diff options
| author | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-12 23:30:24 +0000 |
|---|---|---|
| committer | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-12 23:30:24 +0000 |
| commit | 24065d78f50b2fba32d63da58fa67407b22e6451 (patch) | |
| tree | 299803318ef74ca224ebf0f612dcd8b401cb2374 /django/srpproject/templates/register.html | |
| parent | 124ef39cb84dec12d21a36e98039e6a5042e7317 (diff) | |
Rather than passing the necessary parameters to the SRP constructor, I've made them hidden fields in the form. This way a bookmarklet will be
able to read the fields, and authentication can be done without trusting the javascript sent by the server.
I also organized urls.py
Diffstat (limited to 'django/srpproject/templates/register.html')
| -rw-r--r-- | django/srpproject/templates/register.html | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/django/srpproject/templates/register.html b/django/srpproject/templates/register.html index 102daed..6e6d44a 100644 --- a/django/srpproject/templates/register.html +++ b/django/srpproject/templates/register.html @@ -19,10 +19,7 @@ alert("Password cannot be blank"); else { - var username = document.getElementById("srp_username").value; - var password = document.getElementById("srp_password").value; - var url = window.location.protocol+"//"+window.location.host+"/srp/"; - srp = new SRP(username, password, "django", url); + srp = new SRP(); srp.success = function() { alert("We win"); @@ -39,6 +36,9 @@ <tr><td>Username:</td><td><input type="text" id="srp_username" /></td></tr> <tr><td>Password:</td><td><input type="password" id="srp_password" /></td></tr> <tr><td>Confirm:</td><td><input type="password" id="confirm_password" /></td></tr> + <input type="hidden" id="srp_url" value="{{ srp_url }}"/> + <input type="hidden" id="srp_forward" value="{{ srp_url }}login/"/> + <input type="hidden" id="srp_server" value="django"/> </table> <input type="submit"/> </form> |