Help with setting cookie using javascript(altered)

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Help with setting cookie using javascript(altered)

Post by raghavan20 »

Code: Select all

<?php
 include ("accessConnection.php");
//read password cookie and assign it to the password textfield
if ($_COOKIE["checked"] != ""){
	$password = $_COOKIE["password"];
	$computerUser = $_COOKIE["computerUser"];
	$checked = checked;
}
else{
	$password = "";
	$computerUser = "";
	$checked = "";
}


if ($_POST["subAuthentication"] == "Sign In"){
 	$userValid = 0;
    $error = "<center>";
	$userName = $_POST["txtUserName"];
	$query  = "select Password from UserAccounts_tbl where UserName = '".htmlentities($_POST["txtUserName"])."' AND Password = '".$_POST["encryptedPass"]."' ";
	$result = mysql_query($query);
	
	if (mysql_num_rows($result) != 0) {
		setcookie("userName", $userName, time() + (60*60*24*30));
		if ($_POST["chStorePassword"]){
			$pass = $_POST["txtPassword"];
			setcookie("computerUser", $userName, time() + (60*60*24*30));
			//setcookie("password", $pass, time() + (60*60*24*30));//will expire in 30 days
			setcookie("checked", "true", time() + (60*60*24*30));
		}
		else{
			setcookie("checked", "", time() + (60*60*24*30));//will expire in 30 days
			setcookie("computerUser", "", time() + (60*60*24*30));
			//setcookie("password", "", time() + (60*60*24*30));
		}
		?>
		<script language="javascript">
			window.location = "index.php";
		</script>
		<?
	} else {
		$error .= "Invalid username or password!!!";
	}
	
  $error .= "</center>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Blogger - Authentication</title>
<link href = "cms.css" rel="stylesheet" type="text/css" />
</head>
<script type="text/javascript" src="sha2.js"></script>
<script language="javascript">
<!--
function validateForm(form){
	var userName = form.txtUserName.value;
	var password = form.txtPassword.value;
	var unencryptedPass = form.txtPassword.value;
	var valid = 1;
	var message = "";

	
	if (userName == "" || password == ""){
		message = ">>Please fill in all the fields!!!" + "\n"; 
		valid = 0;
	}
	
	if (message != ""){
		alert (message);
	}
	
	//set cookie if check box is checked and the basic validation is done
	if (form.chStorePassword.value ==1 && valid == 1){
		document.cookie = "password=" + unencryptedPass;
	}
	
	if (valid){
		form.encryptedPass.value =  hex_sha256(password);
		return true;
	}else{
		return false;
	}
	
	
}
//-->
</script>
<body>
<center>

<div class = "bordersOnly" style = " width:700px; font:Arial, Helvetica, sans-serif; font-size:50px; color:#FFFFFF; text-align:center; background-image: url(/images/bgBanner.gif); margin-top:20px ">
Blogger
</div>



