I'm making an app where users uses a custom view to login into a website. I got everything working, from passing the data from UITextFields to webView website, also i can submit the login and username using this code
NSString *performSubmitJS = #"var passFields = document.querySelectorAll(\"input[type='submit']\"); \
passFields[1].click()";
[webView stringByEvaluatingJavaScriptFromString:performSubmitJS];
How can I check if the user introduced wrong username and password? is there anyway to use something like
document.querySelectorAll
to check if user introduced wrong credentials?
I'm assuming your webpage reloads when you click the login button, which means you want to define this delegate method if you haven't already:
- (void)webViewDidFinishLoad:(UIWebView *)webView;
and you'll need to re-inject your javascript here to scan the page for some indication that an invalid password has been entered. You can use querySelector for this but you'll have to inspect the webpage for the bad password case and find an element that is uniquely displayed for bad passwords. It might be easier to just check something like if(document.body.innerHTML.indexOf('invalid password') > -1) window.location = 'WRONG_PASSWORD' (replace 'invalid password' with whatever the webpage says when you enter an invalid password) and you can implement:
- (BOOL)WebView:(UIWebView *)myWebView shouldStartLoadWithRequest:(NSURLRequest *)request;
and check to see if the URL ever equals WRONG_PASSWORD to know if the user entered a wrong password and react to it in objc.
Related
Okay.
Google API gives you the javascript for the Google Plus signup/login button.
function signinCallback(authResult) {
if (authResult['status']['signed_in']) {
// Update the app to reflect a signed in user
// Hide the sign-in button now that the user is authorized, for example:
document.getElementById('signinButton').setAttribute('style', 'display: none');
} else {
// Update the app to reflect a signed out user
// Possible error values:
// "user_signed_out" - User is signed-out
// "access_denied" - User denied access to your app
// "immediate_failed" - Could not automatically log in the user
console.log('Sign-in state: ' + authResult['error']);
}
}
IF a user successfully logs in with Google Plus, I want to use the form attributes/variables to create a new user. A user has a username and a password. The Google Plus login gives the google plus user a fullname and a gplus id. I want to create a user in the database with a username equal to their gplus fullname and a password equal to their gplus id. How would I go about using ruby with my javascript to save them to the model. I reviewed this link
Section four seems to be the right direction. I'm just having trouble grasping it.
If you think there would be a better way to do this. Please let me know! I read up on Devise with google plus, but it seemed too risky to implement during a time crunch. I might try it anyway depending on how long this takes me.
I have a very small Django app, mostly just for learning purposes. I am using the inbuilt User model provided by Django. To learn the functionality, I've created pages which allow me to create and edit users without having to go to the admin panel.
The register page allows me to very easily check for things like password and email validity, as when I POST to a View, I simply use user_form.is_valid() to check the fields are correct (username is less than 30 characters, password less than 128, other conditions...).
For my edit page, I wanted to make the content more responsive so I have made use of AJAX requests via JQuery, allowing me to perform actions without reloading the page. This works great, but it does leave me with the problem of checking validity, as I am not sending the form, I am just using Javascript to pick out the queries and send them in an AJAX request as such:
$.get('/dms/edit_user_changeuser/', {inputNameSend : $("#inputname").val(), usernameToSend : $("#usernameID").val(), emailToSend : $("#emailID").val(),passwordToSend : $("#passwordID").val(), disabledToSend : checkedVal}, function(data){
if(data != "success"){
$("#errorDisplay").show();
}else{
$("#savedDisplay").show();
$("#user_form").hide();
}
});
And this is how the associated View handles it:
#login_required
def user_edit_changeuser(request):
# Like before, get the request's context.
context = RequestContext(request)
inputname = request.GET['inputNameSend']
newUsername = request.GET['usernameToSend']
newEmail = request.GET['emailToSend']
newPassword = request.GET['passwordToSend']
if(request.GET['disabledToSend'] == "true"):
disabledBool = False
else:
disabledBool = True
try:
user_obj = User.objects.get(username=inputname)
print("retUser")
user_obj.username = newUsername
user_obj.email = newEmail
user_obj.is_active = disabledBool
user_obj.set_password(newPassword)
user_obj.save()
print(str(disabledBool))
return HttpResponse("success")
except Exception, e:
return HttpResponse(str(e))
This all works assuming input is valid, but is there something like User.checkValidPassword(newPassword) to manually check validity?
