unplugged_web Posted August 21, 2014 Share Posted August 21, 2014 I'm trying to create a pop up box that asks for a password but I can't seem to get it to work. I've got this <SCRIPT>function passWord() {var testV = 1;var pass1 = prompt('Please Enter Your Password',' ');while (testV < 3) {if (!pass1) history.go(-1);if (pass1.toLowerCase() == "password") {window.open('/resources_admin');break;} testV+=1;var pass1 = prompt('Access Denied - Sorry you don't have access to this page','Password');}if (pass1.toLowerCase()!="password" & testV ==3) history.go(-1);return " ";} </SCRIPT> With the button looking like this <a class="btn btn-restricted" id="passWord">Protected Access</a> I've not getting any errors at all but the popup isn't working either. I've checked and popups isn't disabled either. Link to comment Share on other sites More sharing options...
JamesB Posted August 21, 2014 Share Posted August 21, 2014 prompt('Access Denied - Sorry you don't have access to this page','Password'); You need to escape the apostrophe in the word "don't". Link to comment Share on other sites More sharing options...
justsomeguy Posted August 21, 2014 Share Posted August 21, 2014 Also, keep in mind that any random person can look at that Javascript code and see both the password and the URL of the page to redirect to. If that "protected" page isn't making sure a user is logged in then it's not protected, anyone can go directly to the URL. Login checking happens on the server, not in Javascript. Link to comment Share on other sites More sharing options...
unplugged_web Posted August 22, 2014 Author Share Posted August 22, 2014 (edited) I commented that out, but it didn't work I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants. I added an onClick event and changed don't to do not and now it works. Edited August 22, 2014 by thehappyappy Link to comment Share on other sites More sharing options...
justsomeguy Posted August 22, 2014 Share Posted August 22, 2014 I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants.But it provides no security at all. Your boss is ok with that? Link to comment Share on other sites More sharing options...
Hadien Posted August 22, 2014 Share Posted August 22, 2014 This isn't even a "token security measure" I don't even have to provide a password or username to move to the protected site. you need server side scripting and preferably a database of a sort. you can use javascript to partake in the signing in process, via Ajax, but in no way should it be doing the password comparisons itself nor even mentioning the redirect address in it's code. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now