<table class = 'bordersOnly' width = '700' cellspacing = '0' style="background-color:#000099; margin-top:10px">
<tr><td><br /><br /><br /></td></tr>
<tr><td><div class="Calign">
<table style="border: 1px solid #CCCCCC;background-color:#000099; font-weight:bolder; color:#FFFFFF" width = '500' cellspacing = '2'>
<tr class="subHeader"><td colspan="2"><div class="Calign">Log In to Blogger!!!</div></td></tr>
<?php echo "<tr><td colspan = '2' style = 'color:#CCCCCC; font-weight:bolder'>".$error."</td></tr>" ?>
<form name="frmAuthentication" method="post" action=""  onsubmit='javascript:return validateForm(this)'>
<tr><td><input name="checkStatus" type="hidden" value="echo $_COOKIE['checked']" /></td></tr>
<tr><td><input name="encryptedPass" type="hidden" value="" /></td></tr>
<tr><td>UserName</td><td><input name="txtUserName" type="text" value="<? echo $computerUser ?>"  size="60"/></td></tr>
<tr><td>Password</td><td><input name="txtPassword" type="password" value="<? echo $password ?>"  size="60"/></td></tr>
<tr><td></td><td class="Lalign">&nbsp;&nbsp;<input type="checkbox" name="chStorePassword" <? echo $checked ?> />
  Log me in automatically </td></tr>
<tr class="Lalign"><td></td><td>&nbsp;&nbsp;<input name="subAuthentication" type="submit" value="Sign In" /></td></tr>
</form>
<tr><td colspan="2"><hr class="hrGray" /></td></tr>
<tr><td></td><td class="Lalign">&nbsp;&nbsp;<a href="memberRegistration.php" class="login">Havenot registered yet, <br />
  &nbsp;&nbsp;Click here to create an user account</a></td>
</tr>
<tr><td></td><td class="Lalign">&nbsp;&nbsp;<a href="queries.php?action=forgotPassword" class="login">Forgot your password?</a></td></tr></table>
</td></tr><tr><td><br /><br /><br /></div></td></tr></table>
</center>
</body>
</html>
I was earlier using md5 to encrypt password. Based on our experts suggestion I am now using sha256. I have the feature of storing username and password in the local computer if the user wishes to (when user check automatically login).

1. Earlier I used to set the username and password cookie using PHP and the password is later md5'ied but now the password is sha256'd before passed to server. So now, when I login the cookie stores the sha256'd password and which get sha256'd when submitted. Then, I thought of setting unencrypted password cookie using javascript but for some reason I am not able to set 'password' cookie using javascript.



Sorry, if this post had been a little confusing for you. You can try the site http://raghavan.allhyper.com using visitor as username and password

Always, I welcome your comments.

d11wtq |

Code: Select all

tags[/color]
Last edited by raghavan20 on Tue Jun 28, 2005 12:02 am, edited 1 time in total.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: Help with setting cookie using javascript(altered)

Post by Roja »

raghavan20 wrote: I was earlier using md5 to encrypt password. Based on our experts suggestion I am now using sha256. I have the feature of storing username and password in the local computer if the user wishes to (when user check automatically login).
Okay.
raghavan20 wrote: 1. Earlier I used to set the username and password cookie using PHP and the password is later md5'ied but now the password is sha256'd before passed to server. So now, when I login the cookie stores the sha256'd password and which get sha256'd when submitted. Then, I thought of setting unencrypted password cookie using javascript but for some reason I am not able to set 'password' cookie using javascript.
I don't understand what you are asking here..

Do you need to know how to authenticate at the server side when the user sends an sha256'd password?

I tried the site, but it didn't clarify what you wanted to do.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

(The problem has been solved now...Thank you all)

Hi, I earlier was using the password input box alone not the hidden input box so the encrypted password is reflected in the same password input box.

Problem I had when was using password input box only:
1. I have the option ' log me in automatically'. Earlier I was using md5(), so plain password was stored as cookie in user's local computer. so each time the user opens up authentication.php and if the check box is checked then the 'password' cookie is read and the plain password is assigned to the input box.

But now, I am using sha256 and the password is encrypted and then checked with the encrypted password in db. If the passwords match, then the 'password' cookie is set. But now, the password is encrypted not plain as earlier and the password cookie now holds sha256'd password.

So, when I open authentication.php the next time and if the check box is found checked then the encrypted password is brought into the input box. When submitted the encrypted password is again encrypted which shouldnot happen.

The solution I thought was, if I can set the cookie 'password' before its sha256'd using javascript then I should be able to store the plain password instead of encrypted password. But I couldnot set cookie using javascript, so plz hv a look at the 'document.cookie' and find whether there is a problem with the syntax.

After including another hidden input box:
The password encrypted is passed as hidden value so the password entered is still in plain text and the cookie also stores the password in plain text.

2.Do you suggest to md5(sha256(password)) but currently I only do sha256(password). I thought of it but it appeared like too much encryption but wot do u suggest?
Post Reply