I want to create a log in with javascript and html. I use prompt when someone create a new user and password. I would like to know how to save the created password and user locally.
My code works but when I close the web browser, you have to create another username and password each time you want to come back to the website. I need to have something that will save the created password and username that the user create with prompt. This user and password will be use for the log in even if we close the web page. Thanks a lot.
The best way to do that locally (I hope this is for entertainment purposes only because what you are doing is clearly not secure) would be to store it as a cookie.
I recommend checking out this nice stackoverflow post talking about setting and unsetting cookies with jquery. How do I set/unset cookie with jQuery?
Related
I have a problem and after some research online was unable to find other people with this same issue.
I'm designing a site that has sensitive data the user's work with in the page content. It uses CodeIgniter as well as CodeIgniter's session and cookie implementations to track user activity and determine when a session has expired. when sessions expire, the user has to log in again either through a sign-in portal or through a sign-in popup.
My issue is if someones working on their computer then just gets up and walks away from the browser, the session expires, but they didn't realize the session would expire then return to their computer to finish their work. There is a regular ajax call that checks if the user has been inactive, and if the time threshold is reached their session data will be erased and the session is no longer active. There is then a popup window prompting the user to sign in again if they want to keep working.
The problem is, how do I protect any sensitive data in the HTML in the meantime? You might think if the session expires just redirect the user away from the page, but if they're in the middle of something I don't want to erase all of their work. I could try just hiding the HTML using javascript, but then someone could just open the inspector to see the HTML. is there some way I could prevent anyone from seeing the page data at all unless the sign in a popup is completed?
Thanks for any input.
I don't know of anyway to protect their work like you're asking.
I'd suggest saving the users work in a draft format, as they enter it. Then if they walk away and get logged out it doesn't matter, the work is still there when they log on next.
I am making an image gallery, and I wish to have a vote up button people can press to increment the number of votes an image has received. Obviously I don't want people spamming the vote up button, so I want to limit each user to 1 vote up.
I do not have access to any kind of database (except writing to files), and a login system would not be good for my target audience.
What is the best way to store whether a user has visited the page before? Would it be better to use PHP or JavaScript or something else for this?
Without an authentication system, you can limit the action of a user temporarily, but the user can trick your system to vote multiple times.
Here are solutions not using a login/auth system (and their drawbacks) :
You can store the upvote action client-side with cookies, localstorage or any other mean, but the user can clear all off that to regain the right to vote again. For most people it can be ok (depends on your audience), but any techy guy wanting to cheat the system will be able to do it.
You can store the update action server-side with a reference such as the user-agent or the IP adress. But these "authentication" system are not reliable : user can share the same user-agent and change them easily. Several user can share the same IP adress and use proxy to change their IP adress.
The third solution is to use an external system : a facebook +1 voting system (facebook uses its own auth system) or google+ or other external services. User won't be able to trick the system, but you don't own the upvote count on you side and someone without a facebook or google+ account will not be able to vote.
Personally I would go and find myself a database... but if you don’t want to use one, you can still write to a file. For example: Create an array and store the IP address of the user in it. Than write this array as JSON code to a file (json_encode) and store it. When a user clicks the like button, read the file, decode the json (json_decode) and check if the IP address exists in the file. If not: add to array and store to the file. The amount of likes, is equal to the amount of IP addresses in the JSON object.
The best way to implement this, is to make an ajax call when the like button is pressed. Than the visitor won’t see a page load.
Note: Technically you can set a cookie, to "remember" that the user already clicked the button. That would save you some reading of the file in which the likes are stored.
Some pages remember input via Back/Forward. So you can copy your stuff. I imagine thats tricky.
I don't know any coding languages so as an outsider:
Isn't it easier to just trigger a login popup on top of whatever you are doing when your sessions has expired and you use an action that requires you be logged in?
I need to know if thats hard or the guy who's doing my webpage is bullshitting me for cash.
(obviously don't get into any pop-up blocking cases - assume popups are allowed.)
To clarify:
If we make a cookie that effectively re-logs you every time your session expires, we might as well make sessions never expire. The point is to - every now and then ask the user for credentials without wasting their current page input. Thats why I asked if instead of redirecting the user to login or disabling the page, can't we just trigger a login inside a new pop up? I haven't seen it done very often on the web thats why I asked if its complicated.
There are several ways to go about doing this. As far as coding ability personally I wouldn't say it's difficult enough to charge you an arm and a leg, but the complexity does depend on the language, the organization of the site, and along with those things, it's completely relative depending on who you've hired.
I guess to give you an example of storing information locally when a user visits a website using javascript you can do the following:
// Store
localStorage.setItem("lastname", "Smith");
// Retrieve
document.getElementById("result").innerHTML = localStorage.getItem("lastname");
for a more in depth look at that example you can check out http://www.w3schools.com/html/html5_webstorage.asp
Probably, your problem can be solved very easily with the use of cookies in you page. Setting cookie will let the user logged in for the specific time as specified by the programmer.
If you are sure you just want some action to do if login session expired, then you need not to let the user perform some other action. Just store the relevant information in cookies instead of Session and user will be logged in.
Ask the person you hired for making the use of cookie.
For more details on how to work with and about cookies, visit this link
What do you recommend to use as "website sessions settings": I have few notifications (about using my web site functions) and I show them to user when he open the page first time. However, I do not want to show him everytime that he navigates the page.
My idea is to use some variable that is valid through session on my web site and terminates when user leaves it.
I am thinking of using php server settings and then use AJAX to set them, but it looks a little complicated. What do you think? Client session settings (if such exist) or global variables, or something else?
There are many ways to do so.
You can achieve that using HTML and Javascript using a cookie. (Take a look at [jQuery Cookie])1.
Check for the cookie when the user opens the page; if not found, show him the message and create the cookie.
I need to create a login javascript which I can save as a bookmark in my bookmarks toolbar in the browser and when I run it.. It should log me into my web application which is set up locally for my development purposes.
The idea is basically to remove the hassle to enter username and password repeatedly for logging into the web app for testing etc..
We had this done previously by some one in my last workplace, but just want to do it myself now.
You do better when you use COOKIES.
But if you want so, then construct link like:
javascript:location.href='http://my_host/my_system?autoLogin=1&username=USERNAME&password=PASSWORD'
Hope this is what you want but you need to optimize your system to be able to parse link like this.
Also I suggest using hashed (1-way encrypted) password.