Auto login

[Navillus]

Hey gang,

I'm helping this guy with his company's website. They have a page where
you login, and basically it looks like when you enter your password and
user info and submit the form, it runs a javascript function that saves
the info as a cookie. It looks like this:

<script language="JavaScript">
function savecookie()
{
/* save the values of user and password of the form input
(document.form.elementname) in the cookie */
var url = "/sap/its/iacproject/select_premises.html";
var nextyear = new Date();
nextyear.setFullYear(nextyear.getFullYear() + 1);
document.cookie = 'password= '+ document.Login.password.value +
'# expires='+ nextyear.toGMTString() +'; path= /';
document.cookie = 'user= '+ document.Login.user.value + ';
expires=' + nextyear.toGMTString() +'; path= /';
}
</script>


They want to make it so that when you register, which is on a different
page, you can automatically be logged in. I tried doing this by copying
the saveCookie function into the final page of the registeration
process, and changing the variables accordingly. This is where it gets
fishy, because there's a lot of SAP in the registration form. Here's my
savecookie function from the registration page:

<script language="JavaScript">
function savecookie()
{
/* save the values of user and password of the form input in the cookie
*/
var url = "/sap/its/iacproject/select_premises.html";
var nextyear = new Date();
nextyear.setFullYear(nextyear.getFullYear() + 1);
document.cookie = 'password=
EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value; path= /';
document.cookie = 'user=
EWEBIAC_HTML_LOGIN_FIELDS-PASS_RES.value; expires=' +
nextyear.toGMTString() +'; path= /';
}
savecookie();
</script>

Now, it's almost working. It does save the cookie for me, but the
values are all messed up. I think I have a syntax error in assigning
the cookie variables. I'm hoping it's just a few quotation marks or
something that someone here can identify for me. I assign the variables
like this because of how the SAP looks below:

<body `SAP_BodyAttributes()` onLoad="`SAP_OnLoadJavaScript()`">

`SAP_TemplateFormBegin()`

<h2 style="font-style:arial" style="font-size:24pt">`#l_header`</h2>

`SAP_TemplateGroupBoxBegin( groupboxlabel=#success)`
`SAP_TemplateInfoLine(~messageline)`

<br>

`SAP_TemplateNonEditableField("alias_name_RES",
fieldLabel=fieldLabel=#alias_name,

fieldLabelWidth="250",value=EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value,size="150")`

<br>

`SAP_TemplateNonEditableField("PASS_RES",
fieldLabel=EWEBIAC_HTML_LOGIN_FIELDS-PASS_RES.label,

fieldLabelWidth="250",value=EWEBIAC_HTML_LOGIN_FIELDS-PASS_RES.value,size="20")`

<br>

`SAP_TemplateNonEditableField("smtp",
fieldLabel=EWEBIAC_HTML_LOGIN_FIELDS-smtp.label,

fieldLabelWidth="250",value=EWEBIAC_HTML_LOGIN_FIELDS-smtp.value,size="100")`

<script language="JavaScript">
savecookie();
</script>
.....
<snip>

anyone have an idea of how I can get the variables passed from the
previous form into the cookie? Thanks!

 

[VK]

<[email protected]>

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...

document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

And so on with other cookies...

 

[Navillus]

<[email protected]>

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...

document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

And so on with other cookies...

Thank you friend, and if this works, I'll put those comments in there
just for fun

 

[Thomas 'PointedEars' Lahn]

<[email protected]>

You are trolling.

[...]
document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

Nonsense. `passwd' only needs to be escaped if it contained a
`;' as this is already the cookie value component delimiter;
a simple passwd.replace(";", "%3B") suffices.


PointedEars

 

[Navillus]

<[email protected]>

You are trolling.

[...]
document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

Nonsense. `passwd' only needs to be escaped if it contained a
`;' as this is already the cookie value component delimiter;
a simple passwd.replace(";", "%3B") suffices.


PointedEars

Could you clarify this for me please? Should I NOT use the javascript
the first guy suggested?

