Javascript log in

manolakis · 05-08-2017, 07:46 PM

Hello,

I am trying to create a web page where a user can register and log in. I want to use a javascript function where before the page loads the function checks if the user is already logged in. If he/she has signed in a welcome message will appear. If not, the user will be asked for his username and password.
I would be really obliged if anyone could help me with this.

Thank you.

astrogeek · 05-08-2017, 07:55 PM

That is probably not something that you want to do in javascript. As a practical matter, you cannot do anything in javascript until after the page has loaded.

In general, anything that runs on the client (javascript) can be hacked, broken, bypassed or modified by a malicious user.

What goes out to the client should have already been authenticated as necessary on the server, and the server should re-authenticate each and evey request before returning anything to the client. What goes to the client, authentication-wise, should only be non-forgable identifying tokens.

dugan · 05-08-2017, 07:56 PM

This is not possible to do without server-side code.

manolakis · 05-08-2017, 08:09 PM

Hello,

Thanks for your replies. To be more clear with my description I want to make it look like exactly like as the linuxquestions log in form.
As you said I will need server-side code to do that. The server ideally will open an sql database, check for the username and password and reply to the client.
Because I do not have a lot of experience with javascript can someone can give some example code, especially how the server-side code would look like.

Thanks again.

astrogeek · 05-08-2017, 08:22 PM

Although not really complex, that is a question with many possible answers.

You almost certainly want to use PHP as the scripting language and MySQL as the database.

Rather than try answer it piece-wise, I did a search for 'php mysql login example' and found quite a few hits that looked useful.

This one, PHP Login and Registration Script with MySQL Example appears on first look to be simple but complete, well written and covers everything from the PHP code to the MySQL database table and queries. It is probably a good place to start.

I would suggest that you try to work through the example there, and maybe look for others that suite your reading style. Then if you encounter problems implementing your own you will be able to ask specific questions and we will be able to provide more useful answers.

Let us know how that works out for you!

sundialsvcs · 05-12-2017, 05:04 PM

Often, client-side code is simply trusting. It checks for the existence of a cookie that is known to be furnished by the host when the user successfully logs in. (This cookie-value often includes the account-name of the user, in clear text, or provides this as some other cookie's value.) If the JavaScript finds this cookie, and is able to split-apart its value as described, it simply "acts accordingly, and hopes for the best." If not, it presents that the user is "not yet logged-in."

And, typically, this is "good enough."

dugan · 05-12-2017, 05:21 PM

From astrogeek's link:

Code:

if(mysqli_query($con, "INSERT INTO users(name,email,password) VALUES('" . $name . "', '" . $email . "', '" . md5($password) . "')")) {

Like many newbie PHP tutorials, it leads you into creating production websites with critical, and I mean critical, security vulnerabilities. This is not a topic for which "go google it" is the right answer.