Jump to content

Popup not working


unplugged_web
 Share

Recommended Posts

I'm trying to create a pop up box that asks for a password but I can't seem to get it to work. I've got this
<SCRIPT>function passWord() {var testV = 1;var pass1 = prompt('Please Enter Your Password',' ');while (testV < 3) {if (!pass1) history.go(-1);if (pass1.toLowerCase() == "password") {window.open('/resources_admin');break;} testV+=1;var pass1 = prompt('Access Denied - Sorry you don't have access to this page','Password');}if (pass1.toLowerCase()!="password" & testV ==3) history.go(-1);return " ";} </SCRIPT>
With the button looking like this
<a class="btn btn-restricted" id="passWord">Protected Access</a>
I've not getting any errors at all but the popup isn't working either. I've checked and popups isn't disabled either.
Link to comment
Share on other sites

Also, keep in mind that any random person can look at that Javascript code and see both the password and the URL of the page to redirect to. If that "protected" page isn't making sure a user is logged in then it's not protected, anyone can go directly to the URL. Login checking happens on the server, not in Javascript.

Link to comment
Share on other sites

I commented that out, but it didn't work :(

 

I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants.

 

I added an onClick event and changed don't to do not and now it works.

Edited by thehappyappy
Link to comment
Share on other sites

I understand what you're saying and agree but this is an intranet site and you need to be logged in to see it and you can only see the page with the button on if you're an administrator so it's more of a token security measure that my boss wants.

But it provides no security at all. Your boss is ok with that?
Link to comment
Share on other sites

This isn't even a "token security measure" I don't even have to provide a password or username to move to the protected site. you need server side scripting and preferably a database of a sort. you can use javascript to partake in the signing in process, via Ajax, but in no way should it be doing the password comparisons itself nor even mentioning the redirect address in it's code.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...