This script doesn't work, help

[WiccanWebCoder]

So, im trying to create a simple generic login for a group to access a specific part of a website I have running through google sites. And i mashed two scripts i did as training, and some personal html know-how. to get this. but when i try to login it doesnt work. Please help!

Code:

<html>
<HEAD>
<SCRIPT LANGUAGE="JavaScript">
function LogIn(){
loggedin=false;
username="";
password="";
username=username.toLowerCase();
password=password.toLowerCase();
if (username=="jeremy" && password=="js") { 
loggedin=true;
window.open("http://www.facebook.com");
}
if (username=="aracelie" && password=="am") {
loggedin=true;
window.open("http://www.facebook.com");
}
if (loggedin==false) {
alert("Invalid login!");
}
}
</SCRIPT> 
<BODY>
<form>
<p>Username:</p>
<input type="text" name="username">
<p>Password:</p>
<input type=password name="password"><br>
<form><input type=button value="Login" onClick="LogIn()"></form>
</form>
</body>
</html>

[jscheuer1]

First of all, you cannot do a secure login via (as appears to be being attempted here) javascript alone. That said, a sort of pseudo secure login via javascript could be done, easily hacked by anyone familiar with looking at source code and/or using the various "web tools" available in most modern browsers.

It's also possible that the code you're presenting in your post is only enhanced by javascript, and that the real action is server side, as would be necessary for any truly secure login, but it's hard to be sure one way or the other. I'm thinking perhaps you copied what code you could see from a secure server side script, meaning - you missed most of it. And then, following from what you say, mashed that up best you could with some insecure, but perhaps serviceable javascript login code.

Anyways, you say it doesn't work, and I'm not surprised.

Before I or anyone goes further here, we should probably establish just what you're after. There could be other possibilities, but the main two seem to be:

1) A secure login script that uses server side code perhaps enhanced via javascript.

Or:

2) Just some sort of javascript barrier that can by its very nature be easily circumvented, but that will keep out complete idiots, and those not too intense about getting in against your wishes.

Which is it that you want? Something else?