I'm very new to this and trying to figure out the best way to accomplish. I am using Shopify and have been trying to implement a script that runs upon account creation that redirects to my shop page and also subscribes them to my mail list. I have this code in my account.liquid file.
//if(document.referrer == "https://example.com/challenge" || document.referrer == "https://example.com"){
var url = "http://example.us10.list-manage.com/subscribe/post?u=48c8cbb03628105f109c9ea64&id=111111111"
var email = $('.email.note').html();
var path = "https://example.com/collections/all";
setTimeout( function() { window.location.href= path; }, 3000);
$.ajax({
type: "POST",
url: url,
data: {EMAIL : email},
dataType: 'jsonp',
});
//}
I currently have a form on my home page and also a popup that uses the same form in my shop page that both create a customer account. Before I commented out the document.referrer it worked properly only when there was a challenge, but without the challenge it did not work. Now commented out it will run properly, but will also run the script anytime a customer goes to their account page. I obviously only want it to run once upon account creation.
I have a feeling there is a better way to accomplish this and have spent hours searching, but haven't found anything.
Related
On my site the user selects to view a ticket from a list in a table. When the user selects the ticket, the ticket number is posted to the next page which displays all of the data associated with said ticket. On that same page is various options to modify the ticket. One example is you can log whether 911 responded or not. The user clicks a link which executes this code:
$("#submitEmergCall").click(function(){
ticket_num = $("#ticket_num").val();
$.ajax({
url: 'AJAX/outage_911.php',
type: 'POST',
cache: false,
data: {ticket_num: ticket_num},
success: function(){
window.location.reload(true);
}
});
});
On all browsers this code executes perfectly, but on internet explorer their is a popup "To display the webpage again..." I have tried using:
window.location.href = window.location.href;
but when it reloads the page the ticket number is not known so it does not show the correct data.
Is there a way to correct this issue or make these calls in a better way?
I'm feeling scared about a solution i'm using in one of my app.
Basically, i use this snippet :
var username = ...;
$.ajax({
type: "POST",
url: "getFeed.php",
data: "username="+username,
success: function(html) {
// do the stuff
}
});
My question is : is this hackable ? If you use the chrome/firefox/... build-in code editor and replace var username = ... by var username = 'user1';, would it work ?
Thanks
Yes, anyone with a javascript debugger will be able to change the variable to whatever username they want. JavaScript is always open to the user and can be modified easily.
Typically you would have a login page to authenticate the user (often cookie based), and then on every subsequent request (Ajax or otherwise) you would be able authenticate the cookie and make sure the user is who he says he is. This will however require a server side solution to the authentication.
I am creating A login system using AJAX,PHP & SQL obviously.
Anyway I am trying to implement A real time login feature so it will log the user in without refreshing the page.
I have done that almost but the only issue when the user clicks remember me that uses cookies instead of sessions but the JQuery isn't proccessing that?
I want it to detect depending if it was checked ether remember the user or not it only starts a session, when it does register a cookie the logout page is not deleting the cookie which he did before i added the jquery code in so nothing on the php end and I am mainly A PHP Developer and still learning.
(I cannot post the server side code for privacy reasons as I be using this in A project
but it looks similar to any other normal php login script)
Here's the JQuery
function validLogin(){
var user_login=$('#user_login').val();
var user_pass=$('#user_pass').val();
var remember_me=$('#remember_me');
var dataString = 'user_login='+ user_login + '&user_pass='+ user_pass;
$("#flash").show();
$("#flash").fadeIn(100).html('Loading..');
$.ajax({
type: "POST",
url: "ajax/procces.php",
data: dataString,
cache: false,
success: function(result){
var result=trim(result);
$("#flash").hide();
if(result=='correct'){
window.location='index.php';
}else{
$("#errorMessage").html(result);
}
}
});
}
function trim(str){
var str=str.replace(/^\s+|\s+$/,'');
return str;
}
Thanks
You don't pass your variable 'remember me' to your ajax request. For instance :
data: {login: user_login, passwd: user_pass, rememberMe: remember_me}
Another point, be careful you treat information from client-side. Never trust the client. Test all your values in PHP.
