Restrict user from visiting a page without logging in using javascript

Question

I have made a register form, from where data is getting stored into the local storage. Only after user logs in successfully, it redirects to success.html or else takes user back to the login page. I have added the following script at the head of success.html-

and following is my login validation function-

//Storing data from local storage into an array of objects
 var usersdata = JSON.parse( localStorage.getItem('key_users' ) );
function loginvalidate()
{
    usersdata = JSON.parse( localStorage.getItem('key_users' ) );
    var usernameinput   = document.getElementById("username");
    var passwordinput   = document.getElementById("password");
    for(var p in usersdata)
    {
      console.log(p+':'+usersdata[p].username+'|'+usersdata[p].email);
      if(usernameinput==usersdata[p].username && passwordinput==usersdata[p].password)
      {
         alert("Logged in successfully");

      }
    }
    jQuery(window).load(function() {
  localStorage.setItem('status','loggedIn') 
});

}

Here, I am unable to set the status to 'loggedIn' and if I set it manually through console the success.html keeps on loading just like running any infinite loop.

Tariq B. · Accepted Answer

The loop is occurring because of the following condition on the success page. It redirects even when you are at the success page and thus the loop.

if (localStorage.getItem('status') != null)
{
    //redirect to page
    window.location.href = "success.html";
}

Change it to

if (localStorage.getItem('status') == null)       
{
    //show validation message
    window.location.href = "login.html"
}

P.S. I do highly recommend not to use localstorage to send the username and password to the clientside. It breaks the whole point of authentication and authorization services even existing.

Restrict user from visiting a page without logging in using javascript

Answers (1)

Related Questions