sending a url to another page

I wrote the following javascript code for prompting the user to enter a password before he can access a page. Also, I want to send a url to the page which is going to load if the password is correct. Is it the correct way of sending the url of another html page to that page

function pagePassword(url)
{
var password;
var pass1="xxxxxx";
password=prompt('Please enter the page password:',' ');
if (password==pass1) 
{
//code to send a url of another html page to the page which is going to load if the password entered by the user is correct
window.location="http://nano.uark.edu/nanophpscripts/xxxxxxx.php?pageurl="+url;
}
else {
alert('Wrong password!');

}
}

This is the code for the edit_backend.php page. The page gets the url of another html page and opens it's source code in a text box

$url=$_GET["pageurl"];
echo "<textarea name=\"content\" 开发者_开发技巧id= \"content\" cols=\"90\" rows=\"40\">";
$handle = fopen("$url","r");
while(!feof($handle))
{
$text = fgets($handle);
echo $text;
}
fclose($handle);
?>

 echo "</textarea><br>";

---

Do password-handling server-side, not with javascript. Anyone could just look at the javascript and see the password, or which page they are going to.

---

well, you have to escape the url in javascript - probably :

"http://........?pageurl="+escape(url);

And inside the php script:

$prevpagename=htmlspecialchars(urldecode($_GET["pageurl"]));

Probably that should work.

Of course as guys suggested above, comparing your password at the clientside is not quite a smart thing to do.

---

First, you shouldn't keep any sensitive data whatsoever in Javascript where anyone can simply view the source code. You need to handle the login with your PHP.

Second, just for fun, I cut and pasted your window.location link into my browser and within 3 minutes was able to view all the source code from your php files, including you database login details, right there in your little app.

You might not want to let that happen...