Scripting Question

[Anthony]

<!-- Begin
function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="member1" && password=="password1") {
window.location="page1.html"; done=1; }
if (username=="member2" && password=="password2") {
window.location="page2.html"; done=1; }
if (username=="member3" && password=="password3") {
window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}
// End -->

In the above script, is there a way that I can direct a person to a
specific worksheet of an excel workbook saved as an XML spreadsheet
instead of another web page? If so, can someone please reply with the
correct syntax. Thanks.

 

[Evertjan.]

Anthony wrote on 30 dec 2006 in comp.lang.javascript:

<!-- Begin
function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="member1" && password=="password1") {
window.location="page1.html"; done=1; }
if (username=="member2" && password=="password2") {
window.location="page2.html"; done=1; }
if (username=="member3" && password=="password3") {
window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}
// End -->

Sending the usernames and passwords to anyone on the web
is not realy a secure constraint.
I think it is more dangerous thad having no login at all,
because it gives false security to the user [and webmaster!]

Prossessing an xml file for display is another ball game,
where others might help you better.

In the above script, is there a way that I can direct a person to a
specific worksheet of an excel workbook saved as an XML spreadsheet
instead of another web page?

If the requested file is saved on a server, you could just put in the URL
and have the user download the file.

If it is saved on the client's pc, there is no access without
compromizing the security settings of the individual browser.

If so, can someone please reply with the
correct syntax. Thanks.

But again, please do not use the above fake security
of using clientside password checking!!!

That being said,
the above code is a bit strange,
as if the programmer did not know the "else" clause.

Where more users should be added a loop and array is more versatile,
only safe to use in a protected intra(!)net surrounding:

=============== test.html ==================
<script type='text/javascript'>
function Login(f){

var username = f.elements['username'].value.toLowerCase();
var password = f.elements['password'].value.toLowerCase();
var arr = [
['member1','password1','http://x.yz/page1.html'],
['member2','password2','http://x.yz/page2.html'],
['member3','password3','http://x.yz/page3.html']
];

for (n=0;n<arr.length;n++)
if (username == arr[n][0] && password == arr[n][1]) {
window.location.href = arr[n][2];
return false;
};

alert('Invalid login!');
return false;

};
</script>

<form name='login' onsubmit='return Login(this)'>
<input name='username'> username<br>
<input name='password'> password<br>
<input type='submit' value='go'>
</form>
==========================================

 

[Anthony]

Thanks, for the help. The script I listed earlier is to be used for a
team website on a company intranet. You stated that it is not very
good code or even very secure for that matter. Is the code that you
wrote in your e-mail better? I expect that it probably is. Finally,
can I use this code on my site to do what I want? Thanks, again.

Anthony wrote on 30 dec 2006 in comp.lang.javascript:

<!-- Begin
function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="member1" && password=="password1") {
window.location="page1.html"; done=1; }
if (username=="member2" && password=="password2") {
window.location="page2.html"; done=1; }
if (username=="member3" && password=="password3") {
window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}
// End -->

Sending the usernames and passwords to anyone on the web
is not realy a secure constraint.
I think it is more dangerous thad having no login at all,
because it gives false security to the user [and webmaster!]

Prossessing an xml file for display is another ball game,
where others might help you better.

In the above script, is there a way that I can direct a person to a
specific worksheet of an excel workbook saved as an XML spreadsheet
instead of another web page?

If the requested file is saved on a server, you could just put in the URL
and have the user download the file.

If it is saved on the client's pc, there is no access without
compromizing the security settings of the individual browser.

If so, can someone please reply with the
correct syntax. Thanks.

But again, please do not use the above fake security
of using clientside password checking!!!

That being said,
the above code is a bit strange,
as if the programmer did not know the "else" clause.

Where more users should be added a loop and array is more versatile,
only safe to use in a protected intra(!)net surrounding:

=============== test.html ==================
<script type='text/javascript'>
function Login(f){

var username = f.elements['username'].value.toLowerCase();
var password = f.elements['password'].value.toLowerCase();
var arr = [
['member1','password1','http://x.yz/page1.html'],
['member2','password2','http://x.yz/page2.html'],
['member3','password3','http://x.yz/page3.html']
];

for (n=0;n<arr.length;n++)
if (username == arr[n][0] && password == arr[n][1]) {
window.location.href = arr[n][2];
return false;
};

alert('Invalid login!');
return false;

};
</script>

<form name='login' onsubmit='return Login(this)'>
<input name='username'> username<br>
<input name='password'> password<br>
<input type='submit' value='go'>
</form>
==========================================

 

[Evertjan.]

Anthony wrote on 30 dec 2006 in comp.lang.javascript:

Evertjan. wrote:

Sending the usernames and passwords to anyone on the web
is not realy a secure constraint.
I think it is more dangerous thad having no login at all,
because it gives false security to the user [and webmaster!]


That being said,
the above code is a bit strange,
as if the programmer did not know the "else" clause.

Where more users should be added a loop and array is more versatile,
only safe to use in a protected intra(!)net surrounding:

=============== test.html ==================
<script type='text/javascript'>
function Login(f){

var username = f.elements['username'].value.toLowerCase();
var password = f.elements['password'].value.toLowerCase();
var arr = [
['member1','password1','http://x.yz/page1.html'],
['member2','password2','http://x.yz/page2.html'],
['member3','password3','http://x.yz/page3.html']
];

for (n=0;n<arr.length;n++)
if (username == arr[n][0] && password == arr[n][1]) {
window.location.href = arr[n][2];
return false;
};

alert('Invalid login!');
return false;

};
</script>

<form name='login' onsubmit='return Login(this)'>
<input name='username'> username<br>
<input name='password'> password<br>
<input type='submit' value='go'>
</form>
==========================================

[Please do not toppost on usenet]

Thanks, for the help. The script I listed earlier is to be used for a
team website on a company intranet. You stated that it is not very
good code or even very secure for that matter. Is the code that you
wrote in your e-mail better?

I never wrote you an email, this is an usenet posting.

No the code is not better security wize, and if you are not proficuient
enough to see the security flaw for yourself, PLEASE do not go this way.

Password security should be checked ON THE SERVER with serverside code.

I expect that it probably is.

No, see above. Even on an intranet, id you think security is important,
do not use clientside coded checking, becauseanyone can look at the
source and print out all the username/password combinations EVEN BEFORE
being checked.

If you show us an URL with your code, most of us here can get in within
30 seconds.

My code is "better",
in the sense that you can add per single row users ad libitum
without changing the rest of the code:

var arr = [
['member1','password1','http://x.yz/page1.html'],

['blag','broum','http://www.cnn.com\'],
['bl222ag','br888oum','http://www.aol.com\'],
['bla444g','b666roum','http://www.google.com\'],

['member2','password2','http://x.yz/page2.html'],
['member3','password3','http://x.yz/page3.html']
];

Finally,
can I use this code on my site to do what I want?

Certainly, if you are not troubled with the above.