<h3>Administrator Login Here:</h3>

  <input type="text" name="text2">
<input type="password" name="text1">
  <input type="submit" value="Check In" name="Submit" onclick=javascript:validate(text2.value,"admin",text1.value,"admin") >

<script language = "javascript">
function validate(text1,text2,text3,text4)
 if (text1==text2 && text3==text4)
  alert("You should'nt be there");
function load(url)

this code is working fine in IE but not in mozilla-firefox. when I click the submit button nothing happens in firefox.....what can be done?....thanks

9 Years
Discussion Span
Last Post by bruceshining

Your code is far from being a proper XHTML document, but works in IE, since its really forgiving. A few things:

  • All the form elements should go in the form tag. Its only when they go inside the form tag, a name attribute given to them is valid, otherwise name attribute for non-form elements is deprecated.
  • The language attribute of <script> tag is deprecated. Use 'type ' instead. Something like <script type="text/javascript">.
  • Its always recommended to place your script in the header section or include it at the bottom of your page.
  • The way you are accessing the elements is completely wrong. One possible way would be to just pass the form element to the validate function and let the function pull out values from the form. Something like this: <input type="submit" value="Push" onclick="validate(this.form);" />

I would recommend you to get hold of a good tutorial (google is your friend) and start some serious reading.


thanks got it working....
another thing, can you tell me how to get a login dialog box at the start i.e "on loading" of a page?


Erm.. not using javascript. It's not a good way to adequately password protect pages. The best you can do with javascript is:

- hide everything but the password form on the page (wrap everything in an html element, set display:none; or visibility:hidden; in css) unless the user enters the correct password (then set everything visible, using display:; or visibility:visible; respectively). unfortunately, everything on the page can be seen using view > source.
- have the page redirect when the user enters the correct password ( as you're doing here ); again, anyone can look at the source, and find out the URL of the restricted page.
- the best javascript 'password protection' i've seen did this: have a page with a password form; when the user enters anything in the password field; the script redirects to a folder with the name of the correct password; the basic principle is, that it's difficult for the average user to know where the folders on a webserver are, unless you give some hint ( links, common folder names, etc ). every incorrect guess will redirect to some unmapped location on your server; not ideal, but it restricts access. the bad point here, is that any user watching an 'admin' can see what the password-named folder is.. but, it's the best javascript password restriction method that I can imagine. You could take it a step further, and transform the password entered by some text/ascii math function before redirecting, but, the script suffers from the same vulnerability I mentioned if someone sees an admin login, although, its less obvious if the function generates some long non-dictionary string of characters.

the real solution, is not to use javascript for password restriction. use some method server-side that only sends pages to users that are authorized.

aswell as a good set of tutorials for javascript, some for basic server side authorization, and somewhere in there the client-protocol-server relationship, would be quite useful...

If you want to go ahead with JS validation regardless of that advice, and you just want an input dialog to pop-up; this code _should_ do that:
I haven't tested it atall, but it looks alright, although it's old-school quirks mode HTML. It would need the same fixes as s.o.s mentioned with regard to your posted code in order to make it 'new standards compliant'

Votes + Comments

Another issue with the code that is shown...
(this may ony be a problem with older browsers).
You have given the submit butten a "name" of "submit".
I strongly suggest you name it something else becasue it can cause a name conflict with the form.submit() method and cause form submits to fail.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.