This is not a secure method of authentication. This solutions should not be on any system which you want to make secure. Authentication should happen on the server, not the client.
In your question, you never check on the second page if the user authenticated on the first page. In order to check this, you should use session storage.
// LOGIN.js
function click() {
inputname = $('#name').val();
inputpassword =$('#pass').val();
for (i in data.username ) //to match username with provided array
{
name = data.username[i];
for ( i in data.password){
pass = data.password[i];
if (inputname == name & inputpassword == pass ){
//The user has successfully authenticated. We need to store this information
//for the next page.
sessionStorage.setItem("AuthenticationState", "Authenticated");
//This authentication key will expire in 1 hour.
sessionStorage.setItem("AuthenticationExpires", Date.now.addHours(1));
//Push the user over to the next page.
window.open('welcome1.html','_self');
}
}
}
if (inputname != name & inputpassword != pass ){
alert("Wrong Password");
}
}
//addHours to a date.
//Credit to: Kennebec
//https://stackoverflow.com/questions/1050720/adding-hours-to-javascript-date-object
Date.prototype.addHours = function(h) {
this.setTime(this.getTime() + (h*60*60*1000));
return this;
}
<!-- LOGIN.html --->
<input type="text" id="name" name="name" />
<input type="text" id="pass" name="pass" />
<input type="submit" id="sub" name="sub" onclick="click();" />
And then on your second page, check to see if the user is authenticated. If not, push them over to an Access Denied page.
//Is the user authenticated?
if (sessionStorage.getItem('AuthenticationState') === null) {
window.open("AccessDenied.html", "_self");
}
//Is their authentication token still valid?
else if (Date.now > new Date(sessionStorage.getItem('AuthenticationExpires'))) {
window.open("AccessDenied.html", "_self");
}
else {
//The user is authenticated and the authentication has not expired.
}
