what to do

This maybe help:
<input type="button" value="Login" onclick="loadimage();" /> function loadimage(_imagepath) { var username= document.getElementById('username').value; var password= document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm";

Edit: added code tags

dud i;m to stupid :))) cant get it

Okay so I get the idea i might need to translate some over for the use of URLing. does username need to be translated as well?

Since this level can be kind of hard for those that haven’t used much javascript before, I decided to go trough the code function by function. I hope someone will find this post useful.

I would strongly recommend you to try to solve the level yourself before reading this post. I’m not going to give away the password, but reading this explanation might take away large parts of the level.

First some background. This level is based on something called AJAX (http://en.wikipedia.org/wiki/Ajax_(programming). It is essentially javascript sending and receiving data to the server after the page has loaded, without the need to reload the page. Ajax is used almost everywhere nowadays, the feed to the right on this site is updated using ajax. So is the feed on facebook, twitter and most other sites.

Anyway, let’s start from the beginning.
<input type="button" value="Login" onclick="loadimage();" />
This line, as you most likely know by now, is the HTML code for the Login button. When the button is clicked a (javascript) function called “loadimage” is called.

To simplify things I’ve broken it into two parts;
function loadimage(_imagepath) { var username = document.getElementById('username').value; var password = document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm"; imagepath = URL; document.getElementById("status").innerHTML = 'Checking details...'; // ...
The first 2 lines of the function should be pretty self-explanatory, it grabs the value of the username and password and saves them to two variables.

The third line then uses these two values to create a variable called URL. For example, with a username “USER” and the password “PASS” we would get a URL variable with the value “members/USER PASS.html”.

The next few lines are quite uninteresting. Do notice though that the variable “imagepath” is set the the same value as URL.

        // ...  
    req = getreq();  
 req.onreadystatechange = imagexists;  
    req.open("get", imagepath, true);  
   req.send(null);  
}```  
This is where things get a bit weird if you haven't used ajax before. The first line uses a function "getreq". This function isn't very interesting, and i see no point in going into much detail about it, but what it essentially does is creating a new, and empty, "ajax request".   

Next line, "req.onreadystatechange = imagexists;", sets a callback function to the ajax request. Simply put, this function will be called when the request changes status (keep in mind that we haven't sent it yet though).  

The last two lines are responsible for sending the request. The open method's first three arguments, as can be seen [here](http://docs.webplatform.org/wiki/apis/xhr/methods/open), are "method", "url" and "async".  
In our example, we are sending a "GET" request to the url imagepath (remember, we set this variable earlier in the function). The last parameter is not important to us.  

finally, the function called when the status  of the ajax request changes.  

if(req.readyState == 4) {
if(req.status == 200) {
document.getElementById(“status”).innerHTML = ‘Correct!’;
document.location = “/levels/r2.php?in&user=” + document.getElementById(‘username’).value + “&pass=” + document.getElementById(‘password’).value;
} else {
document.getElementById(“status”).innerHTML = ‘Incorrect username/password’;
}
}
}```
The first if statement, readyState == 4, checks whether the request is done or not (https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#Properties).

If it is, it goes on the check if the status code (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes) is 200 (OK). If it is, you have entered a correct password and you’ll pass the level.

Another great post verath, thank you

Am I suppose to send something to get the user and pass, or am i suppose to bypass it?

You should read the post of verath carefully he explains everything.
but the most important part for solving the level (you should read the whole thing to understand everything) is the 2nd code:
function loadimage(_imagepath) { var username = document.getElementById('username').value; var password = document.getElementById('password').value; URL= "members/" + username + " " + password + ".htm"; imagepath = URL; document.getElementById("status").innerHTML = 'Checking details...'; // ...
as previously posted by coolet..

Good luck

Thanks, got it done now that I know what I’m looking for.

man….. i love this hacker bussiness………………………..:)

Way too confusing :/

56

Look guys I’m only a girl and I can understand what verath is on about. The main thing to look at is the way it uses: URL= “members/” + username + “ ” + password + “.htm”; what in effect it is doing is posting into the url : http://www.hackthis.co.uk/levels/r2.php?in&user=*******&pass=****** but there is a way to find the username and password. What is this telling you? URL= “members/” + username + “ ” + password + “.htm”; look at it. Understand it. It’s simple. Use your head. ColdIV posted this:

Code:
function loadimage(_imagepath) {
var username = document.getElementById(‘username’).value;
var password = document.getElementById(‘password’).value;
URL= “members/” + username + “ ” + password + “.htm”;
imagepath = URL;
document.getElementById(“status”).innerHTML = ‘Checking details…’;

the most interesting part is the URL=

How can you say Calzs34 that it is Way too confusing :/
Come on guys, I’m only a girl and I did it before reading any of this forum post.

Whoa a girl… Anyway, yeah I’m sorta getting the hang of it. Just gotta look in the right places.

Hi Alexspencer: What you mean with “Whoa a girl…” are girls not supposed to be into computers or how these machines work? Guess what I do for my job?? Anyway, I want to know how things work. I don’t want to hack to harm anyone of anything. I’m not a cracker in fact I’m not a hacker either. Just a female who can enjoy the challenge of this site as well as one or two others. Have a great weekend people. Happy Hackin' and stuff! :)

Girls can do what they want! I was just making a joke because you usually don’t see girls on something like this. Just the truth. But I’m glad to see that you enjoy learning about this stuff, too. I’m pretty new to learning how all this works, I’m really enjoying the “REAL” levels.

….. will you marry me? :P

Alexspencer : I didn’t mean anything you said was wrong. You are quite correct, not too many of us girls on here. Should be more. What do you guys think? Is there room for more of us? Ha! Ha! Ha! :) Hey if you really like the REAL levels on here, have you tried them on hackthissite.org? Have a great weekend. :) and “donaldbyers6541 ” No! :)

Woo! Thanks, Trinity. I think this might become a new thing for me. It’s addicting trying to solve these things, they’re like puzzles. Happy “Hacking”!

Hi Trinity, I’ve not been on for a while Doll. Nice to see you are still around. I’ve been a bit ill but Im ok now.
Must give you a bell and have a chat. Won’t cost too much as I know you have skype, Take care abd have a great weekend Doll. :)

trinity….. just because you are a girl it doesnt make it more hard for you its just girls dont like these kind of stuff(when i see it) anyway thanks and no offence not begin sexist just my opinion thanks

how do you figure out the values of ‘username’ and ‘password’?

Think of a certain page that might list all the users and their passwords.

And yeah Trinity, it doesn’t matter if you’re a girl or not. =P

Im so stuck i dont know how open the javascript for see the list of user help me pls…