Code works on Safari but not on Firefox

General PHP Help
#1

I know this is not really secure programming but I cannot figure out why it works on the Safari browser but not on Firefox,
No matter what is input into the password box it always goes to the sxdispunprotect.php.
Any ideas/suggestions?

          function Validate() {
            if (document.form1.password.value == "fredpeabody")
            {
               window.location="<?php echo 'sxdisp.php'; ?>";
               return(false);
            } else {
               window.location="<?php echo 'sxdispunprotect.php'; ?>";
               return(false);
            }
          }
        </script>
</head>

<body onLoad="self.focus();document.form1.password.focus()" >

<div id="main-content">
  <p> Enter the Password to search and display all the information on the Sigma Database. </p>
  <p> Otherwise only the unprotected information will be displayed.</p>
 
    <form name="form1" method="post" onsubmit="return Validate()">
    <table width="1000" border="0" cellspacing="1" cellpading="0">
      <tr>
      </tr>     
      <tr>
        <td> </td>
        <td> </td>
      </tr>
      <tr>
       <td align="right">Password: </td>
       <td><input size="20" maxlength="20" name="password"  value="  "> </td>
      </tr>
    </table>
    </form>
</div>
</body>
</html>
#2

Because you are outputting some spaces as the value for that field, they end up as part of the submitted value. Either the different browsers are treating this initial value differently, or how you are selecting the field and entering the new value is deleting the spaces.

You would correct the value=’’ attribute, or simply leave it out of the markup.

Also, when validating and using user entered values, you need to trim them, mainly so that you can detect if all white-space characters were entered, then validate them. In this case, if the trimmed value is empty, you wouldn’t attempt to use it at all.

Finally, each page must enforce its own access security on the server. This code won’t prevent anyone from just browsing to the ‘protected’ page.

#3

It is perfectly possible, that the deep direct selection of the DOM element (dot notation) is not properly implemented in some browser.

This would cause document.form1.password always being undefinded.

Try selecting that element a bit more “old fashioned” by giving it an ID in your HTML and using getElementById then in your JS.

Sponsor our Newsletter | Privacy Policy | Terms of Service