OK, so basically I’ve put together a very low security log in page (javascript username and passwords) which isn’t a big deal cause there isn’t really anything it’s protecting, I just made a login page for the youth on my church website to view and study Sunday School material. What I’m wanting is to make it so you can’t type in the direct html to your “profile” or bookmark it, I want them to have to use the javascript log in. For example, the script will direct bob to his “profile” at bob.html, but I want to only go to bob.html only if it comes from login.html, is there any way to do this without getting extremely complicated? I’m expecting there isn’t but I thought I’d ask anyway.
Share
If no server side programming is involved you will have to use a simple JavaScript redirection which is not even considered as a “low-level” security but as a “non-level” security 🙂
Anyway you can check the referrer with document.referrer and redirect to the main page when its not correct, remember that this is very easy to manipulate by the user.
More details on document.referrer can be found here http://www.w3schools.com/jsref/prop_doc_referrer.asp
if ((document.referrer).indexOf(‘login.html’) > 0 && username==’someone’ && password==’pass’) {do stuff} else {user did not arrive from login.html or username is wrong or password is wrong}