JavaScript - PHP HttpRequest Security Concern [duplicate] - javascript

This question already has answers here:
Users can change html code to delete what they want
(2 answers)
HTML hidden input shouldn't be editable
(6 answers)
Prevent URL editing by users to restrict access to server's resources
(1 answer)
Input form with hidden field how to secure it
(4 answers)
How do I prevent others from sending their own data to my php page?
(5 answers)
Closed 4 years ago.
I am creating an application using JavaScript and PHP.
I post my data to a PHP file and then the PHP file insert my data into the MySQL database.
All good but I have some doubts about security because my dom can be easily manipulated using the browser.
For example my code like below
var req = {
method: 'POST',
url: 'phpfile/send_message.php',
headers: {
'Content-Type': undefined
},
data: {
"UserId": UserId,
"Message": Message,
...
..
}
};
$http(req).then(function successCallback(response) {
//Do Something
}, function errorCallback(response) {
//Do Something
});
anyone can put a breakpoint in this code and easily can change the UserId, therefore, the message sends to another user.
Ok, I know I can minify my Script but I think this is not enough. If someone wants to change data, he can find the code easily.
Is there any way to prevent this?
Any information you can provide me would be greatly appreciated.

Related

Calling C# Function from ASP.NET View [duplicate]

This question already has answers here:
How to call a C# function from JavaScript?
(7 answers)
How to Call Controller Actions using JQuery in ASP.NET MVC
(5 answers)
Closed 4 years ago.
I have an ASP.Net Entity Framework view where I have multiple drop-down lists. Once a user changes an item in this list, I need to call a c# method which is passed the values in all of the dropdown lists to check whether their values overlap.
Currently I have:
#Html.DropDownListFor(model => model.Periods[i].StartTime, new SelectList(Model.DateTimeList, Model.Periods[i].StartTime), new {#class = "form-control", onchange = "dropdownChange()" })
which called a method called dropdownChange():
<script>
function dropdownChange() {
#{
var overlapping = PeriodController.ConfigureViewModel.IsOverLapping(Model);
}
console.log("here");
}
</script>
This method is found by the view but doesn't go into my c# code as I have tested by putting in javascript code and it is run. e.g. the console.log appears but doesnt call the c# code.
Either a solution to this or a more sophisticated way to call a c# method every time a dropdownlist is changed.
Added Ajax Method:
$.ajax({
type: "POST",
data: { 'Model': Model },
success: function(isOverLapping) {
overLappping = isOverLapping;
console.log(1);
},
error: function() {
console.log(2);
}
});
One line answer: MVC doesn't work like that.
Longer answer: You can't access the server-side code directly from the browser like that. The most common solution is to use something called AJAX to call the C# function on the server. You then need to write code in the View to handle the response from the server. Have a look at this question and this answer: https://stackoverflow.com/a/16186212/5173105

Passing objects from tomcat Listener to Javascript function [duplicate]

This question already has answers here:
How should I use servlets and Ajax?
(7 answers)
Closed 6 years ago.
I'm trying to send objects from a Java Listener (not the Javascript eventListener!) to a Javascript application without success.
The requirement is: a Javascript application running in the browser should ask to a Listener an object (such as an array) at the launch and the Listener responses giving the array. There are many ways to do this. What are the most relatively secure and efficient ones?
I will try now to do an example. The Javascript function asks thorough jQuery the array directly a JSON file (by HTTP GET request) and storing in this way its content in the 'data' variable, as follows:
$.get("./myJSONfile.json", function( data ){
// Stuff to do
var myArray = data;
...
}
and this without asking the intervention of any Servlet or Listener. What I have to do I want to use a Listener to pass the content of the JSON file to the Javascript function?
Not sure what exactly you mean, but one usual way to communicate between javascript and server is to write an ajax call to get the data you want, just like below :
var myArray = [];
$.ajax({
url: "someUrltoServer",
async: false,
type: "GET",
error: function (jqXHR, textStatus, errorThrown) {
alert(jqXHR + "-" + textStatus + "-" + errorThrown);
},
success: function (data) {
myArray = data;
}
});

how to put variable from javascript to php variable? [duplicate]

This question already has answers here:
How do I pass JavaScript variables to PHP?
(16 answers)
Closed 8 years ago.
This is my codes using script, its a part of my codes, how can i put the var x into my VALUES in php, in the specified 'NULL' value?
enter code here
var x = document.getElementById("name_stop");
<?php require_once('dbconnect.php'); $result2=mysql_query("INSERT INTO log (status, code)VALUES('login','NULL')"); ?>
You can't move JavaScript variables to PHP unless you refresh the page because while JavaScript is client-side, PHP is server-side. When the page is loaded, PHP's job is done.
You should have a look on how to use ajax.
Moreover, for security of your apps, always check the data which are coming from client-side.
You are looking for AJAX. You will have to send a AJAX request to your phpscript.
The easiest way to send an AJAX request is using the jQuery library.
$.ajax({
type: "POST",
url: "insert.php",
data: { name: x }
})
.done(function( msg ) {
alert( "Data Saved: " + msg );
});

