my friend and I (mostly my friend becuase I am new to this whole javascript and html world) are trying to put a single password lock on our site, where the login is the same (i.e. "member") and the password is simply 4 letters. He did some researching a made some changes to another script, I was wondering if anyone could tell me if it's safe enough (or if it's too easy)

Please PM so I can send the script ....

Well before even looking at the script, I can tell you that it isn't as safe as a server side password script.

Javascript is a client side scripting language. Therefore the script can be downloaded and opened to find the "hidden" password.

As ChrisK said, Javascript is not secure. You only need to view the source of the page to obtain the password. Does your web host support htaccess passwords or any other programming languages (e.g. PHP, ASP)?

Please note that this is on the same topic as this post here:
http://www.thecomputermechanics.com/forums/showthread.php?t=8633

yea .. i dont really want to spend money on a separate server for the password. I just need it for school for the next 3 months so I wasnt looking to spend any money. Since you guys are very knowlegable with programming its obvious that you would be able to find the hidden password in the script.

I was just wondering couple things (because im not going to be dealing with people who have computer programming degrees, just somewhat knowlegable ppl that are studying it).

1. Could you tell me how much schooling you've had to learn programming.
2. How long it took you to figure out the password for my script (just tell me what you determined the password to be becuase one of my friends whos an "expert" at programming "got" the password but it was totally wrong...lol ...and then he was telling me how we should be scrambling the script to make it harder). I just want to know how long it takes an expert to figure it out.
3. How can i make the password more complex to determine (i.e. numbers and letters)

Heres the script:

<SCRIPT LANGUAGE="JavaScript">
<!-- Begin
var params=new Array(4);
var alpha="ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHI";
function check(form) {
which=form.memlist.selectedIndex;
choice = form.memlist.options[which].value+"|";
if (choice=="x|") {
alert("Please Select Your Name From The List");
return;
}
p=0;
for (i=0;i<3;i++) {
a=choice.indexOf("|",p);
params[i]=choice.substring(a,p);
p=a+1;
}
h1=makehash(form.pass.value,3);
h2=makehash(form.pass.value,10)+" ";
if (h1!=params[1]) {
alert("Incorrect Password!"); return; };
var page="";
for (var i=0;i<8;i++) {
letter=params[2].substring(i,i+1)
ul=letter.toUpperCase();
a=alpha.indexOf(ul,0);
a-=(h2.substring(i,i+1)*1);
if (a<0) a+=26;
page+=alpha.substring(a,a+1); };
top.location=page.toLowerCase()+".html";
}
function makehash(pw,mult) {
pass=pw.toUpperCase();
hash=0;
for (i=0;i<8;i++) {
letter=pass.substring(i,i+1);
c=alpha.indexOf(letter,0)+1;
hash=hash*mult+c;
}
return(hash);
}
// End -->
</script>

All it really takes is to find out where you got the javascript.
http://javascript.internet.com/passwords/login-coder.html

Once you've found it, understand how the user accounts are made then you can crack your password. Because it is this easy, I wouldn't suggest using this form of "protection".

Another option for you, if you can't use PHP or Server Side protection, is using a service like Bravenet.

Password Gate (http://www.bravenet.com/webtools/passwd/index.php)