Im new to Meteor/iron-router and am following the Microscope project/ file structure.
My question is :
I dont want the usual drop down login box with {{> loginButtons}}. How do I set up a stand alone authentication page as the primary loaded page if user is not registered or logged in? It will have the usual email/pw and social logins.
This is the basic router code for easy reference.
Do I just tweak the requireLogin part?
I also tried to use accounts-entry package but its fairly tough to figure how to use it.
You could also use an existing package from Atmosphere that provides a full-page login, such as UserAccounts.
One way to do this is to just roll your own implementation with the Meteor.loginWithPassword and Meteor.loginWith<ExternalService> functions. You can call these functions when the relevant buttons on your login page are clicked.
Related
My situation: we have a Shopify store, we also have a search engine implemented and hosted on AWS. We need to use that search engine instead of the default /search on our Shopify store.
Ideally, when users try to search something, their query (and potentially some other stuff like attribute selectors/checkboxes on the front end) will be passed to our search engine. Then after the result is back, they will be rendered at the front end.
My Question: how should I do this?
Option 1: modify the theme code, inject some javascript to call the search engine
(Possible, but messy)
Option 2: write an app, wrap my search engine within the app, and somehow plug it in the store
(I don't know how to do this)
Option 3: similar to Option 1, but write an app, use the app to inject some code to the theme, and somehow handle the work.
(I don't know how to do this either)
I found a similar post here: Write custom search app in shopify
but the answers below were more about filtering/modifying search result returned by the default shopify engine, I want to instead use my own search engine.
Essentially my problem was to redirect user search queries to my service, and eventually render search results on user front end. To do that i have found the best way was to write a Shopify App.
Here is my solution:
1, build an App, host it somewhere maybe ngrok, install it on the store: (https://help.shopify.com/api/tutorials)
2, use proxy to redirect the /apps/mysearch to where the App is hosted: (https://help.shopify.com/api/tutorials/application-proxies)
3, in the store, show users a form where action="/apps/mysearch".
4, in the app process the form data, do whatever we want. Eventually return a view back to the store containing the search result, be sure to specify "Content-Type: application/liquid" inside of the app so that the returned view works with shopify theme.
Note that all of the search happens outside of Shopify.
I think you should do this with Option 1. Though its messy but it work and save your time. You can also hire an shopify developer ( like me ) for help.
I'm pretty new to HTML, like 1 week new. I am making a web store and I want to be able to login into an "admin panel" to make it easier for me to manage my products. Add new, remove, rename etc. My problem is, I have my login information stored in the html code and I use if-statements to check the validity.
When I was testing the code, I was curious and wanted to inspect element. Unsurprisingly, there was my entire login information and anybody can have access to it.
I need to somehow hide it, or hide the login fields from users except me. But I do not know how to approach that. I thought of a few solutions like have a hidden part on the store page and if I click it a certain amount of times then it will show the fields. But I think I'm complicating it.
Any ideas are greatly appreciated. Thanks. Below is my function for logging in.
function login()
{
var username = "test username";
var password = "testpassword";
if(document.getElementById("username field").value == username && document.getElementById("password field").value == password)
{
var btn = document.createElement("BUTTON");
document.body.appendChild(btn);
<!-- hide the user name field after login -->
document.getElementById("username field").hidden = true;
<!-- hide the password field after login -->
document.getElementById("password field").hidden = true;
<!-- hide the login button after login -->
document.getElementById("login btn").hidden = true;
<!-- show a message indicating login was successfull -->
window.alert("Login successfull! Welcome back admin!")
}
else
{
window.alert("Sorry, you are not authorized to view this page.");
}
}
And this is a screenshot of the inspect element. I don't want anything too crazy like a database because I'm the only user, just a way to be able to access the admin panel without exposing myself. Thanks again.
Inspect Element Screenshot
EDIT:
I am not using my own server, I am using Wix.com to make the initial website and then using the HTML widget to create a webstore. I don't think they allow people to have any communication with their servers whatsoever.
Username and password validation should never be done on the client side. It should always be done on the server. Do not use javascript for this task. Allow your user to enter their username and password in a form, and then submit the form to a server side script to validate their credentials. Doing it on the client side will never be secure.
There's no easy solution to your particular request, but before I oblige you with the details I'd like to stress three very important points.
1: Javascript is not Safe
Javascript is a client side language, which means every piece of data you'll ever be dealing with that comes from your user can be directly modified. These include, but are not limited too, any values or attributes of HTML tags, inline Javascript, loaded image files, etc. Essentially, anything that is cached on the user's computer can be modified and might not be what you're expecting to receive.
As such, a Javascript authentication system is absolutely not safe by any definition of the word. For a local page that only you can access, it would do the job, but that begs the question of why you need authentication in the first place. Even then, as a new developer you'd be widely encouraged to never try do it anyway. There's no point practising and learning how to do something in a completely insecure way and nobody is likely to suggest it.
2: Authentication is a tricky topic
Authenticating logins is not an easy thing to do. Yes, it's easy to make a login script but it's not easy to do it properly. I would never try to discourage anyone from making something themselves nor discourage a new developer from pursuing any goal, but authentication is not something you should be learning only a week into HTML. I'm sorry if that comes across as harsh, but there are people who have been masterminding applications for years who still don't do it securely.
3: Third Party are Best
It's possible to make your own authentication system that likely only the most determined of attackers could access, but it wouldn't involve Javascript authentication. Consider Javascript to be more of a convenience to the user than a solution for the developer. Javascript can do some remarkable things, but being a trusted source of data is something it will never do. Please understand this important point, because the source code you have provided is riddled with security flaws.
