[英]How can i use the html, javascript web storage for login script
I want to use the web storage for my login system which has about 24 pages. 我想将Web存储用于大约24页的登录系统。 i am trying to use the
HTML-5
web storage api for session value storage. 我正在尝试使用
HTML-5
Web存储api进行会话值存储。 Here is what i have tried. 这是我尝试过的。
<div class="main">
<form id="form_id" method="post" name="myform">
<table>
<tr><td class="credentials-top">LoginID </td><td><input type="text" name="username" id="username" autofocus/></td></tr>
<tr><td class="credentials-top">Password </td><td><input type="password" name="password" id="password"/></td></tr>
</table>
<input type="button" value="Login" class="btn btn-warning" onclick="validate(),senduser()"/>
</form>
</div>
javascript: javascript:
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
var role;
if (password == "vp"){
localStorage.setItem("role", "vp");
return false;
}
else if (password == "sales"){
localStorage.setItem("role", "sales");
return false;
}
else if (password == ""){
return false;
}
else{
window.location = "login-failed.html";
}
}
Here i want to set the value of role to vp or sales depending on password accecpted. 在这里,我想根据所使用的密码将角色的值设置为vp或sales。 and i want to use role value to check if the user is vp or sales, how can i do this?
我想使用角色值来检查用户是vp还是销售人员,我该怎么做?
As I understand, you're trying to retrieve the saved values from another page. 据我了解,您正在尝试从另一个页面检索保存的值。
To do so, just read the values like you set them : 为此,只需像设置它们一样读取值:
role = localStorage.role
will give your variable back. 会把你的变量还给你。
I would rewrite your code this way : 我会这样重写您的代码:
<input type="button" value="Login" class="btn btn-warning" onclick="validate()"/>
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
if(!password.length) return false;
var role,
allowedPasswords = ["vp","sales"]; // clean way to handle a large number of passwords without repeating your code
if(allowedPasswords.indexOf(password) > -1){
localStorage.role = password;
}else{
window.location = "login-failed.html";
}
senduser();
}
Although it is off-topic, I raise serious doubts about the security of a password that bould be "vp". 尽管它是题外话,但我对可能是“ vp”的密码的安全性提出了严重怀疑。 I mean, you just can't seriously go into production with an application that accepts "vp" as a password.
我的意思是,您只是无法使用接受“ vp”作为密码的应用程序正式投入生产。
Edit : 编辑:
As Feeela mentioned, it is not more secure to store a password in clear, directly in the browser. 如Feeela所述,直接在浏览器中以明码存储密码并不安全。 However, althought the variable is called "password", It's not used as a password whatsoever.
但是,尽管该变量称为“ password”,但绝不用作密码。 It's not used for authentication purposes.
它不用于认证目的。 It's just a "role" in the company and should just be a "choose your role" dropdown.
这只是公司中的“角色”,应该只是“选择您的角色”下拉菜单。 Having a password field for this is totally incongruous.
有一个密码字段是完全矛盾的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.