 

[Thomas 'PointedEars' Lahn]

[...]
document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

Nonsense. `passwd' only needs to be escaped if it contained a
`;' as this is already the cookie value component delimiter;
a simple passwd.replace(";", "%3B") suffices.
[...]

Could you clarify this for me please? Should I NOT use the javascript
the first guy suggested?

You should not, as you should treat everything VK posts here with extreme
care (ask Google for details).

Using escape() here would make the stored password value longer than it
needs to be and therefore consume more disk space of your user's storage
medium than necessary, while not providing for increased security at all
(which was probably the intention). For example, the short password

#a3%!?_&

would be stored in the cookie as

%23a3%25%21%3F_%26

(more than twice as long) if you used VK's code even though it could be
stored as is without negative effect. Note that is specified that user
agents must support cookie data up to 4 KiB; if you escape everything
always, the amount of real information that can be stored reliably is
considerably smaller.

Generally, it is enough for cookie data to escape the `;' and probably the
`=' character too in some way. This is necessary because the `;' character
is used to separate the cookie components, that are the cookie name-value
pair and the `path' component here, and the `=' character is used to
separate cookie name/component label and its value. So if you did not
allow for `;' and `=' in passwords (but you should; they are non-word
characters that increase password security), there would be no technical
need to escape anything here.

However, since we are talking about a password which probably allows for
access to sensitive data, you want to consider storing the password in
coded form so that not everybody who has access to the cookie file can
access it as is. Escaping the password with escape() is too insecure to do
that (because unescape() can "decode" that easily), so you should look for
a stronger encryption algorithm. If you do that, it is probably a Good
Idea not to use client-side scripting for encrypting that password only; if
you did, the encryption and decryption algorithms would be plain script
source in your HTML document or in an included script file and the security
level of your password encryption would be lower as it could be. (An
interesting approach is to store only the password checksum, like a MD5
checksum, instead of the password itself, on the client [cookie]. When
authenticating automatically, the client authenticates with the stored
checksum instead of the real password, and the server compares that
checksum against the checksum of the password stored in its database. If
they match, the authentication is successful. And only the user can know
the actual password, since trying all password combinations and comparing
their checksum against the checksum stored on disk [in the cookie] is
probably too much effort for the average cracker. But I am digressing )

You also want to consider using the `domain' component. If you set it to
the second-level domain of your associates site, all sub-level domains can
access the cookie later, too.

See <URL:http://en.wikipedia.org/wiki/HTTP_cookie>, RFC2109 (obsolete) and
RFC2965 for further information.


HTH

PointedEars

 

[VK]

Generally, it is enough for cookie data to escape the `;' and probably the
`=' character too in some way.
...
... and so on... and so on.... as usual...

<http://wp.netscape.com/newsref/std/cookie_spec.html>
NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma
and white space. If there is a need to place such data in the name or
value, some encoding method such as URL style %XX encoding is
recommended, though no encoding is defined or required.

<http://msdn.microsoft.com/workshop/author/dhtml/reference/properties/cookie.asp>
The value is passed to the JScript escape function to ensure that the
value only contains valid characters. When the cookie is retrieved, the
JScript unescape function should be used to translate the value back to
its original form.

<http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/guide/advtopic.html>
If name and value contain any semicolon, comma, or blank (space)
characters, you must use the escape function to encode them and the
unescape function to decode them.

Could you clarify this for me please? Should I NOT use the javascript
the first guy suggested?

You are welcome to use any of posted solutions or none of these. The
overall best approach would be to learn cookie mechanics and
JavaScript-driven form manipulation in order to take a conscious
choice. In case of lack of time you may drop a coin ;-)

 

[Thomas 'PointedEars' Lahn]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
I did not write that. You are trolling again.

<http://wp.netscape.com/newsref/std/cookie_spec.html>

The Netscape Cookie Specification has been obsoleted by the RFCs long ago.

NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma
and white space. If there is a need to place such data in the name or ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
value, some encoding method such as URL style %XX encoding is ^^^^^ ^^^^^^^^^^^^^^^^^^^^
recommended, though no encoding is defined or required.

^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


PointedEars

 

[Navillus]

<[email protected]>

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...

document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

And so on with other cookies...

