<html>
<head>
<title></title>
<script language=JavaScript>
<!--Hide
function ValidateUsr ()
{
var txt=document.entry.user.value
var pass=document.entry.password.value
if (txt=='pass')
{
alert('Please complete this form');
var xxx=1
}
if (pass=='txt')
{
alert('please complete this form');
var xxx=1
}
if (xxx==0)
{
alert('Entry was not sucsessful');
var xxx=0
}
else
{
AreYouWho(txt, pass)
}
}
function LogIn ()
{
document.entry.user.value='Unanimous';
document.entry.password.value='entry';
location.href='wrong3.htm'
}
function AreYouWho(txt, pass)
{
var xxx=0
if (txt=='pass')
{
var xxx=1
}
if (pass=='txt')
{
var yyy=xxx+1
}
if (yyy==2)
{
location.href='gotit3.htm'
}
else
{
alert('Incorect Log-In Pass word or User Name')
var yyy=0; var xxx=0
location='wrong3.htm'
}
}
// Unhide-->
</script>
<body bgcolor=#000000 text=#ff00ff onLoad='window.status="What the
password!"'>
<form name="entry">
<table bgcolor=#0000ff width=70% border=1><br>
<font size=+2 color=#ffffff>Log In Here:</font><br>
<font size=+1 color=#000000>UserName:<input type=text
size=38 name=user><br>
Password: <input type=password size=40 name=password></font><br>
<font size=+1 color=#dd0000><b><i>Remember: Never give
out your Password</i></b></font><br>
</table>
<input type=button value="Enter" onClick="ValidateUsr()">
<input type=reset value="Clear">
<input type=button value="Unanimous Entry" onClick="LogIn()"><br>
</form>
<CENTER><P>
<HR></P></CENTER>
<CENTER><P><FORM><INPUT TYPE="BUTTON" VALUE="View Source"
onClick= 'window.location = "view-source:" + window.location.href'
<</FORM></P></CENTER>
<B><FONT COLOR="#000000"></FONT></B>
<P>..................................................................................;
Get rid of everything from here down...we don't need it ..........................
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="95%"></P>
<P>
<HR WIDTH="90%"></P>
<P>
<HR WIDTH="80%"></P>
<P>
<HR WIDTH="70%"></P>
<P>
<HR WIDTH="60%"></P>
<P>
<HR WIDTH="50%"></P>
<P>
<HR WIDTH="40%"></P>
<P>
<HR WIDTH="30%"></P>
<P>
<HR WIDTH="25%"></P>
<P>
<HR WIDTH="20%"></P>
<P>
<HR WIDTH="15%"></P>
<P>
<HR WIDTH="10%"></P>
<P>
<HR WIDTH="5%"></P>
<P>
<HR WIDTH="4%"></P> .................................................TO
HERE............................
</body>
</html>
First I take the text after the end script
statement and paste it into my homesite editor one line at a time;
in this way I can view what is taking place and which line is making something
specificaly occur:
So I start with:
.......................................................................snip.....................................................................
// Unhide-->
</script> ..............................; end script...........reference
only.....next line is what we want...........................
<body bgcolor=#000000 text=#ff00ff onLoad='window.status="What
the password!"'> ; start with this line
Well I see right away when I run this in my editors'
Preview broswer that this produces a black background with the text:
"What the password"
down in the status area.....
Note: I have made a change to this text; "What
the password!"
Do not make the mistake that I did in writting
it "What's the password!"....the
script does not like the added ( ' ) within the quotes..it will continuosly
pop an error (irritating!) until the ( ' ) is removed...So
I changed mine to "What is the password!"
<form name="entry"> ; no change that I can see
Next line:
<table bgcolor=#0000ff width=70% border=1><br>
; no visible change
Next line:
<font size=+2 color=#ffffff>Log In Here:</font><br>
;produces the words "Login Here:" (no quotes)
Next:
Password: <input type=password size=40 name=password></font><br>
;produces the Password input box
It would seem that the background color is obscuring our viewing of
this text.....hummm; this would be an interesting way to hide a password
on a page....(when (IF)it was not viewable in the source....wonder how
to produce that effect)......
