you can't. the best you can do is encrypt those variables somehow. However, in order to then use that information, you have to also have a way to unencrypt it. and everyone who looks at your source, will also see that method for unencrypting the passwords, which they'll then be able to use, to open your page. that's why everyone would be suggesting to you, that you use cgi. since you can't go down that road, i suggest you ask your SysAdmin if you can use .htaccess and .htpasswd files. otherwise, you're out of luck.

you can use the method you want with ASP. instead of using javascript let ASP validate your form and check if it is the right username and password.

If Request.Form("memuser") = "username" AND resultsRequest.Form("mempass") = "password" Then
'do something
Else
'do something else

There is other ways, I can actually use cgi, but i can do it without a mySQL it'll be ok.

Well theres right clicking Disable but they can still go save as...

There a way to block that as well... when I did save as before on a site right near the end of it uploading it stopped and said can't do it.

Anybody know??

If so please tell me.

Like joh6n suggested, I encourage you to use CGI, or any server-side scripting utility. Although there are some online programs that will actually encrypt the html of a page, the decrypter is ALSO located online so it might not help you all that greatly

So, my suggestions for you would be to either use:
ASP, PHP, or PERL/CGI.

Those will get you what you need.

there's no way to prevent people from getting your source code. when you enter a url in a web browser, your computer sends out a request to a server, and the server sends back a file. this file then sits in the browser's cache. so the file is already saved on your computer. i don't need to right click, or use the browser menus, or save as, to get at your code. all i have to do, is open c:\windows\temporary internet files\, and look for your page. short of using .htaccess files, or some cgi, there's no way to keep people from finding out what your users' ids and passwords are. i suggest the .htaccess files. they're relatively simple to set up. again, ask your SysAdmin about it.