I tried this, and it won't even create the cookies. I'm sorry I can't
be more descript than that. Before, when I used my old code, it would
at least initialize the cookie, but the values would be all messed up.
Can anyone help?

 

[Navillus]

<[email protected]>

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...

document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

And so on with other cookies...

I'm getting errors saying that the variables are undefined. I don't
think javascript easily recognizes SAP form variables. Any idea how to
get SAP form variables into a form that javascript will recognize?

 

[Thomas 'PointedEars' Lahn]

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...
[...]

I'm getting errors saying that the variables are undefined. I don't
think javascript easily recognizes SAP form variables.

Why do you not post (snippets of) _generated_ code, not generating one (as
little as I admittedly know about SAP, your "SAP code" does look like a
server-side template that merely _generates_ [X]HTML code), then leave the
assessment of what is easily possible or not with JavaScript (or another
ECMAScript implementation) to people who obviously do know more about the
subject than you (you would not ask here if it was not so, would you?)

Any idea how to get SAP form variables into a form that javascript will
recognize?

IMNSHO it is rather not a matter of JavaScript (or another ECMAScript
implementation) recognizing "SAP form variables" but a matter of what these
"variables" really are. Besides, "this guy"'s (FOAF's?) (X)HTML code is
not Valid markup already, which is what should be changed first; it is
entirely possible that "magically" everything "fixes" by itself then.

<URL:http://validator.w3.org/>


PointedEars

 

[tngd81]

<[email protected]>

You are trolling.

[...]
document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

Nonsense. `passwd' only needs to be escaped if it contained a
`;' as this is already the cookie value component delimiter;
a simple passwd.replace(";", "%3B") suffices.

And what would happen if passwd already contained the "%3B" string?
Only replacing ";" with "%3B" wouldn't help here since you wouldn't get
the original string back.

 

[Thomas 'PointedEars' Lahn]

[...]
document.cookie = 'password=' + escape(passwd) +'; path= /';

// cookie values need to be escaped (es well as cookie names
// if you use some strange chars in it which is not a case here)

Nonsense. `passwd' only needs to be escaped if it contained a
`;' as this is already the cookie value component delimiter;
a simple passwd.replace(";", "%3B") suffices.

And what would happen if passwd already contained the "%3B" string?
Only replacing ";" with "%3B" wouldn't help here since you wouldn't get
the original string back.

Yes, iff such values are possible, that has to be considered. The statement
that cookie values need to be (read: must always be) escaped as VK did is
wrong, though.


PointedEars

 

[Navillus]

Thomas,
Here's what the generated code looks like on the registration page.
Thanks for sticking with me on this:


<body id="webguiBody" leftmargin=0 topmargin=0
class="WebguiBodyScroll"
onLoad="webguiOnLoad(); webguiSetDocumentName();
SAP_WebFrameworkOnload();
checkChangeFlag= false; dataIsDirtyFlag= false; if(
window.SAP_TemplateOnloadFunction != null )
SAP_TemplateOnloadFunction();">

<form id=webguiform name="webguiform"
action="/scripts/wgate/ziac_register04b21d17/~flNlc3Npb249RDAxOkNJVFlERVZUUkVYOjAwMDAuMDAxMi41MTQ2ZmM4MS44MjM5Jn5odHRwX2NvbnRlbnRfY2hhcnNldD1pc28tODg1OS0xJn5TdGF0ZT0yMTM0My4wMDIuMDMuMDM="
method="post" target="_self"
onclick="webguiDoClick(event)" onfocus="webguiDoFocus(event)"
onkeydown="webguiDoKeyDown(event)" ondblclick="webguiDoDblClick(event)"<input type="hidden" name="~Menuitem" value="">
<input type="hidden" name="~Focusfield" value="">
<input type="hidden" name="~OkCode" value="">
<input type="hidden" name="~FKey" value="">
<input type="hidden" name="~Searchhelp" value="">
<input type="hidden" name="~Control" value="">
<input type="hidden" name="~Event" value="">
<input type="hidden" name="~EventParameter" value="">
<input type="hidden" name="~webguiUserAreaHeight" value="350">
<input type="hidden" name="~webguiUserAreaWidth" value="984">
<input type="hidden" name="~webguiRenderTime" value="0">
<input type="hidden" name="~webguiRequestTime" value="0">
<input type="hidden" name="~webguiStartRequestTime"
value="1140032060265">
<input type="hidden" name="~printdata_close" value="">
<input type="hidden" name="~webguiModalPixelLeft" value="">
<input type="hidden" name="~webguiModalPixelTop" value="">

