Keyboard "ENTER" key operates wrong function. How to fix?

[Greg Guarino]

I don't know anything about javascript. I'm using a password login
script that I found online. It works fine if you use the "Enter"
button on the page, but people are in the habit of using their
keyboard ENTER key. When they do so, it erases the password from the
box, like the "RESET" button does.

Is there a way to make the ENTER key operate the Enter function, like
the button on the page? Here's the relevant code:


-----------------------------------------
<SCRIPT LANGUAGE="JavaScript">

//---------------------------------
//LOGIN SCRIPT BY ALEX KEENE 1997
//[email protected]
//---------------------------------

function Getstats() {
window.status=('Attempting to Login to user area.')

var AccId;
var iName;
AccId = document.iAccInput.iAccID.value
iName = document.iAccInput.iName.value

if (AccId == "" || iName == "")
{
alert('\nERROR\nYou must enter ALL Details \nto log in \n');
window.status=('Missing data or Invalid. Check spelling and
Ensure Names are in Correct Case.')
}
else
{

var location=( iName + AccId + ".pdf");
this.location.href = location;
window.status=(' Verifying: ' + iName + '-' + AccId + ' Please
wait........');
}
}


</SCRIPT>

</HEAD>

<BODY alink="#ff0000" background="stripe.jpg" bgcolor="#ffffff"
link="#0000ff" text="#000000" vlink="#cc00cc"
onLoad="window.status=('You will need a password and username to
proceed further...');">

<p></p>
<FORM NAME="iAccInput">
<CENTER>
<TABLE
BORDER="3" CELLPADDING="2" CELLSPACING="8" BGCOLOR="#CCCCCC"
BORDERCOLOR="#808080" BORDERCOLORLIGHT="#808080"
BORDERCOLORDARK="#000000">
<TR>
<TD ALIGN="RIGHT">

<FONTSIZE="3" COLOR="#FF0000"
FACE="Arial"><B>Password:</B></FONT></TD>

<TD><INPUT TYPE="HIDDEN" NAME="iName" MAXLENGTH="15" value="acou">
<INPUT NAME="iAccID" MAXLENGTH="15" HEIGHT="50"></TD>
<TD><INPUT TYPE="BUTTON" VALUE=" Enter " onClick="Getstats()"
HEIGHT="40" WIDTH="50"><BR>
<INPUT TYPE="RESET" VALUE=" Reset " onClick="window.status=('RESET:
Please enter your USERNAME and ACCOUNT ID.')" WIDTH="50">
</TD></TR></TABLE></CENTER>

 

[Evertjan.]

Greg Guarino wrote on 25 jun 2007 in comp.lang.javascript:

var location=( iName + AccId + ".pdf");

the () are not useful.

this.location.href = location;

Do NOT use "location" as a variable name, use "myLocation" or other.

Is there a way to make the ENTER key operate the Enter function, like
the button on the page? Here's the relevant code:

What is that "enter function"?

<TD><INPUT TYPE="HIDDEN" NAME="iName" MAXLENGTH="15" value="acou">
<INPUT NAME="iAccID" MAXLENGTH="15" HEIGHT="50"></TD>
<TD><INPUT TYPE="BUTTON" VALUE=" Enter " onClick="Getstats()"
HEIGHT="40" WIDTH="50"><BR>
<INPUT TYPE="RESET" VALUE=" Reset " onClick="window.status=('RESET:
Please enter your USERNAME and ACCOUNT ID.')" WIDTH="50">>
</TD></TR></TABLE></CENTER>

//LOGIN SCRIPT BY ALEX KEENE 1997

Why use a 10 year old not working script????

It looks terrible with all the cuppercase and no css at all.

 

[Greg Guarino]

Greg Guarino wrote on 25 jun 2007 in comp.lang.javascript:


the () are not useful.


Do NOT use "location" as a variable name, use "myLocation" or other.

Again, I am completely ignorant of Javascript. It does work, though.

What is that "enter function"?

Perhaps "function" is the wrong word to use. It is the action that
happens when you click on the "enter" button on the page. I want the
same thing to happen when a person presses the ENTER key on their
keyboard.

Is there no <form></form> ??
No.


Why use a 10 year old not working script????

It works fine as long as someone use the "Enter" button.

It looks terrible with all the cuppercase and no css at all.

The uppercase words are only in the code and don't appear to the
viewer. In any case that is the way it was when I copied the script.
There is a bit of CSS, but I left that out of my post. In any case it
is a nearly empty page that a person would only find once they speak
to us by phone. It allows them to access some (mildly) password
protected documents that are only for our clients.

Greg Guarino

 

[Evertjan.]

Greg Guarino wrote on 25 jun 2007 in comp.lang.javascript:

If it workd s on one browser, that does not mean it works on all.

If you use location.href which is perfectly acceptable, it will fail in
your case.

Again, I am completely ignorant of Javascript. It does work, though.

The point is not if it works, but that you ask us to change it.

Therfore it schould be minimally readable for us and robust.

Perhaps "function" is the wrong word to use. It is the action that
happens when you click on the "enter" button on the page. I want the
same thing to happen when a person presses the ENTER key on their
keyboard.

So you have a button NAMED "enter".

but the "enter" key sends it's event to the active element,
so you would have to assign it to the body element.

It works fine as long as someone use the "Enter" button.

It does not, as you want it changed.

The uppercase words are only in the code and don't appear to the
viewer.

What viewer? Do you mean browser?

That I know, but If you ask such terrible code changed it should be
readable.