I want only execute my ajax post 1 time, i try to avoid to the user refresh the page and execute so much times the ajax post,
I thought in create a cookies, but i don't know, and i'm no sure, somebody know how?
This is my jquery.
var t = jQuery.noConflict();
t( document ).ready(function() {
t.cookie("example", "foo", { expires: 7 }); // Sample 2
console.log( "ready!" );
alert(t.cookie("example"));
var data = '<?php echo json_encode($json_full);?>';
t.ajax({
url: 'my api url',
type: 'POST',
success: function(r) { alert(JSON.stringify(r)) },
dataType: 'JSON',
data: { data: data, }
})
});
/I need run this AJAX only one time because is a checkout page to send the order, and if i refresh the page, send every time the same order, and this i don't want/
Thanks a lot!
Things like these can not be safely controlled on the client's browser. Any user with minimal knowledge in JavaScript will be able to open up the developers tools for their browser and manipulate the code or any values you might have stored (such as deleting the cookie you have set).
This limitation should be implemented on the server.
It really depends on the scope of your application. You might be able to limit the requests per IP address, but that might prevent multiple people from the same office for example loading the page at the same time.
Using user authentication and persistent server storage you'll be able to limit the effect of the request, but you probably won't be able to prevent the actual request from being sent as anyone can make that request even from outside the browser. You could store the user_id of the user that initiated the request and only allow the resulting action to occur if a certain time has passed since the last request.
A better solution to avoid double submits, is to use a POST query for the submit request and let the server respond with a redirect to a normal (harmless) receipt/thankyou page.
Then if the user refreshes the receipt page they will simply repeat the GET request to the receipt page and not the post.
You should still add some checks server side to avoid multiple POST requests somehow (using sessions, timestamps or something), in case a malicious user deliberately tries to resubmit.
This will only work on IE8 and above, but you can use localStorage:
var t = jQuery.noConflict();
t( document ).ready(function() {
t.cookie("example", "foo", { expires: 7 }); // Sample 2
console.log( "ready!" );
alert(t.cookie("example"));
if(localStorage['submitted'] === undefined){
var data = '<?php echo json_encode($json_full);?>';
t.ajax({
url: 'my api url',
type: 'POST',
success: function(r) {
localStorage['submitted'] = true;
alert(JSON.stringify(r));
},
dataType: 'JSON',
data: { data: data, }
})
}
});
This way the first time it will run the AJAX because you haven't set the localStorage variable, but upon success you do and it will not resubmit on page refresh.
If you wanted to have the ability to send again upon a future visit, just use sessionStorage instead of localStorage. Same syntax and everything.
I have been using django for almost 6 months now and it works fine for almost all kind of websites I do.
However , recently I stumbled upon an issue when I was doing a website, where a user gets notified about any blog post the other user updates.
My approach was this :
From my template I keep doing an ajax call like this :
$(document).ready(function() {
setInterval(function(){get_updates();}, 10000);
function get_updates(){
$.ajax({
type: "GET",
datatype: 'json',
url: "{% url 'models.views.update_notification' %}",
success: function(data) {
if(data.updated){
$.("content").load('notifications.html');
}
}
})
})
});
}
class UpdateNotificationView(View):
def get(self, request):
user = FriendUser.objects.get(name='friend')
msg = {"updated" : user.is_updated()}
return HttpResponse(simplejson.dumps(msg))
Assuming that notifications.html is just a partial included in every page:
<div id='divid'>{{ notification }}</div>
The problem here is that , I don't think its a good Idea to keep doing ajax calls like this every x seconds/minutes.
Is there a way to push updates from the backend as soon as a database is updated directly to the browser , without polling for updates like this ?
Or is django not made up for it ?
I guess you should have a look at django-comet or any othe comet-like project.
It will allow you to push a response from server to the user's browser.
Wiki page on Comet: http://en.wikipedia.org/wiki/Comet_(programming)
Also, let me share a link to a great answer on this topic: https://stackoverflow.com/a/4403209/2795926