I got this by adding alert(nls) between
=============================
  nls+="*";
alert(nls) //Added this
  if (nls.indexOf(tst)>-1){
=============================
 

But looking at part two, I started with trying to convert the secret
page to teacher.htm
but found out that there are 11 chars to it.

Your code:
 for (var i=0;i<abz;i++) { //9 times since abz = 9
  nrz=eval(lsz.substring(0,2))-az;
  lsz=lsz.substring(2,lsz.length);
  nlsz+=al.charAt(nrz);
alert(nlsz)
 }

and abz is  abz=eval(lsz.substring(0,2))-89
to get 11, we need 100 at the start but your code only get 2 digits so
it is impossible to get teacher.htm
 

Here is how I found this out:

First of all,when the "Submit" button is pushed,the function CkPwd is called so i analized it:

function ckPwd()
{
 tst=document.chall.username.value
 +"*"+document.chall.passwrd.value+"*"; //my input,it will be compared with the
                                                               //decripted username/password
 ls=document.pd.pe.value;                     //ls=pe='96989446449274312767319618656144923142
 a=eval(ls.substring(0,2))-91;                 //a=first 2 digit nr. contained in pe -91
                                                               //a=5  == the cript key
 ls=ls.substring(2,ls.length);                   //jump to the next number in pe

 var nls="";                                             //the decripted code containes nothing,... yet

 var flg=0;                                              //a flag (Is the username/password correct?

 while (ls.length>12){                             //lets you to enter some useless numbers at the end
                                                             //of the cripted code.Could be allsow ls.length>0...

  ab=eval(ls.substring(0,2))-89;            //how long is the password or username

  ab1=(ab1==""?""+ab:ab1);                 //useless instruction (Scaring Newbies?)

  oab1=ab1;                                          //usless

  ls=ls.substring(2,ls.length);                // go to the next number in ls (...in pe)

  for (var i=0;i<ab;i++){                         //for the next ab numbers:

 nr=eval(ls.substring(0,2))-a;               //nr=the following number-key (nr=2 digit
number-5)

   ls=ls.substring(2,ls.length);              // next number in ls (...in pe)

   nls+=al.charAt(nr);                          // add to the ecripted code the nr-th character
in al
   }

  nls+="*";                                          // code=code+"*"

  if (nls.indexOf(tst)>-1){                   //is the username/password OK?

   ls="";

   flg=1;                                            //Set the flag to true...
   }
  }
 if (flg==1)                                       //Did the cracker succeed ? :)
{
tstOk();                                           //Yeees
}
 else{                                              //BadGuy :(
  ctr++;
  if (ctr>3){
   location.href="_wrong.htm";
   }
  else{
   alert("Sorry, dude. Bad Username or Password. WORK ! Or are you a loser ?
"
   +" Failed Attempt #"+ctr+".");
    }
  }
 }

So, the username and the password are checked in the CkPwd() function. Let's take a look at how it works:

a=eval(ls.substring(0,2))-91 => a=96-91=5 => KEY

Inside the while

first time the username is decripted:

      ab=98-89=9 => length of the username is 9 characters

 inside the for, 9 numbers from pe are decripted,one at a time: 94 46 44 92 74 31 27 67 31

First,the key a is substracted from each:  89 41 39 87 69 26 22 62 26 then,the characters with these index in al are added to nls==good code  nls becomes "knowledge" (al[89]=='k',al[41]=='n',...:)

outside the for, a '*' is aded to nls (nls+="*") => nls=="knowledge*"

now the good password is decripted, using the same method:

 ab=96-89=7  =>length of the password is 7

the 7 numbers to be decripted are: 18 65 61 44 92 31 42
then become 13 60 56 39 87 26 37
the corresponding characters in al: 'i' 's' 'P' 'o' 'w' 'e' 'r'
so, nls becomes "knowledge*isPower"
outside the for, a '*' is aded to nls (nls+="*") =>
nls=="knowledge*isPower*"
 
if (nls.indexOf(tst)>-1) :
nls is compared with tst (our input: tst=username+'*'+pass+'*')

if our input is valid, tstOk() is called this one (tstOk()) shows a dialog box and tells us we entered a good username/password and sends us to a page with the url obtained by the function unencr()

Let's analize how this function works:

function unencr(val) //va is in fact
pf=='989826469161918508915695777777777777'
 {

 ab1z="";                                                           //I think it's useless. I may be wrong ;)

 lsz=val;                                                            //lsz is the string we are decripting

 az=eval(lsz.substring(0,2))-91;                        //what is the key? az=98-91=7

 lsz=lsz.substring(2,lsz.length);                         //next number

 nlsz="";                                                            // our URL

 abz=eval(lsz.substring(0,2))-89;                      // length of the URL in abz

 ab1z=(ab1z==""?""+abz:ab1z);                        //useless

 oab1z=ab1z;                                                   //does nothin interesting==useless

 lsz=lsz.substring(2,lsz.length);                        //next number in lsz

 for (var i=0;i<abz;i++) {                                  //decripting of the URL

  nrz=eval(lsz.substring(0,2))-az;                    //index of the next character in al:
number-key

  lsz=lsz.substring(2,lsz.length);                     // next number

  nlsz+=al.charAt(nrz);                                   // add a character to the URL

