PDA

View Full Version : Login dialog



albeva
11 Jul 2008, 4:30 PM
Hi guys

I was looking for a nice and simple LoginDialog extension but didn't find anything. So I made my own and now want to share it. Hope that it is useful.

http://fbdevzone.com/logindlg/logindialog_1_0b.png

It is simple to use and highly configurable. The package has a README file and both minified and non-minified versions.

Please let me know what you guys think of it

Demo & download : http://fbdevzone.com/logindlg/

Fabyo
11 Jul 2008, 6:06 PM
Tip, exchange by Tab enter

tobiu
11 Jul 2008, 11:50 PM
hi albeva,

i'm short in time right now.
the dialog looks nice and the code clean.

suggestion: password should not get the type "alphanum".


kind regards, tobiu

albeva
12 Jul 2008, 3:26 AM
Fabyo : What you mean by that?

tobiu : You probably right actually. But there is passwordVtype config option to set it.

mjlecomte
12 Jul 2008, 7:11 PM
Did you consider doing any salting, encrypting, etc. of the posted password as opposed to sending in it's plan text form?

albeva
13 Jul 2008, 4:28 AM
I think it would be nice to have. Howver not certain how this should be done. But you can catch "submit" event and encrypt your password manually I guess...

mabello
16 Jul 2008, 5:53 AM
I like the extension, well done!

About the encryption:

Encrypting password client-side does not help.
Consider this: I "sniff" the encrypted password from a packet: I don't need to know what is the real (decrypted) password, in fact I can use the "sniffed" encrypted password to login in the system :)

galdaka
16 Jul 2008, 7:30 AM
My extension. SInce february.

http://extjs.com/learn/Extension:Domino_authentication

Greetings,

mjlecomte
16 Jul 2008, 8:00 AM
I like the extension, well done!

About the encryption:

Encrypting password client-side does not help.
Consider this: I "sniff" the encrypted password from a packet: I don't need to know what is the real (decrypted) password, in fact I can use the "sniffed" encrypted password to login in the system :)

To clarify I wasn't suggesting the encryption used server side would be the same salt/encryption used client side. I would employ a different salt/encryption/hash client side possibly just to obscure the password so it was not so plainly visible in the client so easily. Server side would employ it's own salt/encryption to talk with the database securely on the backend.

I gather using https helps with some of this, but if you're using http seems like some degree of obscurement might be better.

jay@moduscreate.com
16 Jul 2008, 9:05 AM
Nice. but why use alert instead of Ext.MessageBox.alert?

albeva
16 Jul 2008, 1:19 PM
Tnx guys.

About client side encyption - In some case it might be a good idea. To "confuse" possible sniffers. Especially if encryption key is changed per every request. It won't mean it's that much more secure mind you - but might help a little. I think I will add callback option "encrypt" and you can provide your own function. For easy integration.


Ext.ux.albeva.LoginDialog({
encrypt : function (pswd) { return md5(pswd); } // this is example. You could use any encyryption method suitable for you
})



but why use alert instead of Ext.MessageBox.alert? What you mean? That I show "Login denied" on the dialog itself? I didn't wan't to have yet another dialog to popup on top of it. "failure" event is raised when request fails. You can use this to customize login failure report to your liking.

galdaka - I saw your extension. It is nice - Great Job. However it is heavy. Didn't suit my needs that well. I did credit you in the readme file supplied with the download. I used an Icon from your package and an idea of having "info" area. Hope you don't mind.

Fabyo
28 Nov 2008, 6:48 PM
I made some improvements in its code, now he validate the fields and press the enter key when he focus the field, where the 2 fields are not empty press the enter and submit ()



submit : function ()
{

var login = Ext.getCmp(this.usernameId);
var senha = Ext.getCmp(this.passwordId);

if(Ext.isEmpty(login.getValue())) {
login.focus();
return false;
}

if(Ext.isEmpty(senha.getValue())) {
senha.focus();
return false;
}

LoginDialog is perfect

thanks

zhw511006
28 Nov 2008, 7:00 PM
where is your extension?
it can't open !

Fabyo
29 Nov 2008, 6:36 PM
http://fbdevzone.com/logindlg/

zhw511006
30 Nov 2008, 6:38 AM
Thank you for helping !

albeva
2 Dec 2008, 8:34 PM
I made some improvements in its code, now he validate the fields and press the enter key when he focus the field, where the 2 fields are not empty press the enter and submit ()



submit : function ()
{

var login = Ext.getCmp(this.usernameId);
var senha = Ext.getCmp(this.passwordId);

if(Ext.isEmpty(login.getValue())) {
login.focus();
return false;
}

if(Ext.isEmpty(senha.getValue())) {
senha.focus();
return false;
}

LoginDialog is perfect

thanks

That's a nice idea. thanks. I will update the loginDialog with few other cleanup and fixes and additions. Thanks.