Password protected webpage Need Help Newbie

Discussion in 'JavaScript' started by burkem, Feb 23, 2009.

0
  1. #1
    Hi all

    I need some help to make this script work. I want to allow a user to enter a designated password to alow them access to a particular webpage that open once they have entered the correct password I realise that it isnt the most secure password protection but that doesnt matter, its just a bit of a deterant only, I quite new to Javascript, so i really need some help.

    What code should I enter in the if statement to open a particular webpage.
    My codes below.

    Thanks
    Mark
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    <script language="javascript">
    <!--
    function Validate()
    {
    var valid=false;
    var password=document.forms[0].elements[0].value;
    if(password==keepout)

    alert("Wecome to my private stuff");
    valid=true;
    } else
    {
    alert("You do not have access to my private stuff");
    }
    return valid;
    //-->
    </script>

    </head>

    <body>
    <form method="post" onsubmit="return Validate()">
    <label><strong>Please Enter Password:
    </strong>
    <input name="Password" type="password" size="10" maxlength="10">
    </label>
    <br>
    <label></label>
    <p>
    <label>
    <input type="submit" name="Submit" value="Submit" />
    </label>
    <label>
    <input type="reset" name="Clear" value="Clear" />
    </label>
    </p>
    </form>

    <p>&nbsp;</p>
    </body>
    </html>
     
    burkem, Feb 23, 2009 IP
  2. ActiveFrost

    ActiveFrost Notable Member

    Messages:
    2,072
    Likes Received:
    63
    Best Answers:
    3
    Trophy Points:
    245
    #2
    I don't see a definition of this keepout variable ! Before you can use it, you need to asing something to it !
    <script type="text/javascript">
var keepout = "mypassword";
alert(keepout);
</script>
    HTML:
     
    ActiveFrost, Feb 23, 2009 IP
  3. xlcho

    xlcho Guest

    Messages:
    532
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    0
    #3
    This is the most insecure way of protecting a web page. First of all, you don't redirect the user, you just submit the form. Even if you were doing something else, it will be visible to everybody that opens the source of your page, so everybody that clicks "view source" will be able to go to the page without entering the pass. ActiveFrost is right about the variable and here is the next problem - if you want to keep the validation the way it is now - everybody will be able to see the password as it needs to be written as plain text in the code.. Access validation should never be done client-side as you are trying.. Easiest way is to submit the form and then check the password via some server side language (PHP, ASP, etc.). Another way is to change your "function Validate()" to send an AJAX request that checks the password, but if you are new to JS this might be a difficult task for you. Anyway - what you are trying to achieve is very insecure!
     
    xlcho, Feb 23, 2009 IP