Mercurial > rlmcintyre
comparison BoosterPack/logintets/login.html @ 0:0d795f02a8bb tip
initial committ. what was I thinking?
| author | Robert McIntyre <rlm@mit.edu> |
|---|---|
| date | Mon, 27 Sep 2010 16:57:26 -0400 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:0d795f02a8bb |
|---|---|
| 1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" | |
| 2 "http://www.w3.org/TR/html4/loose.dtd"> | |
| 3 <html> | |
| 4 <head> | |
| 5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> | |
| 6 <title>AJAX Login System Demo</title> | |
| 7 <script src="md5.js" type="text/javascript"> | |
| 8 // javascript md5 encoder originated from <http://pajhome.org.uk/crypt/md5/> | |
| 9 // used under license as outlined at <http://pajhome.org.uk/site/legal.html> | |
| 10 // Copyright (c) 1998 - 2002, Paul Johnston & Contributors | |
| 11 // All rights reserved. | |
| 12 </script> | |
| 13 <script src="xml_http_request.js" type="text/javascript"> | |
| 14 // xml http request script modified slightly from that found at | |
| 15 // <http://www.webpasties.com/xmlHttpRequest/index.html>, which is | |
| 16 // Copyright 2005 Bill Bercik. | |
| 17 </script> | |
| 18 <script src="login_controller.js" type="text/javascript"></script> | |
| 19 <script src="login_presentation.js" type="text/javascript"></script> | |
| 20 <link rel="stylesheet" href="login.css" type="text/css" /> | |
| 21 </head> | |
| 22 | |
| 23 <body> | |
| 24 | |
| 25 <h1>AJAX Login System Demo</h1> | |
| 26 <strong>Creating a secure login system using XMLHttpRequest</strong> | |
| 27 | |
| 28 <p>This is an example of a login system that does not require page refreshes, but is still very secure. Valid | |
| 29 usernames and passwords for this demo are user1/pass1 and user2/pass2. Try these, and also incorrect passwords | |
| 30 to see the results.</p> | |
| 31 | |
| 32 <p>Please note that this is not a functional form, your input will not go anywhere. It is solely for demonstrating | |
| 33 an XMLHttpRequest login system in javascript.</p> | |
| 34 | |
| 35 <h2>Advantages</h2> | |
| 36 <ul> | |
| 37 <li>User does not need to refresh the page to login.</li> | |
| 38 <li>User is notified <em>instantly</em> on incorrect username/password combination.</li> | |
| 39 <li>Overall user experience is more seamless.</li> | |
| 40 <li>Password is not sent in plain text <em>ever</em> (more secure than traditional system).</li> | |
| 41 <li>Javascript convenience with server-side security (uses PHP/MySQL).</li> | |
| 42 <li>Uses one-time use random seed to hash the password before sending (making interceptions useless).</li> | |
| 43 </ul> | |
| 44 | |
| 45 <h2>Disadvantages</h2> | |
| 46 <ul> | |
| 47 <li>System is more prone to brute force attacks. | |
| 48 <ul><li>Can be minimized by adding a delay after a certain number of attempts per username or per client.</li></ul></li> | |
| 49 <li>User may expect a login button. | |
| 50 <ul><li>One could still be added without reloading the page.</li></ul></li> | |
| 51 <li>Older versions of Safari cannot disable a password field.</li> | |
| 52 <li><strong>This code uses the MD5 encryption algorithm, which has since been proven to be less secure than previously thought. If you use this code, I strongly recommend you switch to a more secure encryption algorithm, such as SHA-1.</strong> For sites were security is not crucial, MD5 should suffice.</li> | |
| 53 </ul> | |
| 54 | |
| 55 <h2>Demonstration</h2> | |
| 56 | |
| 57 <div id="post_comment"> | |
| 58 <form action="post" onSubmit="return false"> | |
| 59 <div id="login" class="login"> | |
| 60 <label for="username">Username: </label> | |
| 61 <input type="text" name="username" id="username" size=20> | |
| 62 <label for="password">Password: </label> | |
| 63 <input type="password" name="password" id="password" size=20> | |
| 64 <p id="message">Enter your username and password to log in.</p> | |
| 65 </div> | |
| 66 <label for="comments">Comments:</label> | |
| 67 <textarea rows="6" cols="80" id="comments"></textarea> | |
| 68 </form> | |
| 69 </div> | |
| 70 | |
| 71 <h2>Source</h2> | |
| 72 <ul> | |
| 73 <li><a href="login.html">login.html</a></li> | |
| 74 <li><a href="login.css">login.css</a></li> | |
| 75 <li><a href="login_controller.js">login_controller.js</a></li> | |
| 76 <li><a href="login_presentation.js">login_presentation.js</a></li> | |
| 77 <li><a href="xml_http_request.js">xml_http_request.js</a></li> | |
| 78 <li><a href="md5.js">md5.js</a></li> | |
| 79 <li><a href="login.phps">login.php</a></li> | |
| 80 </ul> | |
| 81 | |
| 82 <h2>Questions</h2> | |
| 83 <p><strong>Can I copy your code?</strong><br> | |
| 84 Sure, although I'd recommend you rewrite it as you go so you can actually learn | |
| 85 something useful. Also, passing someone else's code as your own is just uncool. | |
| 86 </p> | |
| 87 <p><strong>Why didn't you use [insert technology here]?</strong><br> | |
| 88 Basically I haven't done web development in close to a year, so I used what I knew best | |
| 89 (PHP/MySQL) and used the Javascript that I remembered, along with a little bit of | |
| 90 refreshing my memory. Perhaps I should have used object-oriented PHP or Javascript, but | |
| 91 this works. If it is slightly confusing, I apoligise, this is only meant as a proof-of-concept.</p> | |
| 92 <hr> | |
| 93 <p>Created: 28 Jan 2005.</p> | |
| 94 <p>Last updated: 1 Dec 2005. Copyright © 2005. | |
| 95 </body> | |
| 96 </html> |