Cleaning entered username at login
On our portal the username for most users is their email without the "@domain". However we are getting about 1/4 of login failures that have this as part of their username. To fix this, I changed the javascript on the login function so that it replaces that string.
Tested with IE and Firefox and everything works, would like to get any comments on browser and security issues before moving to production.
File: /opt/luminis/webapps/luminis/jsp/portal/login.jsp
Replace:
function login()
{
setQueryAsCookie();
document.cplogin.user.value=document.userid.user.value;
document.cplogin.submit();
}
With:
function login()
{
setQueryAsCookie();
document.cplogin.user.value=(document.userid.user.value.replace(/@nwmissouri.edu/i,""));
document.cplogin.submit();
}
- baumli's blog
- Login or register to post comments
Hack Your Knowledge
Recent blog posts
- Luminis IV GCF Single Sign On with OSX=Failure PC=Working
- Cisco 4710 - Load Balancer
- First CPIP - ERROR
- Luminis Developer Job Available w/ Stable Organization
- Luminus Developer Job
- SSO to SSB mixed content error in IE
- Avoid email sending when add or delete user from group
- Luminis components
- Luminis 4 & Groupwise 7
- Luminis Developer Needed for Position w/ Stable Organization
Developer Links
Poll
- Login or register to post comments
- Older polls
Syndicate
Comments
Should be fine
I can't foresee any security or browsers issues with this (barring somebody having a user id with the domain name in it!). All you are doing is selectively replacing some text that the user types in...meaning you are working in the same security boundaries that the user has (client-side scripting). I hope this clears that up.