Anyway lets change the background so we can see this text that is not
viewable to us right now.....
In your editor look for:
<body bgcolor=#000000 text=#ff00ff onLoad='window.status="What's
the password!"'>
and change it to:
<body bgcolor=#0ff0ff text=#ff00ff onLoad='window.status="What's
the password!"'>
Well; well !; there's the text I missed!
On we travel..........
<font size=+1 color=#dd0000><b><i>Remember: Never give out your Password</i></b></font><br> ;Text under input boxes
</table>
<input type=button value="Enter" onClick="ValidateUsr()"> ;This is a very important one;Produces Enter button which upon click will react with the function ValidateUsr () code in js code above.....
<input type=reset value="Clear"> ; creates the clear button; resets or clears input boxes...
. <input type=button value="Unanimous Entry" onClick="LogIn()"><br> ; nother portant one; reacts with a different function value in above js code
</form>
<CENTER><P>
<HR></P></CENTER>
; inserts a dividing line
In this way we can continue to build the source
which produces this guts of the page.......and view what each line does....
Next line:
<CENTER><P><FORM><INPUT TYPE="BUTTON" VALUE="View Source" ; this creates the view source button
onClick= 'window.location = "view-source:" + window.location.href'
;Where to goto when clicked...goes to view-source
<</FORM></P></CENTER> ;Form end tag
<B><FONT COLOR="#000000"></FONT></B> ; color font end tag
So now we have built our page so that it can now recieve the input data:
Now we can move on to explore where this data
is being manipulated...We can find this data between the script tags
Okay; sooooo, lets rock!
First lets build the javascript........Notice that all the above text that we built for the input tables were in the BODY section...The Java will be between the HEAD and the Body section......
<script language=JavaScript>
<!--Hide
; if you now paste JUST this part in; you will get a blank white page
// Unhide-->
</script>
; but add in the END statements and your page will load correctly
Now lets try to fill in all the missing data and
see if we can figure out what is going on.....
<script language=JavaScript>
<!--Hide
We Are Going To FILL IN THIS DATA Here:
// Unhide-->
</script>
All the body stuff has already been pasted in
here and tested line by line to see what it does
</HTML>
.Now lets click on the user buttons and see what happens.....
Enter = error box pops; "Validate Usr is not defined"; ah; so we now know that the 'enter button' controls the User function info....
Clear = Nothing happens when clicked; well; lets type something in and then click......Ahh; this button does 'clear' your input; this means that this button has already been defined...We can see that here: <input type=reset value="Clear"> So this has not only created the clear- button but has defined it also.
Unanimous entry =produces an error box; "Login is not defined".... so this would be associated with the "Login" function
View source =produces
a pop u window showing the source....so once again; this button has already
been defined and its value does return an action...We can see this here:...
<CENTER><P><FORM><INPUT TYPE="BUTTON" VALUE="View Source"
; this creates the view source button
onClick= 'window.location = "view-source:" + window.location.href'
;Where to goto when clicked...it goes to view-source
<script language=JavaScript>
<!--Hide
function ValidateUsr ()
// Unhide-->
</script>
Note:
You can see what functions these brackets perform
here:
http://www.proweb.co.uk/~greenway/AboutJS/Seeker2.html
an
essay by The Seeker
<script language=JavaScript>
<!--Hide
function ValidateUsr ()
}
{
// Unhide-->
</script>
Okay; running it, in preview browser now, we recieve no errors having corrected the { } problem...
Alright NOW when we click on the Enter button
there also is no longer an error message...so this statement ...
function ValidateUsr ()
...definitely is what is in control of this button!
Type in your name and click enter button...No response....BUT no errors
either...OKay! lets proceed......
