我的网页上有简单的登录表单。它使用javascript登录用户,工作正常。 问题是用户输入的登陆页面url直接进入地址栏,他可以直接访问页面而无需登录。如果他没有登录,我想将他重定向到登录页面。 以下是loding和目标页面的链接。
登录:http://samdesign.comli.com/protected/index.html
目标:http://samdesign.comli.com/protected/user-soft.html
以下是使用的脚本。
<form>
<table align=center>
<tr>
<td>Username:</td>
<td><input type="text" name="username" style="background:#bfbfbf;color:#212121;border-color:#212121;" onFocus="this.style.background = '#ffffff';" onBlur="this.style.background = '#bfbfbf';"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" style="background:#bfbfbf;color:#212121;border-color:#212121;" onFocus="this.style.background = '#ffffff';" onBlur="this.style.background = '#bfbfbf';"></td>
</tr>
<tr>
<td></td>
<td align=right><input type="button" value="Login" onClick="Login(this.form);" style="background:#bfbfbf;color:#000000;border-color:#212121;" onMouseOver="this.style.color = '#404040';" onMouseOut="this.style.color = '#000000';" onFocusr="this.style.color = '#404040';" onBlur="this.style.color = '#000000';"></td>
</tr>
</table>
</form>
脚本就是这个
function Login(form) {
username = new Array("numair","sam","u3","u4","u5","u6","u7","u8","u9","u10","temporary");
password = new Array("nk1994","sf1993","p3","p4","p5","p6","p7","p8","p9","p10","user");
page = "/protected/user-soft.html";
if (form.username.value == username[0] && form.password.value == password[0] || form.username.value == username[1] && form.password.value == password[1] || form.username.value == username[2] && form.password.value == password[2] || form.username.value == username[3] && form.password.value == password[3] || form.username.value == username[4] && form.password.value == password[4] || form.username.value == username[5] && form.password.value == password[5] || form.username.value == username[6] && form.password.value == password[6] || form.username.value == username[7] && form.password.value == password[7] || form.username.value == username[8] && form.password.value == password[8] || form.username.value == username[9] && form.password.value == password[9] || form.username.value == username[10] && form.password.value == password[10]) {
self.location.href = page;
}
else {
alert("Either the username or password you entered is incorrect.\nPlease try again.");
form.username.focus();
}
return true;
}
任何人都可以帮忙解决问题吗?
答案 0 :(得分:4)
// Put this in your login function, just before the redirect
var sessionTimeout = 1; //hours
var loginDuration = new Date();
loginDuration.setTime(loginDuration.getTime()+(sessionTimeout*60*60*1000));
document.cookie = "CrewCentreSession=Valid; "+loginDuration.toGMTString()+"; path=/";
// Put this at the top of index page
if (document.cookie.indexOf("CrewCentreSession=Valid") == -1) {
location.href = "/Login.html";
}
答案 1 :(得分:2)
这不是正确进行身份验证的方法,您必须在服务器端保留身份验证逻辑,您可以在服务器端使用Node.js/Ruby-on-Rails(ROR)/JSP/ASP.NET
(等等,无论您想要什么)。
为了使您的页面安全,您必须在服务器端过滤之前添加(这将检查用户的会话)。
答案 2 :(得分:1)
JavaScript身份验证?这不安全。所有身份验证都应该在服务器端完成。