The more I look into this language the better I like it.. Yes, it has many limitations but if you look at it from an educational tool, then it's got everything we could possibly want from it!  This is primarily a thinking language, where the reverser must think quite deeply before making his move. Anyone here like chess?, what a game. Simple and straight forward rules, but with an almost unlimited number of moves. 

Common themes of code run through the majority of password protected web pages that you can find on the web, hardly surprising since many of these pages are merely modified versions of the original script. Find the original script and compare the differences between them to find how best to tackle it. It doesn't take much JavaScript code to create an almost impossible-to- break protected web page, where for example,  the 'protection' is based on a simple XORing of the User's password using a number based the current day/month. Easy to code, hard to reverse.  What's so frustrating for the reverser in this case, is that they can understand and follow the whole protection routine yet, finding the real password to unlocking the page can still be *almost* impossible!. 
 

routine. 
 

Let's see the JavaScript routine we have created so far.. 

Can you see it's obvious limitation?. That's right, we would have to place this whole script in our web page every time we wanted to use it. Hardly what you would call efficient.  Another obvious limitation is that it can only display the words "Hello World", which is okay if you want your web page filled with these words but who wants to do this?.  It would be much better perhaps to make this routine accept any text string we give it. Fortunately, JavaScript is primarily built on the concept of functions which can be used to correct these limitations. 

Functions can be thought of as 'mini-programs', where each function will perform a specific task. Each function can have the facility to have information passed to it where it will then process and return the results back to wherever it was originally called from.  That's right, we can execute functions from anywhere in our web page and have that function be given data to work on. 

Before we go any further, lets explore if you will, the general concept of variables and how the operate in the JavaScript environment. 

Variables act and behave like the PC's internal Registers, which you see in Softice. Variables are in general, used to hold text or numeric data. Unlike in many other computer languages such as Pascal, variables in JavaScript are not 'declared variables' meaning that we don't have to first initialize our variables to accept a particular type of data first before we can use it.  Therefore Variables in JavaScript are 'loose data' types, they can hold any type of data such as string or numeric's by just assigning it a value. 

Next, variables come in two varieties, either Global or Local.  

Global variables can be 'seen' and 'changed' anywhere within the script code, this is very useful if you have several functions that need to know the state or value of a particular variable before it can continue with it's own pre-define task. An example of a Global variable might be a variable that holds the User's typed in password, where this password then has to go through several stages of decryption before it can be checked to see if it matches the one the script is expecting.  

Local variables are just that, they are defined within functions and are local to that function only. Therefore no other function can 'see' or change any local variables that have been defined another function. These type of variables are used for holding data temporarily while the function manipulates it in some way. The important thing to remember about Local variables is that once the function has finished then the local variable will be destroyed and whatever data is held will also be lost, until that is, when that same function is executed again, where the local variables will be created again. 

As with function names, variable names are also case sensitive, so the variable name Pword is treated separately and unique in it's own right from the variable named pword. 

Here is a simple overview of the scope/range of three variables within a script. 

  <script> 

  variable1="This is a Global variabl----------------------------->  
                                                                  :
  Function1() {                                                   :
  variable2="Local variable used within Function1 only"------->   :
                                                              :   : 
  <.............Scope/Range of variable 2.....................<   :
  }                                                               : 
                                                                  : 
  Function2() {                                                   : 
  variable3="Local variable used within Function2 only"------->   : 
                                                              :   :
                                                              :   : 
                                                              :   : 
  <...................Scope/Range of variable 3...............<   : 
                                                                  :
  <-------------------Scope/Range of variable 1-------------------< 
  </script> 
 

Can you see that variable 1 encompasses the whole of the script and that any and all functions declared within the script has full access to it.  Also, note how variables 2 & 3 cover only the function they are created in. Once outside of their functions and variables 2 & 3 die and no longer exist. 

Local variables exist ONLY in the function they were created in. 
Global variables exits everywhere within the script. 

With the variables fundamentals out of the way lets get back to our 'hello World' example.. 

Turning our original routine into a function that we can call anywhere within our web page is relatively easy to carry out. 

We start by creating a function and giving it a name. 

Lets call our new function Hworld. 

With this we can now transfer almost our whole script routine directly inside this function, which, as already mentioned can be thought of as a mini-program. 
 
 

If you were to place this script into your web page as shown above then nothing will happen. This is because script functions can only be executed if explicitly called from anywhere within our web page. The benefit of this means we don't now have to add all this code into our web page each time we want to use it. We can now simply execute it by specifying it's name. This is exactly like the Assembler Call sub-routine then return when completed approach. 

Here is the code we need to be able to execute our newly created function. 
 

Okay, there's no time to rest, we still have one more thing to do to make this function more versatile and one that *might* be even useful to us perhaps.. 

At present our JavaScript function requires no information to be passed to it in order for it to carry out it's task, which means it will always display the same two words each time it is executed. Lets change this so that we can tell the function to display whatever text we wish to use.  

Here are the two changes we can make to our function.. 

Change 1.  function Hworld()                              to        function Hworld(Msg) 
Change 2.  document.write("Hello World")        to       document.write(Msg)   

Can you see what we have done?.  

1. We have changed our function so that it now requires data (in this case some text) from us before it will run. From now on any data we pass to our function will be stored temporarily in the variable Msg. 

2. Next, we have altered our write method to now write the text string stored within the variable Msg. 
 

With the new changes in place here's our final revision for our function. 
 
 

  
In the next tutorial we shall be exploring Alert box's, FOR loops and a little maths thrown in for good measure.