Secret Area

Restricted areas on webpages are usually accomplished using a password like this. A person will enter something hoping it to be the password, which is then processed in the black box of the server that hosts the website, a box that can only become transparent to an insidious and lucky hacker.

By not using the server to process the password, I have created a password-protected secret area of my website. One would think this would be easy to break into because all the scripts used to process the password are being run on your computer, but I have made it tricky. Who knows what titillating joy lie within this secret area! Do you have the cunning to discover it? Click to attempt to enter a world of bliss.


If you have not yet discovered, directly viewing hihi.html gives unwanted results. This is due to a JavaScript redirect if certain cookies are not the way they should be. By the way, if anything I just said does not make sense and you want it to, a great resource for JavaScript or any web-related things is W3Schools.

The solution is to find a way to view hihi.html so that the correct password can be discovered (changing a single setting in your web browser should do the trick). Note that the password can be found written near my fake viruses, or you can use this to figure out the password.

Actually, after viewing hihi.html, there is no need to find the password if you are willing to edit the three cookies: success, bobo, and pass. The entered password is stored in pass. Both success and bobo are set to either 0 or 1. While success is designed to be permanently set to 1 at the appropriate time, bobo is designed to equal 1 for only a very brief moment. Think of bobo as a backstage pass that tells my website that you are not trying to cheat.

Update: For many of the newer web browsers, there is now another way of easily viewing the hihi.html source code without changing any setting in your web browser. I didn't foresee this. You still either have to find the password or edit the cookies to get the full experience of my secret area.
By making this a browser-side (as opposed to server-side) password, I have learned over and over that browsers are constantly evolving, so do not try to make anything that depends on specific browser behavior! When I first made the secret area, the "unwanted results" for trying to hack into it were quite annoying for the hacker (the browser window would hop all over the screen and make you click through the entire lyrics before you could leave with no way to mute or pause the forever looping video), but browsers have since regularly protected users from people like me.