<input type="hidden" name="~webgui_type_dynprodata" value="">
<input type="hidden" name="~webgui_modalwindow" value="">
<input type="hidden" name="~webgui_cursorobj" value="">
<input type="hidden" name="~webgui_cursorcol" value="">
<input type="hidden" name="~ctxmenurequest" value="">
<input type="hidden" name="~ctxmenuselected" value="">
<input type="hidden" name="~webguiWindowHeight" value="">
<input type="hidden" name="~webguiWindowWidth" value="">
<input id="~ToolbarOkCodeVisible" type="hidden"
name="~ToolbarOkCodeVisible" value="">
<div id="webguiContainer">
<div id="webguiUserArea">


<h2 style="font-style:arial" style="font-size:24pt">Online
Registration</h2>

<div nowrap class="SIgroupboxcontent" style="">

<span class="SIgroupboxheader" SAPDPT="1" >&nbsp;Online
Registration</span><img SAPDPT="1"
src="/sap/its/mimes/webgui/wa/scrindp/images/misc/1x1.gif"
class="SIgroupBoxCornerimage">
<div><div class="SIgroupBoxContentPadding" style="position:relative;
width:100%">




<script language="JavaScript"
src='/sap/its/mimes/webgui/wa/scrindp/scripts/msiexplorer/editablefield.js'>
</script>
<span id="alias_name" >
<script>SAP_TemplateEditableFieldInit( "alias_name", "User Id",

"200", "", "40", "User Id is freely definable. Email address
can be used if it is forty characters or less.", "" );
</script>

<div nowrap style="margin-top:0;">

<span
id="alias_name:fieldLabel"
class="SIfieldlabel"
style="width: 200; "

title="User Id">&nbsp;&nbsp;User Id&nbsp;
<span class="SIrequiredfield">*</span>
&nbsp;&nbsp;&nbsp;</span>

<input
id="alias_name:value" title="User Id" class="SIinput" type="text"
name="ewebiac_html_login_fields-alias_name[1]"size="40"
tabindex="2"
value="" maxlength="40"
<span id="alias_name:inspectionText" class="SIinspectiontext"

title="User Id is freely definable. Email address can be used if
it is forty characters or less."

&nbsp;&nbsp;&nbsp;User Id is freely definable. Email address can
be used if it is forty characters or less.

</span></div>

</span>



<span id="account" >
<script>SAP_TemplateEditableFieldInit( "account", "Account
Number",
"200", "", "12", "", "" );
</script>

<div nowrap style="margin-top:0;">

<span
id="account:fieldLabel"
class="SIfieldlabel"
style="width: 200; "

title="Account Number">&nbsp;&nbsp;Account Number&nbsp;
<span class="SIrequiredfield">*</span>
&nbsp;&nbsp;&nbsp;</span>

<input
id="account:value" title="Account Number" class="SIinput" type="text"
name="ewebiac_html_login_fields-vkont[1]"size="12"
tabindex="3"
value="" maxlength="12"
<span id="account:inspectionText" class="SIinspectiontext"

</span></div>

</span>



<span id="NEW_PASS" >
<script>SAP_TemplateEditableFieldInit( "NEW_PASS", "Password",
"200", "", "8", "Maximum length is eight characters.", "" );
</script>

<div nowrap style="margin-top:0;">

<span
id="NEW_PASS:fieldLabel"
class="SIfieldlabel"
style="width: 200; "

title="Password">&nbsp;&nbsp;Password&nbsp;
<span class="SIrequiredfield">*</span>
&nbsp;&nbsp;&nbsp;</span>

<input
id="NEW_PASS:value" title="Password" class="SIinput" type="password"
name="ewebiac_html_login_fields-new_pass[1]"size="8"
tabindex="4"
value="" maxlength="8"
<span id="NEW_PASS:inspectionText" class="SIinspectiontext"

title="Maximum length is eight characters."

var passwd = document.forms['MyFormName'].
elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

// JavaScript doesn't resolve variables inside strings, it's not Perl
here
// And what an ugly name with *minus* in it which is always a call for
troubles :-(
// But it's your solution anyway...
[...]

