I made this JavaScript that password protects a page. But the password you type in is completely visible! I want it so that the password are those black dots for each letter.... If anybody gots anything, please post it here, thx. Oh yea, here is the script

<HTML>
<BODY>
<SCRIPT>
function passWord() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password',' ');
while (testV < 3) {
if (!pass1) 
history.go(-1);
if (pass1.toLowerCase() == "cheese") {
alert('You Got it Right!');
window.open('protectpage.html');
break;
} 
testV+=1;
var pass1 = 
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1.toLowerCase()!="password" & testV ==3) 
history.go(-1);
return " ";
} 
</SCRIPT>
<CENTER>
<FORM>
<input type="button" value="Enter Here" onClick="passWord()">
</FORM>
</CENTER>
</BODY>
</HTML>

I made this JavaScript that password protects a page. But the password you type in is completely visible! I want it so that the password are those black dots for each letter.... If anybody gots anything, please post it here, thx. Oh yea, here is the script

<HTML>
<BODY>
<SCRIPT>
function passWord() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password',' ');
while (testV < 3) {
if (!pass1) 
history.go(-1);
if (pass1.toLowerCase() == "cheese") {
alert('You Got it Right!');
window.open('protectpage.html');
break;
} 
testV+=1;
var pass1 = 
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1.toLowerCase()!="password" & testV ==3) 
history.go(-1);
return " ";
} 
</SCRIPT>
<CENTER>
<FORM>
<input type="button" value="Enter Here" onClick="passWord()">
</FORM>
</CENTER>
</BODY>
</HTML>

You do realize that you have the raw password "cheese" in javascript. Anyone that wants to can just view the source of the page, see the password then type it in. There's really no way to authenticate users on the client-side only and not be completely insecure.

You can at least use this:

<input type="password" name="pass" id="pass" />

When the user clicks the button use javascript to get the value of the field and do whatever you want.
But you shouldn't use javascript for password authentication

You do realize that you have the raw password "cheese" in javascript. Anyone that wants to can just view the source of the page, see the password then type it in. There's really no way to authenticate users on the client-side only and not be completely insecure.

Thanks, I didn't realize that until now....

You do realize that you have the raw password "cheese" in javascript. Anyone that wants to can just view the source of the page, see the password then type it in. There's really no way to authenticate users on the client-side only and not be completely insecure.

What should I use besides JavaScript to password protect a page?

What should I use besides JavaScript to password protect a page?

A serverside language. PHP, JSP, ASP, etc. etc.

This article has been dead for over six months. Start a new discussion instead.