Here's an example of the code I'm interested in:

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==1.1051652061384703e+23&&passcode==163696130771397840000)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}

Is there any way to crack this code, other than brute force/guess and check? I'm sure there must be, but I can't think of it at the moment. So how secure, exactly, is this code? Thanks!

The passcode portion is not very secure at all (it is also redundant). For starters there are multiple passwords that will generate the same passcode. The script multiplies the character's numerical value. And since the order in which numbers are multipied doesn't matter, neither does the character positions. So password, drowssap, wordpass, dwrpssao, and many more will all compute to the same passcode. They don't even need to be the same characters. Just as 2 * 2 * 2 is the same as 4 * 2 is the same as 8, the characters can alternate just as easily.

The passcode in your example can be factored down into 2^7 * 3^5 * 5^4 * 7 * 11 * 29 * 37 * 97 * 101^2 * 103. So 7 characters of numerical value 2 -or- 1 character of numerical value 128. 5 characters of numerical value 3 -or- 1 character of numerical value 243. And so on.

ÎÊʹ˥áH will generate the same passcode number (given the same character encoding).

The only thing that may make this secure is using the password as the restricted page name. Only because the real authentication is really being done server-side, by returning the desired page or a file not found page. But really all you're doing is not giving out the URI to people you don't want going there.

I also don't see what any of this has to do with fuzzy logic. :confused:

Thanks Jeff.
How did you factor down the passcode? Also, how do those numbers relate to alphanumeric characters?

Basically, I just want to know how to extract a username and password from the numeric values. That way, I'll know exactly how hard the script is to crack and it'll convince me to put a password script on the server-side.

How did you factor down the passcode?
Divide out 2 from the number as many times as it is evenly divisible, then divide out 3, 5, 7 and so on using the next prime number (you're guarenteed not to have to go higher than 255) until the passcode number is reduced to 1. You could write an algorithm for the computer to do this for you.
Also, how do those numbers relate to alphanumeric characters?
Once you have the broken down factorization you can multiply certain parts together for a sequence of numbers from 0 - 255 to represent each byte.
I just want to know how to extract a username and password from the numeric values
I havn't actually extracted your password, since I still don't know what you originally typed in. I just came up with another one to recreate the passcode. The passcode number would help in a brute force search, though, since they wouldn't have to try random passwords one after another, but possibile character combinations from the factorization, especially is you give a much smaller range to work with, such as alphanumeric. That could possibily reduce the number of possibilities to a few dozen (normally the number of possible combinations for a password of length 8 is a 20 digit number).
and it'll convince me to put a password script on the server-side
Anything that is meant to be secure should always be done server-side.