I'm trying to create a login page and having a few issues. Firstly, while the JS alerts on a wrong password, with the correct password it doesn't redirect to the secure page. Second, I feel like having the password in the javascript isn't really secure against anyone that knows how to view the source code of my site, so what would be a better way to hide this password (It will be the same for all users attempting to access the page)?
HTML:
<div id="container">
<div class="login">
<div class="login_side">
<div class="login_inside">
<h2>LOGIN</h2>
<p> </p>
<p><a href="../index.html">Go Back</a></p>
<p><a target="_blank" href="Contact.html">Contact Us</a></p>
</div>
</div>
<form>
<label>Password</label>
<input type="Password" name="password" id="password" />
<input type="submit" value="Submit" name="submit" class="submit" onclick="LogIn()" />
</form>
</div>
</div>
JavaScript:
function LogIn(){
loggedin=false;
var pass="";
pass = document.getElementById("password").value;
pass=pass.toLowerCase();
if (pass=="login") {
loggedin=true;
window.location.assign("TrainingSecured.html")
}
if (loggedin==false) {
alert("Invalid login!");
}
}
JSFiddle: http://jsfiddle.net/cc7EV/