In any case that is the way it was when I copied the script.
There is a bit of CSS, but I left that out of my post.

I ment that code like the ancient HEIGHT="40" WIDTH="50" would be much
nicer converted to css.

In any case it
is a nearly empty page that a person would only find once they speak
to us by phone. It allows them to access some (mildly) password
protected documents that are only for our clients.

It seems you only have them access their "own" pdf. This works if you
have directory browsing switched off on the server.

I would urge you to learn some javascript, enough to understand your
code, if you want any measure of protection.

In your example the password and username will be kept in the local
browser cache for the whizkids of the users house cleaning ladies to
find.

"Mild protection?" I would say worse than "none". Users hate to have
their passwords, that they could also use elsewhere, divulged.

Protection using user passwords should be done by <form> post and delt
with by serverside scripting.

 

[Greg Guarino]

Greg Guarino wrote on 25 jun 2007 in comp.lang.javascript:


If it workd s on one browser, that does not mean it works on all.

True enough. I've tried it with Firefox and IE.

If you use location.href which is perfectly acceptable, it will fail in
your case.


The point is not if it works, but that you ask us to change it.

Therfore it schould be minimally readable for us and robust.


So you have a button NAMED "enter".

Correct. Here is what it looks like:

but the "enter" key sends it's event to the active element,
so you would have to assign it to the body element.

As I said, I don't know how to do that. That doesn't make it incumbent
on you to fix my problem, but the problem remains.

It does not, as you want it changed.


What viewer? Do you mean browser?

I meant the human being looking at the page.

That I know, but If you ask such terrible code changed it should be
readable.


I ment that code like the ancient HEIGHT="40" WIDTH="50" would be much
nicer converted to css.

Well now you've hit on something that I DO know how to do. In fact the
site is largely set up using CSS.

It seems you only have them access their "own" pdf. This works if you
have directory browsing switched off on the server.

That is almost true. They access the "class" of .pdf that is
appropriate for them. There are about ten different documents. We give
each client a password so they can access the correct one.

I would urge you to learn some javascript, enough to understand your
code, if you want any measure of protection.

In your example the password and username will be kept in the local
browser cache for the whizkids of the users house cleaning ladies to
find.

We just want to make it a nuisance to access these documents without
speaking to us first. If someone were to manage to get around our
"protection" there will be little harm done. There is no personal
information on them.

"Mild protection?" I would say worse than "none". Users hate to have
their passwords, that they could also use elsewhere, divulged.

You've put me in the position of arguing with someone I'm asking a
favor of. I left out the details of our particular use of this system
because I didn't think they were relevant. No one will use the
password for anything else. We give it to them, they use it once and
many people will get the same password. It's more of a "key" to access
the proper document than a password.

Protection using user passwords should be done by <form> post and delt
with by serverside scripting.

If you are telling me that what I have asked cannot be done in
javascript, or by modifying this particular script, even that would be
valuable information for me. But I'm not sure that is what you are
saying.

Greg Guarino

 

[Evertjan.]

Greg Guarino wrote on 25 jun 2007 in comp.lang.javascript:

If you are telling me that what I have asked cannot be done in
javascript, or by modifying this particular script, even that would be
valuable information for me. But I'm not sure that is what you are
saying.

Serverside coding cannot be done with CLIENTSIDE javascript.

Using a pasword in an url querystringstring is a bad idea, but sending it
in a <form method='post'> is not that bad if you sent it with a
<input type='password'>

Then the code on the server will validate that password against a list of
passwords in a database or in a text file. The serverside code could be
[serverside] javascript if you have asp on your server.

=====================

and if you use

<form method='post' name='myForm' action='http://...'>
.....

You could do something like:

<body
onkeydown="if (event.keyCode==13)
document.forms["myForm"].submit();'>

 

[RobG]

I don't know anything about javascript. I'm using a password login
script that I found online. It works fine if you use the "Enter"
button on the page, but people are in the habit of using their
keyboard ENTER key. When they do so, it erases the password from the
box, like the "RESET" button does.

Don't use a 10 year old script, just use a plain form and no scripting
at all.

Is there a way to make the ENTER key operate the Enter function, like
the button on the page? Here's the relevant code:

Remove the useless script.

<SCRIPT LANGUAGE="JavaScript">

The language attribute is deprecated, type is required.

function Getstats() {
window.status=('Attempting to Login to user area.')

That will do nothing in my browser, you can't modify the status bar.
You don't even know if the user has a status bar.


[...]

if (AccId == "" || iName == "")
{
alert('\nERROR\nYou must enter ALL Details \nto log in \n');
window.status=('Missing data or Invalid. Check spelling and
Ensure Names are in Correct Case.')

Check spelling? All that was tested was if something (anything) was
entered in the fields. If you want to validate the form, use the the
form's onsubmit handler and leave it at that. Use an input
type=password for the password, something like:


<script type="text/javascript">
function validate(form){
if (form.userName.value == '' ||
form.userPassword.value == '' ) {
alert('Please enter a user name and password');
return false;
}
}
</script>

<form id="loginForm" action="" onsubmit="return validate(this);">
<table>
<tr><td>Username:
<td><input type="text" name="userName">
<tr><td>Password:
<td><input type="password" name="userPassword">
<tr><td>&nbsp;<td style="text-align: right">
<input type="reset" value="Reset">
<input type="submit" value="Login">
</table>
</form>

I would be much nicer to put the error message in the page rather than
popping up an alert, the above is just a quick example.