salesforce how to login with javascript without security token

OAuth2 is a security implementation that allows users to access their Salesforce data without having to enter their user/password in an untrusted application or do nasty token management themselves.

Salesforce has a guide on how to implement OAuth2 for web sites. It can be difficult to set up if you don't have any experience with OAuth2, but there are plenty of guide available.

I would also recommend using something like Firefox's RESTClient addon (or something like it) to test the use of OAuth2 to get a feel for authenticating against Salesforce .

Are you sure you have white listed the IP?

I strongly belive if you get the IP of server where your custom login page is hosted and put that in list of white listed IP's then User will not required to enter their security token.

to find the ip of your server(where your page is hosted) - try to login with your custom login page - login into SFDC and go to setup -> user profile-> login history

there you will see last login from IP

Copy above IP and

Again go into Setup -> Security control -> Remote site setting

and add above copied IP.

this way SF will not required security token when user is login from that IP.

http://ap1.salesforce.com/help/doc/en/configuring_remoteproxy.htm

Use this code for just login:

https://login.salesforce.com?un="+username+"&pw="+password+"&startURL=/apex/somepage