 }
 return nlsz;                                                  //finally return the URL
}

What happens in this function:

az=key (==7)
                                                                    //length of the URL: abz=98-89=9

The coded numbers are: 26 46 91 61 91 85 08 91 56 (95 77 ... are ignored: only 9 characters)
The good numbers (coded-7) are: 19 39 84 54 84 78 01 84 49
The coresponding characters in al: 'G' 'o' 't' 'I' 't' '.' 'h' 't' 'm'=

=> the returned value is: "GotIt.htm"
 

Part TWO

Now let's find the coded string for "The_Seeker*Sandman*"
 
First the key
I choose 3 so the first number in pe is 91+3=94
The the length of "The_Seeker" is 10 so the next number is 89+10=99
The unencripted code for "The_Seeker": 07 36 26 71 40 26 26 89 26 37
The final code: 10 39 29 74 43 29 29 92 29 40
The the length of "Sandman" is 7 so the next number is 89+7=96
The unencripted code for "Sandman":  40 35 41 22 49 35 41
The final code:  43 38 44 25 52 38 44

so pe final:

"9499103929744329299229409643384425523844"

The code for "teacher":
The key i choose is 1=> first number=91+1=92;
the length of the url is 7:second number=89+7=96
the code for "teacher.htm": 84 26 35 73 36 26 37 78 36 84 49
Coded (and final):85 27 36 74 37 27 38 79 37 85 50

finally:
fp=="92968527367437273879378550"

Laurent - Solution

Here is my solution :

Well, for the part one, like you said, it's easy :
 
username  : knowledge     (offset is 5)
password  : isPower    (I wouldn't have say it better :)
page name : GotIt.Htm     (offset is 7)
 
For the second part, it was a bit harder and I had to write a prog. (I have attached it to this mail, hope you don't mind :) Anyway, I found the right sequences for 'The_Seeker*Sandman". I Calculate them for the different possible first offset (variable 'a') :

The_Seeker*Sandman crypted with offset 1->9299083727724127279027389641364223503642
The_Seeker*Sandman crypted with offset 2->9399093828734228289128399642374324513743
The_Seeker*Sandman crypted with offset 3->9499103929744329299229409643384425523844
The_Seeker*Sandman crypted with offset 4->9599114030754430309330419644394526533945
The_Seeker*Sandman crypted with offset 5->9699124131764531319431429645404627544046
The_Seeker*Sandman crypted with offset 6->9799134232774632329532439646414728554147
The_Seeker*Sandman crypted with offset 7->9899144333784733339633449647424829564248
The_Seeker*Sandman crypted with offset 8->9999154434794834349734459648434930574349

Now about the page name. Well, I have to say I did not found a way to crypt 'teacher.htm'. The reason is because the string length is 11 (eleven), and the max length that we can crypt is : '99' - 89 = 10 !

So, I don't think it's possible to crypt that page name. Maybe I am  wrong and missed something, but that's my conclusion :)

There would have been one possible way to do it, if there was somewhere in your java script a variable whose name would have been 2 characters long and his value would have been assigned to 100. In that case we could have crypted 'theacher.htm' as : 98hu9133428043334485439156 (given hu is the name of a variable = 100). Of course, another solution would be to substract 88 (or less) in place of 89 when you calculate the
length of the string.  I don't see a way to crypt 'teacher.htm' with the current Javascript as
it is :(

Keep giving us such great challenge ... I love it :)

Attached you'll find two little C program. One (seek) is used to crypt  string and the other (unseek) uncrypt them.
 

Part One:
user name:"knowledge"
password:"isPower"
url:"GotIt.Htm"

Part Two:
Name/P-word VALUE='9699124131764531319431429645404627544046 '>
Url VALUE='9899913342804333448508915695777777777777 '>

In both cases [a=eval(ls.substring(0,2))-91;] takes the 1st two numbers in the string to get the amount that we add to find the char within [al].  It was 5 for the name/p-word and 7 for the Url, although it can be any number from 0-8.
 
Then the instruction [ab=eval(ls.substring(0,2))-89;] tells us how large the name or url is.  in the loop [for (var i=0;i<ab;i++)] the following pairs of numbers are then telling us what the next letter is for example 12 above is 7 (the location of T in [al]) plus the 5 we got from the first pair.  All the following pairs are the location in [al] + [a] to give us:
 
The_Seeker - Sandman - teacher.Ht
 
(since 99 is the highest 2 digit integer, and that only allows us to
have 10 places for the url, I couldnt get the m at the end because that
is 11 places).  If there is a way to do it please let me know.