0

Here is the code I am using for the log in page in my site. Basically what I'm asking is, with the code below, how can I make a compatible form/database/anything in a different document to store the usernames and passwords that people enter on a separate sign up page? And how would I link it into my javascript/html log in pages if I need to? Also are there any changes I definitely need to make to the code (disregarding the coruser and corpass values- those are placeholders). Sorry for all the questions. Thank you!

HTML CODE (only including the relevant parts):

    <h1>Log In</h1>

    <form action="action_page.php">
        Username:<br>
            <input type="text" name="username" id="userInput"> <br>
        Password:<br>
            <input type="text" name="password" id="password"> <br><br>
    <input type="button" value="log in" onClick="logIn(username)"> </button>
    </form>

JAVASCRIPT CODE

            var logIn = function (logInFunction){

            var user = document.getElementsByName("username")[0].value;
            var password = document.getElementsByName("password")[0].value;

            var coruser = "username123"
            var corpass = "password123"

            if (user === coruser) {
                if (password === corpass) {
                window.alert("Logging in... Please wait");
            }
                else {
                window.alert("incorrect password");
                    }
              }
            else {
            window.alert("incorrect username")
            }

            }
melpomene
  • 84,125
  • 8
  • 85
  • 148
Elliot
  • 1
  • 3
  • This looks very insecure. Shouldn't you be checking logins on the back end in a database? – Nathaniel Flick Jan 07 '17 at 21:45
  • Indeed, all you have to do is look at the source and lo and behold `user:pass`. On `
    ` use `method=post` and your `action="action_page.php"` should do the secure verification.
     – zer00ne Jan 07 '17 at 21:50
  • @NathanielFlick how would I do that? I'm new to javascript. Thank you. – Elliot Jan 07 '17 at 22:42
  • Something like this: http://stackoverflow.com/questions/25728437/how-to-secure-my-login-page. But rather than depending only on the javascript you should lean on some sort of back end framework rather than writing your own javascript code to block things like injection scripting or other attacks. – Nathaniel Flick Jan 09 '17 at 14:20

1 Answers1

-1

You need a server side language, like PHP, to manage the database. Javascript has opensource libraries to do so, but PHP is made to work with MySql databases in an easy and secure way.

MarioZ
  • 981
  • 7
  • 16
  • "*PHP is made to work with MySql databases in an easy and secure way*" - I take exception to this because too many PHP tutorials and examples on the web are vulnerable to SQL injection. That's not to say that PHP is inherently insecure, but the "easy" way of `"... WHERE column = '$some_value'"` is. – melpomene Jan 07 '17 at 21:54