Lets get some cold brewskies ready, along with pen paper and thinking cap...
Once again my approach to this will be too disassemble this code first and then to re-assemble it.....
So what do we want to get rid of?
Well; we are going to want to keep everything between the script statements for sure!:
<SCRIPT LANGUAGE="JavaScript">
All inside here
</SCRIPT>
<HTML>
<HEAD><TITLE></TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
/* Author's Name: Andy
Augustine
JavaScript Snippet: 'JSProtect'
Permission granted to freely distribute and use this
code as long as this header remains in tact.
(c)1996 Andy Augustine
*/
function JSProtect(form) {
if (form.ID.value=="function") {
if (form.pass.value=="location") {
location="co4th.htm"
} else {
alert("Sorry " +form.ID.value+ ", wrong
password.")
}
} else {
alert("Invalid Name")
location="end4th.htm"
}
}
//-->
</SCRIPT>
</HEAD>
<BODY>
<CENTER><TABLE BORDER=1 CELLPADDING=10 CELLSPACING=10><TR><TD>
<FONT SIZE="+2">Password Required to Continue</FONT>
</TD></TR></TABLE>
<P>
<FONT SIZE="2"><CODE>I D / P A S S</CODE></FONT>
<FORM name="login">
<INPUT NAME="ID"><BR>
<INPUT NAME="pass"><P>
<INPUT TYPE="button" VALUE="Login" onClick="JSProtect(this.form)">
</FORM>
</CENTER>
<P>
;WE CAN IMMEDIATELY GET RID OF ALL THIS TEXT FROM HERE DOWN
<HR WIDTH="50%">
<P>
<P>
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="100%"></P>
<P>
<HR WIDTH="95%"></P>
<P>
<HR WIDTH="90%"></P>
<P>
<HR WIDTH="80%"></P>
<P>
<HR WIDTH="70%"></P>
<P>
<HR WIDTH="60%"></P>
<P>
<HR WIDTH="50%"></P>
<P>
<HR WIDTH="40%"></P>
<P>
<HR WIDTH="30%"></P>
<P>
<HR WIDTH="25%"></P>
<P>
<HR WIDTH="20%"></P>
<P>
<HR WIDTH="15%"></P>
<P>
<HR WIDTH="10%"></P>
<P>
<HR WIDTH="5%"></P>
<P>
<HR WIDTH="4%"></P>
</BODY>
</HTML>
So lets get out our favorite editor; I use Homesite; and copy and paste this snippet of code there; save it; and run it in your Preview browser to see just what it does..............
<SCRIPT LANGUAGE="JavaScript">
<!--
/* Author's Name: Andy
Augustine
JavaScript Snippet: 'JSProtect'
Permission granted to freely distribute and use this
code as long as this header remains in tact.
(c)1996 Andy Augustine
*/
function JSProtect(form) {
if (form.ID.value=="function") {
if (form.pass.value=="location") {
location="co4th.htm"
} else {
alert("Sorry " +form.ID.value+ ", wrong
password.")
}
} else {
alert("Invalid Name")
location="end4th.htm"
}
}
//-->
</SCRIPT>
Well after pasting in that snippet of code my browser returns .....nothing.... must be a flaw that needs fixing!
Okay; here is where we now start to "re-assemble" the code so that we can more easily follow line by line what the code is doing...
Now lets copy and paste in the next snippet of code into your editor:
<CENTER><TABLE BORDER=1 CELLPADDING=10 CELLSPACING=10><TR><TD>
<FONT SIZE="+2">Password Required to Continue</FONT>
</TD></TR></TABLE>
<P>
Running this in our browser now shows us that
this code has built the " Box" centered at the top of the Page which
is entitled "Password Required to Continue".....
Lets continue:
Next you'll see this code below:
Now lets copy and paste it into an editor and
run it through the preview browser:
Hummm, alot of things happened at once; lets
instead just copy and paste one line at a time......
Keep in mind what we are doing here is building
each line so we can see and identify it; we then can comment it much easier
also...
<FONT SIZE="2"><CODE>I D / P A S S</CODE></FONT>
; this creates the text I D / P A S S
<FORM name="login">
; Not sure what this did; I got no return...
<INPUT NAME="ID"><BR>
;this creates the input box for ID
<INPUT NAME="pass"><P>
;this creates the input box for pass
<INPUT TYPE="button" VALUE="Login" onClick="JSProtect(this.form)">
;this creates the button which says; Login
and
activates the function JSProtect
</FORM>
</CENTER>
Okay; so we now know what parts of this code are semi-passive (oNclick would be active:) and we have constructed all of our input area.....now lets take a look at the more active code within the JavaScript itself......
