There was an article about a website just like this. Originally the code went something like
if (password=="thePass") { access="thePage.htm"; location.href=access; } else { alert("Bad password.") }
before switching to the WTF you gave to prevent "hacking"