User instances have a method check_password which does exactly what you want it to do
user = User.object.get(username=inputname)
user.checK_password('a_password')
The above checks to see if the current users password matches what is saved in the db. If you were instead asking about validating to make sure the newPassword is valid ie. is the proper length, contains numbers, etc. There is no reason you cannot use a form to validate the user input, just as you would if it were not an AJAX based view
as a side note, it is not necessarly the best thing to catch all exceptions in python. It can mask all sorts of errors that you want to see fail!
if you are expecting that a user might not exist do it explicitly.
try:
user = User.object.get(username=inputname)
except User.DoesNotExist:
# all other expections will not be caught!
I would like to let a user enter a facebook page name and validate that it is a facebook page and nothing else.
To accomplish that I've used ajax to call graph.facebook.com/{str} where {str} is a pageName a user is requested to enter, but the problem is that any string can be entered and if a user enters a string which is a facebook profile, it will return a facebook object.
How do I validate using graph.facebook.com/{str} that {str} is a valid facebook page name ?
I've tried using graph.facebook.com/search?q={str}&type=page but it returns close results too even if the {str} that was entered wasn't found.
Thanks
Instead of using Graph API I would suggest you to instead use the Page FQL which is indexable by the name field, and would only return data if the name corresponds to a Facebook Page and not for a User.
Edit
select name from page where name='ign'
Which would give you the result for IGN's page, but if you do the same for any user it would return nothing.
Some fanpages don't have short username:
https://www.facebook.com/pages/Fanpage-name/FANPAGE_ID
in this case, you should send FANPAGE_ID instead of username. Valid fanpage will have fields like
"is_published": true,
"likes": 27134,
check graph api result for public profile:
http://graph.facebook.com/zuck
and fanpage:
http://graph.facebook.com/facebook
I'm making a login page in JSP. I have an index.jsp page where the form exists and some javascript scriplets. Connectivity to oracle database and checking for username and password in database is done in check1.jsp file
My issue is that after entering username and password, when I press login button, I have linked the form to check1.jsp, if username and password matches and exist, it redirects to welcome.jsp , but if username doesnot exist or password is not matched I have to get back to index.jsp showing a small message below box that username doesn't exist OR Password is not matched, currently I am just redirecting to index.jsp.
How should I show that appropriate small message below login box on that same index.jsp page??
REDIRECT TO index.jsp?message=<your custom msg>
And then you can check if message parameter is set and get them via GET parameter
EDIT: (after comments)
I am not a java programmer but googling gives me this,
if(request.getParameter("message") == null) {
// User has opened index.jsp for first time (no redirection)
}
else{
// user has been redirected from check1.jsp
string message = request.getParameter("message");
// Do anything with message
}
You could have a flag that is triggered in check1.jsp and sent back to index.jsp.
and in index.php , you could put a check for the flag to display error if it's turned ON.
I am trying to prompt users to enter a code in order to get into my website. The problem is I am using the following code but some of my user see the prompt window, instead there will be a flashing page. Is there a alternate way to do it?
<script type="text/javascript">
function show_prompt() {
var txtcode = prompt("Please enter your code", "");
txtcode.toLowerCase();
if (txtcode != null && txtcode == "special") {
confirm;
}
else {
window.location = "http://happylemon.asp";
}
}
Instead of a prompt, you should create a proper login page with a form that is submitted to the server and validated. If valid, the user can then be directed to the homepage.
If you use PHP, there are a ton of resources to help with creating a secure login: http://www.google.ca/search?aq=f&sourceid=chrome&ie=UTF-8&q=php+login+page
Why not make a regular authenticate page, but instead of username/password ask for the code? Then submit to server and compare there.
It's NOT safe to put your secret code in Javascript.
There are some typing errors:
I am trying to prompt users to enter a code in order to get into my website.
Should be
I want to keep visitors away from my website.
Just create a normal login page with a login form, and validate the data on the server. No need to ugly (and completely useless) authentication pop-ups.