<script language=JavaScript>
<!--Hide
function ValidateUsr ()
{
var txt=document.entry.user.value
;the variable txt= user_value
var pass=document.entry.password.value
;the variable pass=password_value
if (txt=='pass')
;IF user_value ( or 'txt') ='pass' then
{
alert('Please complete this
form');
;pop box 'Please complete this form'
var xxx=1
}
if (pass=='txt')
;IF password_value ( or 'pass') ="txt" then
{
alert('please complete this
form');
;pop box 'please complete this form'
I notice here in these two 'alerts' that the word Please is in Upper and
lower
case; which also can identify which value will pop which box...
This snippet does not perform in the way we might expect it to: IMO...
'Please complete this form' would
lead us to believe that if we leave the input\s boxes void of an entry,
or nothing at all in them, that this particular error would pop; but this
is not the case in the way this has been written....
This has been written to actually say if user and passwrod are correct
then pop these boxes....!
BUT>>>We will find also that if we type in the correct
username and correct password that then these two
alerts WILL get activated:
This would seem to be incorrect...this has been quite confusing, to
me, as to the authors intent.
Weather this is a red herring or a mistake; I do not know; and
I am not critiziing the author; especially when you do not know
what his intentions were...(OR if I have interpeted them correctly!)
We must always bear in mind that the author may have written code in
a certain way to throw us off; to confuse us; or maybe he just did not
care that day; or his lesson was inspired in only one specific area
of thought; like getting the correct password only; or his intentions
were purposeful..thinking to later have people correct his intentional
mis-coding.... (if mis-coded at all)
.and so in this case.....if we have actually filled in the form we really should not be getting an alert box telling us to 'Please complete this form' ...when we have already filled in the form....
I must admitt here that I spent many many hours trying to force this
to work correctly;
I could have simply changed the alert boxes to Read and produce
this Message upon correct entry\s and saved myself all those hours of scratching
my head...
if (txt=='pass')
{
alert('Good JOB!');
var xxx=1
}
if (pass=='txt')
{
alert('You May Pass!');
....but it simply was not what I thought was the actual intent; that
being to produce the prompt to fill in the boxes
if one or more were left empty....so I kept on.....
I finally succeeded by doing the following changes:
In this case I would change the above code to read:
var txt=document.entry.user.value
;the variable txt= user_value (note: I
inserted the underscore_ )
var pass=document.entry.password.value
;the variable pass=password_value
if (txt==' ')
;IF user_value ( or 'txt') ==(is equal to) ' ' (NOTHING)...then
{
alert('Please complete this
form');
;pop box 'Please complete this form'
var xxx=1
}
if (pass=='
')
;IF password_value ( or 'pass') == (is equal to) ' ' (nothing)...
then
{
alert('please complete this
form');
;pop box 'please complete this form'
I notice here in these two 'alerts' statements that the word Please is
in Upper
and lower case; which also can identify
which value will pop which box...
Type in the correct value for username and leave the password
box Empty....now you will recieve a error stateing:
'please complete this form'
Notice the lower case; this is now performing a correct check and
prompt for the invalid empty box at Password box;
Try it in reverse for the password; type in the correct password;
and now leave the Username area empty; You now recieve an error box prompt:
'Please complete this form'
Now notice the Upper case letters; this indicates the check and failure
at the UserName box.....
And now type in the correct User and password....and we no longer recieve these two boxes popping when we are correct.
It is possible to make these changes because it would seem to be redundant
in that the same code values are checked and performed below at the......
function AreYouWho(txt, pass)
var xxx=1
}
if (xxx==0)
{
alert('Entry was not sucsessful');
; I actually had a terrible time getting this line to work;It simply NEVER
popped at all!! it would seem to be redundant since xxx=0 is already
assigned to the .....
alert('Incorect Log-In Pass word or User Name') function below;
Once agian it was my feeling that this Entry
was not sucsessful certainly was
not being carried out as planed within the "Validate Usr" function...It
is my
feeling that because it is associated with the 'Please
complete this form' code
that we should make it work in that context......(see code in next section)
var xxx=0
}
else
{
AreYouWho(txt, pass)
;Pops an error undefined at this point in our reassembly; must work only
within the scope of adding the third function which we have
not included
yet ...
