javascript - Unable to prevent password from automatically stretching out in password field after login click -
i have form password being encrypted on client side , sent 'post' once login clicked. however, unable prevent password input stretch random string @ time login clicked. want encryption happen behind scenes. basically, mean when type password , click login , password size increases depicts encrypted password , form submits.
here form part:-
<form action="/scripts/loginsql.php" method="post" id="user_login" onsubmit="submitlogin()" > <label for="textfield"></label> <input name="username" type="text" class="textfieldstyle" id="username" placeholder="username" > <br> <br> <br> <input name="password" type="password" class="textfieldstyle" id="password" placeholder="password" > <input name="sign in" type="image" src="/images/signin.png" class="textfieldstyle" id="submit" /> <?php $ipaddr = $_server['remote_addr']; $salt = exec("/opt/bin/createloginsalt " . $ipaddr); echo '<input id="salt" value="' . $salt . '" readonly="readonly" type="hidden">'; ?> </form> here js part:-
function submitlogin(){ var sltelement = document.getelementbyid("user_login").elements.nameditem("salt"); var userelement = document.getelementbyid("user_login").elements.nameditem("username"); var passwdelement = document.getelementbyid("user_login").elements.nameditem("password"); var passhash = aes.ctr.encrypt(passwdelement.value, sltelement.value, 256); passwdelement.value = passhash; sltelement.value = " "; passwdelement.form.submit(); } here php part:-
$error=''; if(!isset($_post['username']) || !isset($_post['password'])){ $error = "username or password invalid"; } else { $username=$_post['username']; $stringencrypted=$_post['password']; $ipaddr = $_server['remote_addr']; $username = stripslashes($username); $stringencrypted = stripslashes($stringencrypted); $encryptionkey = exec("/opt/bin/getloginsaltforsession " . $ipaddr); $password = aesctr::decrypt($stringencrypted, $encryptionkey, 256); $result = exec("/opt/bin/chkligncrdntls " . $username . " " . $password . " " . $ipaddr); if ($result == 'false') { header("location: /scripts/login.php"); // redirecting other page exit(); } else { header("location: /protected/main.html?tokn=" . $result); // redirecting other page $result = exec("/opt/bin/deleteloginsalt " . $encryptionkey . " " . $ipaddr); exit(); }
make password field that's sent server hidden field in form.
<form action="/scripts/loginsql.php" method="post" id="user_login" onsubmit="submitlogin()" > <label for="textfield"></label> <input name="username" type="text" class="textfieldstyle" id="username" placeholder="username" > <br> <br> <br> <input type="password" class="textfieldstyle" id="password" placeholder="password" > <input name="password" type="hidden" id="hiddenpassword"> <input name="sign in" type="image" src="/images/signin.png" class="textfieldstyle" id="submit" /> <?php $ipaddr = $_server['remote_addr']; $salt = exec("/opt/bin/createloginsalt " . $ipaddr); echo '<input id="salt" value="' . $salt . '" readonly="readonly" type="hidden">'; ?> </form> the js take password visible field , encrypt hidden field.
function submitlogin(){ var sltelement = document.getelementbyid("user_login").elements.nameditem("salt"); var userelement = document.getelementbyid("user_login").elements.nameditem("username"); var passwdelement = document.getelementbyid("password"); var hiddenpasswdelement = document.getelementbyid("hiddenpassword"); var passhash = aes.ctr.encrypt(passwdelement.value, sltelement.value, 256); hiddenpasswdelement.value = passhash; sltelement.value = " "; passwdelement.form.submit(); } the visible password element doesn't have name attribute, won't submitted form.
Comments
Post a Comment