Popup not working

[unplugged_web]

I'm trying to create a pop up box that asks for a password but I can't seem to get it to work. I've got this

<SCRIPT>function passWord() {var testV = 1;var pass1 = prompt('Please Enter Your Password',' ');while (testV < 3) {if (!pass1) history.go(-1);if (pass1.toLowerCase() == "password") {window.open('/resources_admin');break;} testV+=1;var pass1 = prompt('Access Denied - Sorry you don't have access to this page','Password');}if (pass1.toLowerCase()!="password" & testV ==3) history.go(-1);return " ";} </SCRIPT>

With the button looking like this

<a class="btn btn-restricted" id="passWord">Protected Access</a>

I've not getting any errors at all but the popup isn't working either. I've checked and popups isn't disabled either.

[JamesB]

 

prompt('Access Denied - Sorry you don't have access to this page','Password');

 

You need to escape the apostrophe in the word "don't".

[justsomeguy]

Also, keep in mind that any random person can look at that Javascript code and see both the password and the URL of the page to redirect to. If that "protected" page isn't making sure a user is logged in then it's not protected, anyone can go directly to the URL. Login checking happens on the server, not in Javascript.

[unplugged_web]

I commented that out, but it didn't work

 

I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants.

 

I added an onClick event and changed don't to do not and now it works.

Edited August 22, 2014 by thehappyappy

[justsomeguy]

I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants.

But it provides no security at all. Your boss is ok with that?

[Hadien]

This isn't even a "token security measure" I don't even have to provide a password or username to move to the protected site. you need server side scripting and preferably a database of a sort. you can use javascript to partake in the signing in process, via Ajax, but in no way should it be doing the password comparisons itself nor even mentioning the redirect address in it's code.