I have got a nice login script:

<SCRIPT LANGUAGE="JavaScript">


function LogIn(){
loggedin=false;
username="Enter Username";
password="Enter Password";
username=prompt("Username:","");
username=username.toLowerCase();
password=prompt("Password:","");
password=password.toLowerCase();
if (username=="username" && password=="password") {
loggedin=true;
window.location="http://Yourserver.com/private_stuff.html";
}

}
if (loggedin==false) {
alert("Invalid login!");
}
}

</SCRIPT>

The problem with these Javascript validation methods are that the user can simply point to View--> Page source or press Ctrl-U to easily view the source and determine the expected password. For that reason, using PHP/MySQL or just about any database-cum-scripting language combo would do ( if you know them ). Else, you can safely settle for Flash. ( from Macromedia.com )

aaaa
But dont forget this combo;

JavaScript Login with No Right click /View Source

view source script:
<script language=JavaScript>

var message="";
///////////////////////////////////
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document. onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontext menu=clickIE;}

document.oncontextmenu=new Function("return false")

</script>

It is naive to think users would right click and click view page source. The very easy workaround is to select View -> Page Source from the Netscape Menu or from Internet Explorer, select View -> Source. Internet Explorer and Netscape/Mozilla does NOT let you disable javascript. Opera, however, lets you do so. Why not try making a live JS authetnication page. Lets see how long I would take to get in..

You could md5 hash the desired password, and then md5 the password entered and compare the 2. It would definately be more practical to use JSP/PHP/Perl/ASP etc instead of Javascript.

please us php and mysql, everything else is noware as save, and if you would use mysql and php you'Ve got all that with the session_id and you could log all the aktion of your users and so on

It would definately be more practical to use JSP/PHP/Perl/ASP etc instead of Javascript.


Yes - the lesson is never trust the client. The client (in this case the browser) is out of your control. How many game clients have been hacked to cheat on a multi-player system? Never ever ever trust what you are getting from the front end. Always verify it on the back end.

Plus, Javascript != Java - this thread is in the wrong place.