Javascript redirect

Hi…
I’m developing a site that needs a restricted area.
So I created a small javascript function to check user and password.
And then redirects to the homepage of the restricted area.

<script type="text/javascript">
function Login(){
	var done=0;
	var username=document.login.username.value;
	username=username.toLowerCase();
	var password=document.login.password.value;
	password=password.toLowerCase();
	if (username=="user" && password=="pass") {
		window.location="internal.php";
		done=1;
	}
	if (done==0) {
		alert("User or password incorrect.");
	}
}
</script>

Form:

<form name="login" method="post" action="">
<input name="username" class="campos" id="username" title="user" type="text" value="user" size="22" style="color:#666; background-color:transparent"  onblur="if (this.value=='') this.value='user'" onfocus="if (this.value=='user') this.value=''" />
<input name="password" class="campos" id="password" title="pass" type="password" value="pass" size="14" style="color:#666; background-color:transparent" onblur="if (this.value=='') this.value='pass'" onfocus="if (this.value=='pass') this.value=''" />
<input name="Submit" type="submit" class="botao" value="OK" style="color:#666; border-color:#CCC; background-color:transparent; border:1;" onclick="Login()"/>
</form>

When I type incorrect username or password, I get the error message, but when I type correct username and password does not redirect to page “internal.php” and will not appear error message also. Just stay in the same page.

Can anyone help me?

You need to return false on the end of the JavaScript or the action for the form will still be triggered.

Also you’d do better to attach that code to the onsubmit on the form tag rather than the onclick on the submit button.

Finally that code will not prevent prople accessing the restricted page since all of the JavaScript will be available to be viewed by your visitors so they will be able to tell what the user and password are as well as the address of the restricted page.

I changed the code but still it does not wok.

<script type="text/javascript">
function Login(){
	var done=0;
	var username=document.login.username.value;
	username=username.toLowerCase();
	var password=document.login.password.value;
	password=password.toLowerCase();
	if (username=="user" && password=="pass") {
		window.location="internal.php";
		done=1;
	}
	if (done==0) {
		alert("User or password incorrect.");
	}
        return false;
}
</script>

<form name="login" method="post" action="" onsubmit="Login()">
<input name="username" class="campos" id="username" title="user" type="text" value="user" size="22" style="color:#666; background-color:transparent"  onblur="if (this.value=='') this.value='user'" onfocus="if (this.value=='user') this.value=''" />
<input name="password" class="campos" id="password" title="pass" type="password" value="pass" size="14" style="color:#666; background-color:transparent" onblur="if (this.value=='') this.value='pass'" onfocus="if (this.value=='pass') this.value=''" />
<input name="Submit" type="submit" class="botao" value="OK" style="color:#666; border-color:#CCC; background-color:transparent; border:1;"/>
</form>

Unfortunately, I can not use a database to register a username and password, this was the only way I could think of without using the database.
There is another way?

wops… it works

<form name="login" method="post" action="javascript:Login()">

Thanks!!

There is a better way to do this without using database?

You should use action=“” onsubmit=“Login();return false” rather than put the code in the action.

A better solution would be to use a server side language to do the test and redirect. You could still hard code the username and password in a PHP script (or whatever other language you have available on the server) so as to not need a database.

The problem with JavaScript is that people will be able to view the JavaScript to see what values to enter in the form or alternatively just type the destination address into their browser address bar so as to bypass the form completely.