I'm getting errors saying that the variables are undefined. I don't
think javascript easily recognizes SAP form variables.

Why do you not post (snippets of) _generated_ code, not generating one (as
little as I admittedly know about SAP, your "SAP code" does look like a
server-side template that merely _generates_ [X]HTML code), then leave the
assessment of what is easily possible or not with JavaScript (or another
ECMAScript implementation) to people who obviously do know more about the
subject than you (you would not ask here if it was not so, would you?)

Any idea how to get SAP form variables into a form that javascript will
recognize?

IMNSHO it is rather not a matter of JavaScript (or another ECMAScript
implementation) recognizing "SAP form variables" but a matter of what these
"variables" really are. Besides, "this guy"'s (FOAF's?) (X)HTML code is
not Valid markup already, which is what should be changed first; it is
entirely possible that "magically" everything "fixes" by itself then.

<URL:http://validator.w3.org/>


PointedEars

 

[Thomas 'PointedEars' Lahn]

Thomas 'PointedEars' Lahn said the following on 2/8/2006 5:49 PM:

You are trolling.

It looks more like you are. If you weren't so Hitler-like [...]

You foolish child don't have a single clue about World War II and the
atrocities the Hitler regime commanded, have you? That one is fulfilling
Godwin's Law[1] again anyway. You have lost one time too often now.
*PLONK*


PointedEars
___________
[1] <URL:http://en.wikipedia.org/wiki/Godwin's_Law>

 

[Randy Webb]

Thomas 'PointedEars' Lahn said the following on 2/15/2006 9:33 PM:

Thomas 'PointedEars' Lahn said the following on 2/8/2006 5:49 PM:

VK wrote:
<[email protected]>
You are trolling.

It looks more like you are. If you weren't so Hitler-like [...]

You foolish child

A "foolish child"? That is laughable considering I was probably out of
school before you were born.

don't have a single clue about World War II and the
atrocities the Hitler regime commanded, have you?

Considering that I have written at least three major papers on Adolf
Hitler, yes, I think I have a "single clue" about World War II and the
atrocities committed by the Hitler regime and the German people in his name.

That one is fulfilling Godwin's Law[1] again anyway.

<quote cite="YOUR Wiki reference">
As an online discussion grows longer, the probability of a comparison
involving Nazis or Hitler approaches 1.
</quote>

Considering that it took 5 posts for me to point out *your well
documented* behavior, that is not a "discussion growing longer". You
should learn to read and understand what you write/quote/post.

You have lost one time too often now.
*PLONK*

FINALLY. That means I can correct your babbling nonsense without having
to listen/read your trolling behavioral comebacks. And it only took me,
what, 4 months of trying to get you to killfile me so that I don't have
to read your pedantic behavioral replies to me?

PointedEars
___________
[1] <URL:http://en.wikipedia.org/wiki/Godwin's_Law>

Please, in the future, use a properly delimited signature in accordance
with the "Usenet Guidelines and RFC's" that you like to point at so often.

 

[Thomas 'PointedEars' Lahn]

Thomas,
Here's what the generated code looks like on the registration page.
Thanks for sticking with me on this:
[...]

Sigh. [psf 10.1]

I should have emphasized more that a _short snippet_ would have sufficed.

Anyway, as I said the generated code is not Valid markup. When it is
included in otherwise Valid HTML 4.01 Transitional, the W3C Validator
finds 28 errors.

Not considering those errors, VK's suggestion was

,-[news:[email protected]]
|
| var passwd = document.forms['MyFormName'].
| elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

First, there is no form element named "MyFormName" in the generated code,
but one named "webguiform"; the former was merely an example since VK could
not know about the actual form name.