--
Now, on to what you want to do. Identifying that you're the "admin" user is something you're putting a password in to do. If you could figure out you're the owner of this site before putting in your password, you wouldn't need the password, right? In short, you can't do what you want to do; not reliably, anyway. It's possible to only show those forms if you're using a particular IP, but IPs can be masked, imitated and changed, which makes it insecure.
There are several third party authentication methods that you can use to do all the heavy lifting for you. All you do is put the fields on your page and they'll handle the rest. You can use any Social Media login (Facebook, Twitter, Google Plus, etc) or you can use O Auth, which deals with all the heavy lifting of authentication for you.
I don't mean to discourage you, nor anyone else, from pursuing their own authentication methods but if I'm honest with you I think this is something way beyond your skill level that you shouldn't be considering right now.
If you serve the pages via a server, you can enforce basic HTTP auth. Should be really simple to set up and you would have the benefit of a standard of security.
Here are the Apache docs for this, for example.
Is it possible to execute JavaScript (in template) just after successful login event or just after a successful logout event. If yes, How?
I don't want to asscociate this with login button click or logout button click on JS level because
Clicking the button is not a guarantee for successful login/logout event
I have a lot of login and logout buttons, many templates and partials so looking for a centralized solution
By the way i am also using python-social-auth.
Here's how I'd approach it.
Make a view which has a template which contains the JS you want to execute on login (it could even be a basically blank page which redirects to somewhere else, or a template which extends another template... there are a myriad of ways to be DRY here, I think).
Set SOCIAL_AUTH_LOGIN_REDIRECT_URL, SOCIAL_AUTH_NEW_USER_REDIRECT_URL, and/or SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL (whichever of those you decide to use in step 3) in your settings.py.
Make an entry in your urls.py which makes that view accessible to either SOCIAL_AUTH_LOGIN_REDIRECT_URL (or both SOCIAL_AUTH_NEW_USER_REDIRECT_URL and SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL, if you only want it to execute for new users of your site).
I'm getting those settings variables from the django-social-auth docs.
I need a age verification on loading of Magento Homepage, I have the Javascript code for that, But in which page i have to give these codes, Any magento experts please reply.
I am Very new to PHP and Magento.
Example :http://www.smirnoff.com/en-us/newmain/home.aspx#axzz2q6ksBK1y
Are Guests allowed on this Shop/Catalog or is it Members only?
Members only:
You can do a isLoggedIn(); and verify the age during the member registration process.
$this->helper('customer')->isLoggedIn()
If it's a Guest and we're just putting in a DOB check via a Form, and then doing a pass/fail with a result in a custom form loaded by your custom template file (.phtml) in your theme.
Either approach can be done with a "Modal" window with Javascript via Jquery (and no conflict) or with Prototype/Scriptaculous.
prototype: http://okonet.ru/projects/modalbox/index.html
jquery: http://webdesign.tutsplus.com/tutorials/htmlcss-tutorials/build-a-popup-modal-window-using-the-jquery-reveal-plugin/
jquery tutorial: http://www.queness.com/post/77/simple-jquery-modal-window-tutorial
Hope that helps you go in the right direction, it will take some programming know-how either way.
Is there an easy way to let users update their status on Facebook with a message I have in a JavaScript variable? I know there's a URL you can use to share a link, which looks like:
testlink
That doesn't fill in a status update when it takes them to the share page. Is there a way I can have that pre-filled, or have their status automatically updated?
Thanks!
Edit: Not quite what I'm going for. I can use PHP if necessary (although I have very little experience with it), but I don't want to have to bug users with allowing an application, or have to deal with actually writing a facebook app. I just want to give users a premade status update, so all they have to do is click the 'share' button. Thanks again!
Edit 2: So the api looks promising, but a little complicated for me. It looks like it would involve getting permission from the user to set their status, and possibly something about setting up a cross-communications channel to let my site communicate with facebooks. Assuming I can do that, how do I go about using the Facebook Javascript api? I get the code (user_setStatus looks easy enough), but how do I tell my script that I'm using Facebook's api? Thanks again...again!
Try this:
http://www.facebook.com/connect/prompt_feed.php?&message=my%20awesome%20status
[EDIT]
Link is not working please update it.
Is the facebook javascript API not what you're looking for? It seems to expose the entire REST-ful API as a javascript library.
users_setStatus(...) looks promising.
Not sure if you're using PHP but here's a link that shows you how to use the Facebook API to update the status. You could call a page with Ajax from Javascript, passing in the variable and have that posted to the Facebook status message.
http://fbcookbook.ofhas.in/2009/02/07/facebook-reveals-status-api-how-to-use-it/
Using just mcqwerty solution you'll get an annoying resize screen effect.
But, you can add a parameter in order to avoid this flickering. Display touch will avoid this.
https://www.facebook.com/connect/prompt_feed.php?display=touch&message=Hiall
Here is working example which requires application ID, but fully working and it is easy to implement:
<a href="http://www.facebook.com/dialog/feed?app_id=123050457758183&link=http://www.build.server.com&picture=http://fbrell.com/f8.jpg&
name=Some%20Encoded&Message=Reference%20Documentation&
description=Using%20Dialogs%20to%20interact%20with%20users.&
redirect_uri=https://arapskirjecnik.web44.net/"> Share with FB</a>
see more here
here is the way which works and it doesn't requires facebook application id:
<a onClick="window.open('http://www.facebook.com/sharer.php?s=100&p[title]=Title&p[summary]=summary&p[url]=www.build.server.com&p[images][0]=http://fbrell.com/f8.jpg','sharer','toolbar=0,status=0,width=548,height=325');" href="javascript: void(0)">Insert text or an image here.</a>
As you can see from above code you can enter custom title, summary, link and images.
and if you want to automate, to share current link, youst replace this part of the code in upper example:
p[url]='+ document.URL +'&p[images]