JavaScript returns undefined [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I have the following JSON that I receive from a URL, we call the URL here www.blabla.com/testjson
And it returns:
[{"Identifier":1,"Naam":"NOT Given","Adres":"Kopenhagen 9","Postcode":"0000LL","Plaats":"NOT Given","Longitude":"0.00000","Latitude":"0.00000"},
{"Identifier":2,"Naam":"NOT Given","Adres":"NOT Given 1","Postcode":"0000LL","Plaats":"Rotterdam","Longitude":"0.00000","Latitude":"0.00000"},
{"Identifier":3,"Naam":"NOT Given","Adres":"NOT Given 6","Postcode":"0000LL","Plaats":"Rotterdam","Longitude":"0.00000","Latitude":"0.00000"},
{"Identifier":4,"Naam":"NOT Given","Adres":"NOT Given 1","Postcode":"0000LL","Plaats":"Den Haag","Longitude":"0.00000","Latitude":"0.00000"},
{"Identifier":5,"Naam":"NOT Given","Adres":"NOT Given 218","Postcode":"0000LL","Plaats":"Zoetermeer","Longitude":"0.00000","Latitude":"0.00000"}
];
I want to retrieve this JSON en return this result, but I get UNDEFINED, this is my code:
$.each("www.blabla.com/testjson", function(index, element) {
$('.result').append(element.Naam);
alert(element.Naam);
});
You also need to check if the user cookies are true or else it won't return something, I don't do this because I work with phonegap and jquery mobile. Can that be the problem?
Try using the method $.getJSON:
$.getJSON('http://www.blabla.com/testjson.json', function(data) {
$.each(data, function(key, val) {
$('.result').append(val.Naam);
alert(val.Naam);
});
});
For more information, check the online doc: http://api.jquery.com/jQuery.getJSON/
PS: Make sure that you added the website www.blabla.com to your whitelist exception.
For more information about Phonegap whitelist exceptions, check the online doc (the following link is for Phonegap / Cordova version 2.1.0): http://docs.phonegap.com/en/2.1.0/guide_whitelist_index.md.html#Domain%20Whitelist%20Guide
Your code will loop over each character of the param string "www.blabla.com/testjson", returning 'undefined' because by writing element.Naam you're trying to access a non existent property named 'Naam' of a character string.
You need to load the external json content by using an ajax call and parse it.
Here is a longer alternative to Littm's answer if you're interested in handling errors too:
$(document).ready(function()
{
$.ajax(
{
type: "GET",
url: "data.json",
data: "nocache=" + Math.random(),
// dataType: "json",
// the above requires 'application/json' as Content-Type headers
// see 'reference A' in the footer notes
// if you active this, please modify following code accordingly
success: function (source, textStatus, jqXHR)
{
var data = jQuery.parseJSON(source);
$.each(data, function(index, value)
{
alert(index+" "+value.Naam);
});
},
error: function(data)
{
// alert("ERROR");
}
});
});
Notes:
1. Reference A
EDIT:
To get more info from error, add the following:
$(document).ajaxError(
function (event, jqXHR, ajaxSettings, thrownError)
{
console.log(event);
console.log(jqXHR);
console.log(ajaxSettings);
console.log(thrownError);
});
Then use the chrome console.
EDIT:
If I type the url you provided in a browser, I am redirected to a login page.
I think that your ajax code is getting this HTML document, too.
Try to check your session: you can add a div in your code and load the content of your url using curl inside this new div. Until you don't see your json code inside this div, your session variables are not working properly.
If curl will get correctly your file content, so will do ajax.
EDIT:
See? Your problem is to correctly login into the webservice from which you are trying to get the json file.
Your friend is right.
You have to set correctly your $_SESSION in PHP which basically use cookies to retain session info.
Try to correctly:
session_start() ;
at the beginning of your php code, before using ajax.
References:
- php.net session_start
- PHP session not working with JQuery Ajax?
Please note that this will work only within the same domain:
Why jquery ajax not sending session cookie
If you are using different subdomains you can try to use
setcookie
References:
- php.net setcookie
- Cross domain cookie access (or session)
As far as I know there's no way to set cookies within different domains.
If you are in this situation, I suggest you to have a look at SimpleSAMLPHP descbribed here:
cross domain cookies
Good luck :)

How to retrieve GET variable from ajax response in jquery [duplicate]

This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Get URL parameter with jQuery
I have a form that posts data over ajax. The response comes back in the form of GET variables in the URL. For example if there was a failure of writing the form data the return address would be: http://example.com/?error=1
How would I check for this using jquery. Right now when I do a console.log on the msg variable I just get the html output of example.com (which I guess makes sense). I need the GET variables though. How would I achieve this?
$('#wp_email_capture').submit(function(e){
var email = $('#wp-email-capture-email').val();
$.ajax({
type: "GET",
url: "/",
data: "wp_capture_action=1&wp-email-capture-email=" + email
}).done(function( msg ) {
console.log(msg)
});
e.preventDefault();
});
AJAX by default will return the content from the request. What you want are the headers.
If you are being given a return address of http://example.com?error=1, then it means this is being returned as a redirect header.
To get the header information from an AJAX request, that has been answered here:
jQuery and AJAX response header

Categories

Resources