Login( form) {
username = new Array( "u1" , "u2" , "u3" , "u4" , "u5" , "u6" , "u7" , "u8" , "u9" , "u10" ) ;
password = new Array( "p1" , "p2" , "p3" , "p4" , "p5" , "p6" , "p7" , "p8" , "p9" , "p10" ) ;
page = "index2" + ".html" ;
if ( form.username .value == username[ 0 ] && form.password .value == password[ 0 ] || form.username .value == username[ 1 ] && form.password .value == password[ 1 ] || form.username .value == username[ 2 ] && form.password .value == password[ 2 ] || form.username .value == username[ 3 ] && form.password .value == password[ 3 ] || form.username .value == username[ 4 ] && form.password .value == password[ 4 ] || form.username .value == username[ 5 ] && form.password .value == password[ 5 ] || form.username .value == username[ 6 ] && form.password .value == password[ 6 ] || form.username .value == username[ 7 ] && form.password .value == password[ 7 ] || form.username .value == username[ 8 ] && form.password .value == password[ 8 ] || form.username .value == username[ 9 ] && form.password .value == password[ 9 ] ) {
self.location .href = page;
}
else {
alert ( "Either the username or password you entered is incorrect.\n Please try again." ) ;
form.username .focus ( ) ;
}
return true ;
}
// End -->
naar:
<script>
<!--
document.write(unescape("%3C%21--%20Begin%0A%0Afunction%20Login%28form%29%20%7B%0Ausername%20%3D%20new%20Array%28%22bigcow1990%22%2C%22u2%22%2C%22u3%22%2C%22u4%22%2C%22u5%22%2C%22u6%22%2C%22u7%22%2C%22u8%22%2C%22u9%22%2C%22u10%22%29%3B%0Apassword%20%3D%20new%20Array%28%22dagmar1808%22%2C%22p2%22%2C%22p3%22%2C%22p4%22%2C%22p5%22%2C%22p6%22%2C%22p7%22%2C%22p8%22%2C%22p9%22%2C%22p10%22%29%3B%0Apage%20%3D%20%22index2%22%20+%20%22.html%22%3B%0Aif%20%28form.username.value%20%3D%3D%20username%5B0%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B0%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B1%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B1%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B2%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B2%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B3%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B3%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B4%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B4%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B5%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B5%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B6%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B6%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B7%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B7%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B8%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B8%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B9%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B9%5D%29%20%7B%0Aself.location.href%20%3D%20page%3B%0A%7D%0Aelse%20%7B%0Aalert%28%22Either%20the%20username%20or%20password%20you%20entered%20is%20incorrect.%5CnPlease%20try%20again.%22%29%3B%0Aform.username.focus%28%29%3B%0A%7D%0Areturn%20true%3B%0A%7D%0A%0A//%20End%20--%3E"));
//-->
</script>
< script>
<!--
document.write ( unescape( "%3C%21--%20Begin%0A%0Afunction%20Login%28form%29%20%7B%0Ausername%20%3D%20new%20Array%28%22bigcow1990%22%2C%22u2%22%2C%22u3%22%2C%22u4%22%2C%22u5%22%2C%22u6%22%2C%22u7%22%2C%22u8%22%2C%22u9%22%2C%22u10%22%29%3B%0Apassword%20%3D%20new%20Array%28%22dagmar1808%22%2C%22p2%22%2C%22p3%22%2C%22p4%22%2C%22p5%22%2C%22p6%22%2C%22p7%22%2C%22p8%22%2C%22p9%22%2C%22p10%22%29%3B%0Apage%20%3D%20%22index2%22%20+%20%22.html%22%3B%0Aif%20%28form.username.value%20%3D%3D%20username%5B0%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B0%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B1%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B1%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B2%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B2%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B3%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B3%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B4%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B4%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B5%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B5%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B6%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B6%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B7%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B7%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B8%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B8%5D%20%7C%7C%20form.username.value%20%3D%3D%20username%5B9%5D%20%26%26%20form.password.value%20%3D%3D%20password%5B9%5D%29%20%7B%0Aself.location.href%20%3D%20page%3B%0A%7D%0Aelse%20%7B%0Aalert%28%22Either%20the%20username%20or%20password%20you%20entered%20is%20incorrect.%5CnPlease%20try%20again.%22%29%3B%0Aform.username.focus%28%29%3B%0A%7D%0Areturn%20true%3B%0A%7D%0A%0A//%20End%20--%3E" ) ) ;
//-->
</ script>
Nu is ie niet meer af te lezen
Aar - 12/12/2008 19:42 (laatste wijziging 12/12/2008 19:43)
PHP interesse
Denk je...
urlencode in PHP does the trick to decode....
Mijn advies, ga serverside de controle doen.
bl00d0script - 12/12/2008 19:52
Onbekend
ik snap het niet meer...
Aar - 12/12/2008 19:53
PHP interesse
Wat snap je niet?
bl00d0script - 12/12/2008 20:01
Onbekend
hoe ik nou een aanmeld formulier maak en ik wil het gewoon met html omdat ik php niet in een layout krijg
Aar - 12/12/2008 20:16
PHP interesse
PHP niet in een layout?
PHP is serverside dus dat kan geen layoutproblemen geven.
Een HTML-inlogsysteme is gewoon makkelijk te kraken, omdat de gegevens al beken zijn bij de ontvanger, kwestie van bron weergeven et voila.
Ook met jouw 'decodering' die je hebt toegepast is het niet veilig, die is heel makkelijk terug te draaien, en helemaal niet bedoeld om dingen veilig te stellen.
Met de urlencode()-functie van PHP is dit een fluitje van een cent.
Ik raad gewooon aan om eens op www.w3schools.com PHP te leren en een inlogsysteem in PHP te bouwen ;). Dan is de inlogdata alleen op de server bekend, en daar heb jij en de serverbeheerder alleen toegang tot.
bl00d0script - 12/12/2008 20:20
Onbekend
wie wil nou een animatie studio kraken?
Aar - 12/12/2008 20:27
PHP interesse
Kraken vind ik zacht uitgedrukt?
En tja, als de wachtwoorden al voor het oprapen liggen, is er vast wel iemand die een kijkje wilt nemen achter de schermen.
bl00d0script - 12/12/2008 20:28
Onbekend
ja en? ieder zijn eigen manier toch:)
Aar - 12/12/2008 20:33 (laatste wijziging 12/12/2008 20:33)
PHP interesse
bl00d0script schreef:
ja en? ieder zijn eigen manier toch:)
Ja, jij anders maar lekker door.
Het is ONVEILIG... de wachtwoorden zijn in enkele seconden zo te vinden in je broncode...
Wat is nou de moeite om PHP te gaan leren een een veilig inlogsysteem te maken?
BigBug - 12/12/2008 20:37
PHP expert
Ik weet wel dat ik me nooit op een website van jou ga registreren...
Aar - 12/12/2008 20:38
PHP interesse
BigBug schreef:
Ik weet wel dat ik me nooit op een website van jou ga registreren...
En ook dat kan niet makkelijk, zonder PHP te gebruiken.
Gesponsorde links
Dit onderwerp is gesloten .