Second, there is no form control with name
"EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES" in the generated code, but one
named "ewebiac_html_login_fields-alias_name[1]". ISTM now that the former
suggestion of VK's was based on both a misconception on your side about the
use of SAP identifiers in J(ava)Script string literals and SAP templates --

,-[news:[email protected]]
|
| document.cookie = 'password=
^- begin of string
| EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value; path= /';
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^- end of string

--, and a resulting misinterpretation on VK's side of your SAP code which
reads (word-wrapped)

| `SAP_TemplateNonEditableField("alias_name_RES",
^^^^
| fieldLabel=fieldLabel=#alias_name,fieldLabelWidth="250",
^^^^^^^^^^^
| value=EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value,size="150")`
^^^^^^^^^^^^^^

where `EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES' is probably merely an SAP
identifier as indicated by the following `.value', probably some kind of
property access in SAP templates. You observe that "_RES.value" appears
to be replaced with "[1]" in the generated code; probably _RES.value is
some kind of counter in the template.

I suggest that you fix your markup, and then use the actual control names in
your client-side script, where you will have to use string concatenation for
the values of those controls to be included in string values of course:

document.cookie = 'password=' + escape(passwd) + '; path=/';
^^^^^^^^^^^^^^[1]

[1] Assuming that the password may contain ";" and "%", and no
encryption is used instead; use unescape() and equivalent
algorithms to decode the password then, see

It is probably prudent to make the client-side script code a part of
the SAP template so that you can make use of the respective template
macro ("`...`"), maybe this way (example!):

var passwd = document.forms['`macro1`'].elements['`macro2`'].value;

But that is merely an educated guess; I do not know enough about
SAP templates (yet).

[Top post]

Please do not do that again.

<URL:http://jibbering.com/faq/faq_notes/pots1.html#ps1Post>
<URL:http://www.safalra.com/special/googlegroupsreply/>


HTH

PointedEars

 

[Navillus]

Thomas,
I'm sorry, I'm really not very fluent in javascript at all. I think I
understand the jist of what you're suggesting, but I'm wondering if you
could show me a more correct example of javascript code that will work
(since VNs didn't).

Really, at this point, all I'd like to be able to do is store the
username and password from that form into javascript variables. I'll
bring up the encryption concerns with my friend once it works. At the
moment I just would like to get the variables stored. Can you show me
how *you* would attempt to store the user/pass combo from the form as
javascript variables? Thank you again for the help.

-Chris

Thomas,
Here's what the generated code looks like on the registration page.
Thanks for sticking with me on this:
[...]

Sigh. [psf 10.1]

I should have emphasized more that a _short snippet_ would have sufficed.

Anyway, as I said the generated code is not Valid markup. When it is
included in otherwise Valid HTML 4.01 Transitional, the W3C Validator
finds 28 errors.

Not considering those errors, VK's suggestion was

,-[news:[email protected]]
|
| var passwd = document.forms['MyFormName'].
| elements['EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES'].value;

First, there is no form element named "MyFormName" in the generated code,
but one named "webguiform"; the former was merely an example since VK could
not know about the actual form name.

Second, there is no form control with name
"EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES" in the generated code, but one
named "ewebiac_html_login_fields-alias_name[1]". ISTM now that the former
suggestion of VK's was based on both a misconception on your side about the
use of SAP identifiers in J(ava)Script string literals and SAP templates --

,-[news:[email protected]]
|
| document.cookie = 'password=
^- begin of string
| EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value; path= /';
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^- end of string

--, and a resulting misinterpretation on VK's side of your SAP code which
reads (word-wrapped)

| `SAP_TemplateNonEditableField("alias_name_RES",
^^^^
| fieldLabel=fieldLabel=#alias_name,fieldLabelWidth="250",
^^^^^^^^^^^
| value=EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES.value,size="150")`
^^^^^^^^^^^^^^

where `EWEBIAC_HTML_LOGIN_FIELDS-alias_name_RES' is probably merely an SAP
identifier as indicated by the following `.value', probably some kind of
property access in SAP templates. You observe that "_RES.value" appears
to be replaced with "[1]" in the generated code; probably _RES.value is
some kind of counter in the template.

