From 24065d78f50b2fba32d63da58fa67407b22e6451 Mon Sep 17 00:00:00 2001 From: ausiv4 Date: Wed, 12 Aug 2009 23:30:24 +0000 Subject: Rather than passing the necessary parameters to the SRP constructor, I've made them hidden fields in the form. This way a bookmarklet will be able to read the fields, and authentication can be done without trusting the javascript sent by the server. I also organized urls.py --- django/srpproject/templates/login.html | 14 +++++--------- django/srpproject/templates/register.html | 8 ++++---- 2 files changed, 9 insertions(+), 13 deletions(-) (limited to 'django/srpproject/templates') diff --git a/django/srpproject/templates/login.html b/django/srpproject/templates/login.html index 9de4268..edaf4dc 100644 --- a/django/srpproject/templates/login.html +++ b/django/srpproject/templates/login.html @@ -13,24 +13,20 @@ -
+ + + +
Username:
Password:
diff --git a/django/srpproject/templates/register.html b/django/srpproject/templates/register.html index 102daed..6e6d44a 100644 --- a/django/srpproject/templates/register.html +++ b/django/srpproject/templates/register.html @@ -19,10 +19,7 @@ alert("Password cannot be blank"); else { - var username = document.getElementById("srp_username").value; - var password = document.getElementById("srp_password").value; - var url = window.location.protocol+"//"+window.location.host+"/srp/"; - srp = new SRP(username, password, "django", url); + srp = new SRP(); srp.success = function() { alert("We win"); @@ -39,6 +36,9 @@ Username: Password: Confirm: + + + -- cgit v1.2.3