With the information we have the only way to solve this problem is with brute force. By hand this is far too time consuming, so there would have to be something pretty special in the member's area to make it worthwhile.

You can make assumptions with regards to which characters are allowed in the password as the password is the name of the html file (obviously only certain characters are allowed in this situation).

Hiding the maths by making it server side would make it even tougher to crack.

ps. I make the only permissible character codes as follows:

33 to 64, 69, 97 to 99, 101 to 126.