diff options
author | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-12 23:30:24 +0000 |
---|---|---|
committer | ausiv4 <ausiv4@eb105b4a-77de-11de-a249-6bf219df57d5> | 2009-08-12 23:30:24 +0000 |
commit | 24065d78f50b2fba32d63da58fa67407b22e6451 (patch) | |
tree | 299803318ef74ca224ebf0f612dcd8b401cb2374 /django/srpproject/templates | |
parent | 124ef39cb84dec12d21a36e98039e6a5042e7317 (diff) |
Rather than passing the necessary parameters to the SRP constructor, I've made them hidden fields in the form. This way a bookmarklet will be
able to read the fields, and authentication can be done without trusting the javascript sent by the server.
I also organized urls.py
Diffstat (limited to 'django/srpproject/templates')
-rw-r--r-- | django/srpproject/templates/login.html | 14 | ||||
-rw-r--r-- | django/srpproject/templates/register.html | 8 |
2 files changed, 9 insertions, 13 deletions
diff --git a/django/srpproject/templates/login.html b/django/srpproject/templates/login.html index 9de4268..edaf4dc 100644 --- a/django/srpproject/templates/login.html +++ b/django/srpproject/templates/login.html @@ -13,24 +13,20 @@ <script type="text/javascript"> function login() { - var username = document.getElementById("srp_username").value; - var password = document.getElementById("srp_password").value; - var url = window.location.protocol+"//"+window.location.host+"/srp/"; - srp = new SRP(username, password, "django", url); - srp.success = function() - { - alert("We win"); - }; + srp = new SRP(); srp.identify(); return false; } </script> </head> <body> - <form action="." onsubmit="return login()"> + <form action="{{ srp_url }}/noJs/" onsubmit="return login()"> <table> <tr><td>Username:</td><td><input type="text" id="srp_username" /></td></tr> <tr><td>Password:</td><td><input type="password" id="srp_password" /></td></tr> + <input type="hidden" id="srp_url" value="{{ srp_url }}"/> + <input type="hidden" id="srp_forward" value="#"/> + <input type="hidden" id="srp_server" value="django"/> </table> <input type="submit"/> </form> diff --git a/django/srpproject/templates/register.html b/django/srpproject/templates/register.html index 102daed..6e6d44a 100644 --- a/django/srpproject/templates/register.html +++ b/django/srpproject/templates/register.html @@ -19,10 +19,7 @@ alert("Password cannot be blank"); else { - var username = document.getElementById("srp_username").value; - var password = document.getElementById("srp_password").value; - var url = window.location.protocol+"//"+window.location.host+"/srp/"; - srp = new SRP(username, password, "django", url); + srp = new SRP(); srp.success = function() { alert("We win"); @@ -39,6 +36,9 @@ <tr><td>Username:</td><td><input type="text" id="srp_username" /></td></tr> <tr><td>Password:</td><td><input type="password" id="srp_password" /></td></tr> <tr><td>Confirm:</td><td><input type="password" id="confirm_password" /></td></tr> + <input type="hidden" id="srp_url" value="{{ srp_url }}"/> + <input type="hidden" id="srp_forward" value="{{ srp_url }}login/"/> + <input type="hidden" id="srp_server" value="django"/> </table> <input type="submit"/> </form> |