Mercurial > rlmcintyre

view BoosterPack/logintets/login.html @ 0:0d795f02a8bb tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial committ. what was I thinking?
author Robert McIntyre <rlm@mit.edu>
date Mon, 27 Sep 2010 16:57:26 -0400
parents
children
line wrap: on
line source
     1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"



     2 "http://www.w3.org/TR/html4/loose.dtd">



     3 <html>



     4 <head>



     5 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">



     6 <title>AJAX Login System Demo</title>



     7 <script src="md5.js" type="text/javascript">



     8 // javascript md5 encoder originated from <http://pajhome.org.uk/crypt/md5/>



     9 // used under license as outlined at <http://pajhome.org.uk/site/legal.html>



    10 // Copyright (c) 1998 - 2002, Paul Johnston & Contributors



    11 // All rights reserved.



    12 </script>



    13 <script src="xml_http_request.js" type="text/javascript">



    14 // xml http request script modified slightly from that found at



    15 // <http://www.webpasties.com/xmlHttpRequest/index.html>, which is



    16 // Copyright 2005 Bill Bercik.



    17 </script>



    18 <script src="login_controller.js" type="text/javascript"></script>



    19 <script src="login_presentation.js" type="text/javascript"></script>



    20 <link rel="stylesheet" href="login.css" type="text/css" />



    21 </head>



    22 



    23 <body>



    24 



    25 <h1>AJAX Login System Demo</h1>



    26 <strong>Creating a secure login system using XMLHttpRequest</strong>



    27 



    28 <p>This is an example of a login system that does not require page refreshes, but is still very secure.  Valid



    29 usernames and passwords for this demo are user1/pass1 and user2/pass2.  Try these, and also incorrect passwords



    30 to see the results.</p>



    31 



    32 <p>Please note that this is not a functional form, your input will not go anywhere.  It is solely for demonstrating



    33 an XMLHttpRequest login system in javascript.</p>



    34 



    35 <h2>Advantages</h2>



    36 <ul>



    37 <li>User does not need to refresh the page to login.</li>



    38 <li>User is notified <em>instantly</em> on incorrect username/password combination.</li>



    39 <li>Overall user experience is more seamless.</li>



    40 <li>Password is not sent in plain text <em>ever</em> (more secure than traditional system).</li>



    41 <li>Javascript convenience with server-side security (uses PHP/MySQL).</li>



    42 <li>Uses one-time use random seed to hash the password before sending (making interceptions useless).</li>



    43 </ul>



    44 



    45 <h2>Disadvantages</h2>



    46 <ul>



    47 <li>System is more prone to brute force attacks.



    48 <ul><li>Can be minimized by adding a delay after a certain number of attempts per username or per client.</li></ul></li>



    49 <li>User may expect a login button.



    50 <ul><li>One could still be added without reloading the page.</li></ul></li>



    51 <li>Older versions of Safari cannot disable a password field.</li>



    52 <li><strong>This code uses the MD5 encryption algorithm, which has since been proven to be less secure than previously thought.  If you use this code, I strongly recommend you switch to a more secure encryption algorithm, such as SHA-1.</strong>  For sites were security is not crucial, MD5 should suffice.</li>



    53 </ul>



    54 



    55 <h2>Demonstration</h2>



    56 



    57 <div id="post_comment">



    58 <form action="post" onSubmit="return false">



    59 <div id="login" class="login">



    60 <label for="username">Username: </label>



    61 <input type="text" name="username" id="username" size=20>



    62 <label for="password">Password: </label>



    63 <input type="password" name="password" id="password" size=20>



    64 <p id="message">Enter your username and password to log in.</p>



    65 </div>



    66 <label for="comments">Comments:</label>



    67 <textarea rows="6" cols="80" id="comments"></textarea>



    68 </form>



    69 </div>



    70 



    71 <h2>Source</h2>



    72 <ul>



    73 <li><a href="login.html">login.html</a></li>



    74 <li><a href="login.css">login.css</a></li>



    75 <li><a href="login_controller.js">login_controller.js</a></li>



    76 <li><a href="login_presentation.js">login_presentation.js</a></li>



    77 <li><a href="xml_http_request.js">xml_http_request.js</a></li>



    78 <li><a href="md5.js">md5.js</a></li>



    79 <li><a href="login.phps">login.php</a></li>



    80 </ul>



    81 



    82 <h2>Questions</h2>



    83 <p><strong>Can I copy your code?</strong><br>



    84 Sure, although I'd recommend you rewrite it as you go so you can actually learn



    85 something useful.  Also, passing someone else's code as your own is just uncool.



    86 </p>



    87 <p><strong>Why didn't you use [insert technology here]?</strong><br>



    88 Basically I haven't done web development in close to a year, so I used what I knew best



    89 (PHP/MySQL) and used the Javascript that I remembered, along with a little bit of



    90 refreshing my memory.  Perhaps I should have used object-oriented PHP or Javascript, but



    91 this works.  If it is slightly confusing, I apoligise, this is only meant as a proof-of-concept.</p>



    92 <hr>



    93 <p>Created: 28 Jan 2005.</p>



    94 <p>Last updated: 1 Dec 2005.  Copyright &copy; 2005.



    95 </body>



    96 </html>