In addition to my last post in this bored about an unbreakable security script.... I was informed that it is possible to by-pass it and find the username and password.... Could some on please review my script and tell me how to make it unbreakable?!

P.S. It's not PHP... It's Javascript... I put the tags to color code it...


//<!--Hide from old browsers
function passcheck()
{
numarr = 0
access = "no";
whereto = "no";

// Do Not change this block of code!
user = prompt("Input your username:","username");
pass = prompt("Input password for "+user+":","");
who = user+","+pass;

// Read instructions below on how to change this line!
valid = new Array(1);

// Change only the stuff in the quotes!
// Don't forget that the username,password must be in that form!

valid[0] = "tester,testing";

// Do NOT change the code below!
if (who == valid[0]){ checksout(); whereto = "test.html"; }

// Do NOT change the following unless you know what you are doing!
if (access == "no")
{
alert("Wrong username/password!");
alert("Access: Denied");
window.location="invalid.html";
}
if (access == "yes")
{
NewWindow('valid', '475', '475', 'no');
window.location="loggedin.html";
}
}

function NewWindow(myname, w, h, scroll)
{
var winl = (screen.width - w) / 2;
var wint = (screen.height - h) / 2;
winprops= 'height='+h+',width='+w+',top='+wint+',left='+winl +',scrollbars='+scroll+',resizable=0'
win = window.open(whereto, myname, winprops)
if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); }
}

function checksout()
{
alert("Access: Granted");
access = "yes";
}
// stop hiding script -->



PLEASE HELP ME OUT!!! I WILL GIVE YOU CREDIT EVERYWHERE FOR IT!!!!!

Umm.....I don't know how to improve it but I do know how to get around it.

If I am correct, the username is 'tester' and password is 'testing'. Or they can just go to loggedin.html


Or you can try: This is in JavaScript although I am more advanced in PHP:I am a bit rusty but.........


<SCRIPT language="JavaScript">
user = prompt("Input your username:","username");
pass = prompt("Input password for "+user+":","");
window.location=+user++pass+.html";
</SCRIPT>


This might have many errors but at least you get the idea ;<)

Once again, this is a Java forum. Java != Javascript even though Ryan doesn't seem to know that.

Having said that - you can't. You are trusting the capabilities of the browser. Javascript can be turned off, it works differently on different browsers, and, in general should be used to enhance the user experience, not for something like security. The real problem is that a human will always be able to read your code because that is the way that HTTP works. You cannot and should not control which browser or screen resolution or output device the user uses. If you try to you will turn away visitors who might otherwise like your site if you followed standard protocols.

Only on a server that you control can you begin to create a real security system. There the browser sends the credentials (username and password) and, since you have complete control over it, you get to decide if they are valid credentials.

Google and hotscripts.com are your friend. There are loads of Javascript snippets for a huge variety of things, but none that are going do what you want in this case.


In addition to my last post in this bored about an unbreakable security script.... I was informed that it is possible to by-pass it and find the username and password.... Could some on please review my script and tell me how to make it unbreakable?!

There is no such thing called an unabreakable script. Besides this is not the place to be discussing scripts. :-)
(this is the java forum, try your messages in a javascript forum)