<SCRIPT LANGUAGE="JavaScript"> .........................Start
of our script code
<!-- ................................................................................Hide
script from non JS Browsers.
/* Author's Name: Andy
Augustine
JavaScript Snippet: 'JSProtect'
Permission granted to freely distribute and use this
code as long as this header remains in tact.
(c)1996 Andy Augustine
*/
function JSProtect(form) {
; Okay; the onClick button; will activate this function;
JSProtect.(form)
if (form.ID.value=="function") {
;this is assigning the word "function" as the ID
value...
if (form.pass.value=="location") {
;this is assigning the word "location" as the pass
value...
location="co4th.htm"
;IF these two checks okay; then; goto URL co4th.htm;(
good-guy)
} else { ....................................................................
.this should flag us right away anything below here is probably
bad-guy ; I guess SORRY would be a clue; eh?
alert("Sorry " +form.ID.value+ ", wrong
password.") ;this will pop an error box
"Sorry (the input U typed in),
wrong
password"; ...........this is a check at the pass input box...
}
} else { ..........................................................................this
is the check that has failed for the ID input box;
alert("Invalid Name")
;this will pop an error box "Invalid Name"
location="end4th.htm"
;open window send-to bad-guy page..."end4th.htm"
}
}
//--> ................................................................................unhide
our script code
</SCRIPT> .....................................................................Finish executing script
//--> ................................................................................unhide our script code
here: http://www.proweb.co.uk/~greenway/AboutJS/index.html
Okay we have built and ran the code and we see
right away that if we type in an incorrect ID name the error box "Invalid
Name" pops;
also, typing in an incorrect password, along
with an incorrect ID value, this will also pop the "Invalid Name"
box;.... ?
This would suggest that IF the value for the ID
fails than the checking loop never gets to the 'password' check at all...
Check this by now typing in the correct ID value
of "function" and an incorrect value for the password.....
Yep; it passes the first check at ID; then moves
to the " pass" check; it fails and pops the error box
"Sorry (function),
wrong password"
Well; lets re-arrange the code and see what happens if we swap the placement of the two alert statements and see if there is a difference...
Hummmmmmm; well; I am confused now....
By switching the code to this:
} else {
alert ("Invalid
Name")
}
} else {
alert("Sorry " +form.ID.value+ ", wrong password.")
location="end4th.htm"
.....Now when I type in the wrong ID I get the
error "Sorry (whoever), wrong password"
Not having thought about it before this would
suggest to me that the first "IF statement" CHECK... really is done in
a LOOP in which it checks the LAST statement FIRST...(?)
IF okay;
then checks the next "if" and passes to the second
else statement in this LOOP which is the middle statement
"alert ("Invalid Name") "......
Perhaps The JavaTeachers could comment here.....?
Anyway lets move on......
We can correct this obvious mistake in the code by changing:
if (form.ID.value=="function") {
if (form.pass.value=="location") {
to this:
if (form.ID.value!="function") {
; Now any word in the world other than " function " is a good-guy
if (form.pass.value!="location")
{ ; Now
any word in the world other than "location" is a good-guy
NOTE: != means Not Equal To......
AND.....Now any password will be accepted from the User..:)
Now to be a good cracker we must always close and re-open our program to make sure that we have covered all the checks and Make sure we've gotten all those nasty nags eliminated...:) : 0
hummm; passes all the checks until it gets to the area of code wanting to goto the good-guy URL at: location="co4th.htm"
Since I can't access this file anyway; I can get
rid of this pesky nag by removing it from the code completely; or by commenting
it out.
Since I may want to remember it someday; I'll
just comment it out instead of removing it.
I'll replace it with an alert
good-guy- statement....... that I can live with... like so: (Changes
have been made in Orange)
function JSProtect(form) {
if (form.ID.value!="function") {
if (form.pass.value!="location")
{
alert("This
Bud's For YOU! You May pass")
/* location="co4th.htm"
*/
} else {
alert("Sorry " +form.ID.value+ ", wrong
password.")
}
Now run it in your Preview browser mode..
whala....
It now does not "see" the check for "location";
& it does not pop the URL NOT FOUND error box at all.....and it
now only reminds us that its long past due to get a cold brew! OKAY!
This dudes busted!!!!!!
And so, Reversing the Code in the above essay is only to show what the code is saying to us... and how we can interupet it and understand it...and even change its meaning...
Regards to The Sandman who's efforts to build
a nureo-network of various studies for newbies is unsurpassed!
and to our new friend and JavaTeacher "The Seeker"
Greetz to tnwo; Dogbytes; snake; Eternal Bliss; Bjanes; Volatility, Nick, Ice, Princess, and to all others; ya know who ya all are!
Jeff
2/18/99