}
}
}
{
// Unhide-->
</script>
if (pass=='')
{
alert('please complete this form');
var xxx=1
}
if (xxx==1)
;change if (xxx==0) to if
(xxx==1)
{
alert('Entry was not sucsessful');
Running this now will show you the difference!
function LogIn ()
{
document.entry.user.value='Unanimous';
; this is a piece of code that will always
send you the badguy zone; its
associated with the Unanimous button..
.
document.entry.password.value='entry';
location.href='wrong3.htm'
: open badguy URL
}
function AreYouWho(txt, pass)
{
var xxx=0
;declare a value for xxx=0;
if (txt=='pass')
;If txt is equal to the word 'pass'
then UserName is correct..
remember this has been declared in the "Validate Usr" function:
var txt =document.entry.user.value
{
var xxx=1
;if Username is CORRECT then.... xxx=1
}
if (pass=='txt')
;If pass is equal to the word 'txt'
then Password is correct..
remember this has been declared in the "Validate Usr" function:
var pass =document.entry.password.value
{
var yyy=xxx+1
;if Password is CORRECT THEN..... yyy =xxx
+ 1
;in other words,declare variable yyy
;then ADD what ever value of xxx to yyy
;THEN, add a 1 to yyy ....so yyy now equals 2 on a valid check
}
if (yyy==2)
;if yyy = 2 then BOTH the Username AND
;PASSWORD must have been correct..
;variable yyy takes it's value from xxx
{
location.href='gotit3.htm'
; open window & goto good-guy page
}
else
; if not equal above then....
{
alert('Incorect Log-In Pass word or User Name')
; pop error box
var yyy=0; var xxx=0
location='wrong3.htm'
;goto bad-guy page
}
}
// Unhide-->
</script>
function LogIn ()
{
document.entry.user.value='Unanimous';
document.entry.password.value='entry';
location.href='wrong3.htm'
}
function AreYouWho(txt, pass)
{
var xxx=0
if (txt=='pass')
{
var xxx=1
}
if (pass=='txt')
{
var yyy=xxx+1
}
if (yyy==2)
{
location.href='gotit3.htm'
}
else
{
alert('Incorect Log-In Pass word or User Name')
var yyy=0; var xxx=0
location='wrong3.htm'
}
}
// Unhide-->
</script>
(don't forget our background color change; eh?)
FIND and type in the correct Password and Username (DOH!)
copy and paste the correct good-guy URL at the end of url address
for level three;
example:
level 3 URL = http://www.proweb.co.uk/~greenway/Java/lev3.htm
Change to:
http://www.proweb.co.uk/~greenway/Java/gotit3.htm
and your on your way...
......................................but remember.... it won't always
be that simple....so we must strive to understand and intrurpet the code
and its meanings.....the protectionist will evolve to our level of energy....So
lets keep them on thier toes by...study-study-study......:)
I am a complete newby at js reversing so don't
think anything that I have written here... is in stone...its
not! hehehe
At my present newby status this is simply
my interpetation ... I hope to one day come back and re-edit this to
make more clarifying sense to you the reader...OR better yet.....why
don't you take this essay and correct it!!!!! :)
Regards to The Sandman who's efforts to build
a nureo-network of various studies for newbies is unsurpassed; and
whos friendship and tutelage are also unsurpassed!
and to our new friend and JavaTeacher "The Seeker";
whos encouragement and selfless efforts are taking us to new dimensions!
Greetz to tnwo; Dogbytes; snake; Eternal Bliss;
Bjanes; Volatility, Nick, Ice, Princess, and to all others; ya know who
ya all
are!
Jeff
2/18/99