I suggest that you fix your markup, and then use the actual control names in
your client-side script, where you will have to use string concatenation for
the values of those controls to be included in string values of course:

document.cookie = 'password=' + escape(passwd) + '; path=/';
^^^^^^^^^^^^^^[1]

[1] Assuming that the password may contain ";" and "%", and no
encryption is used instead; use unescape() and equivalent
algorithms to decode the password then, see

It is probably prudent to make the client-side script code a part of
the SAP template so that you can make use of the respective template
macro ("`...`"), maybe this way (example!):

var passwd = document.forms['`macro1`'].elements['`macro2`'].value;

But that is merely an educated guess; I do not know enough about
SAP templates (yet).

[Top post]

Please do not do that again.

<URL:http://jibbering.com/faq/faq_notes/pots1.html#ps1Post>
<URL:http://www.safalra.com/special/googlegroupsreply/>


HTH

PointedEars

 

[Thomas 'PointedEars' Lahn]

I'm sorry, I'm really not very fluent in javascript at all.

It is not a J(ava)Script issue.

I think I understand the jist of what you're suggesting, but I'm wondering
if you could show me a more correct example of javascript code that will
work (since VNs didn't).

(_VK's_.)

I thought it to be obvious that the names in your client-side script must
correspond to the names of the controls in the generated markup, but FWIW,
here you are:

<head>
...
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script type="text/javascript">
function saveCookie(f)
{
var es;
if (f && (es = f.elements))
{
user = es['ewebiac_html_login_fields-alias_name[1]'].value,
passwd = es['ewebiac_html_login_fields-PASS[1]'].value;

document.cookie = 'name=' + escape(user) + '; path=/';
document.cookie = 'password=' + escape(passwd) + '; path=/';
}

return true;
}
</script>
...
</head>

<body>
...
<!-- this form would have to be generated by the SAP template -->
<form action="register_URL" name="webguiform" ...
onsubmit="return saveCookie(this);">
...
<input ... name="ewebiac_html_login_fields-alias_name[1]">
<input type="password" name="ewebiac_html_login_fields-PASS[1]">
...
<input type="submit" ...>
</form>
...
</body>

The only difference to your approach, if I understood you correctly, is that
the cookie is not set before one really confirms the registration (and if
client-side script support is not present, not even then; see below).

Whether that qualifies as a solution to your problem is a different thing,
though, since what you are really doing is still unclear (to me).

Really, at this point, all I'd like to be able to do is store the
username and password from that form into javascript variables.
[...]

I can only hope that you will eventually be able to implement that from the
example above. If you cannot do it then, sorry, this job is very likely to
be way over your head.

Can you show me how you would attempt to store the user/pass combo from
the form as javascript variables?

Certainly I would not use client-side scripting to retrieve values that I
just generated server-side with the template, but send the Set-Cookie(2)
HTTP header(s) to set the cookie accordingly instead when serving the
resource specified with register_URL above. Reconsidering this, I would
not even use cookies at all if it can be avoided with session variables.

[Top post again]

Some people seem to need it bluntly...

I have given you enough pointers regarding your inappropriate posting style
already. Your repeated disregarding of that is a sign that you do not care
about your readers. One more of that and you will be killfiled here.

You have been warned.


Score adjusted

PointedEars

 

[Thomas 'PointedEars' Lahn]

function saveCookie(f)
{
var es;
if (f && (es = f.elements))
{
user = es['ewebiac_html_login_fields-alias_name[1]'].value,
passwd = es['ewebiac_html_login_fields-PASS[1]'].value;

Variables should be declared, of course. Replace the two lines above with

var user = es['ewebiac_html_login_fields-alias_name[1]'].value,
var passwd = es['ewebiac_html_login_fields-PASS[1]'].value;

document.cookie = 'name=' + escape(user) + '; path=/';
document.cookie = 'password=' + escape(passwd) + '; path=/';
}

return true;
}

PointedEars