Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I have a contest site, I want it to prevent people going on it when they have submitted the form on the page. Is this possibe?
Thanks
You could build system where users are required to enter their email address, and enter a verification code which is sent to them. But they would only be able to enter this verification code once. Therefore, the only way of cheating would be to use two separate email addresses (and they would have to have access to both).
Cookies would not be the best option for this as anyone could clear their cookies.
It's not necessarily possible to stop users requesting a page, however you can either redirect them to another page or show some kind of error message to them, to tell them that they can't resubmit.
Presuming you have some kind of user registration in place already (and are tying competition entries to those users with an ID) then all you would have to do is check for the existence of a competition entry in the database and then, if one is found, either force a redirect (likely in <script> tags) or replace the rendering of the page with the notice that you can't resubmit.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 months ago.
Improve this question
I'm fairly new to coding, and when I try to find a way to lock my website behind a username and password field, every tutorial just hides them as a plain variable in some random file. I'm wanting to make the website only accessible once a username and password have been entered, but I want the usernames and passwords to be made and managed by myself, so only people I know can access it. If this is a really obvious thing I apologise, but if it's something that I can specifically look up please let me know so I can do more independent research.
There's no good way to do this on the frontend alone.
every tutorial just hides them as a plain variable in some random file.
Sounds like some pretty shoddy tutorials. Anyone could look at the source code of the site and get in.
The right thing to do would be to:
Hash the passwords (one-way encryption so that the original password text cannot be recovered, even if someone gains access to the hash)
Save the passwords in a database or (if there aren't many) in environment variables on your server
Set up routing on the server so that if the user isn't authenticated, none of the protected content gets sent to them in the first place - redirect them to the login page. (Don't serve the HTML of a protected page and then try to do validation from that page; with that approach, users would still be able to open up the developer tools and bypass your restrictions, by inserting their own code and removing your own).
Anything on the client-side can be tampered with and bypassed; gate requests behind the server instead, which is (or, has the potential to be) much more secure.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
So my company wants to do a small experiment and generate an email that'll be sent to about 50 workers. The email will include a link to a website (stored on our local server) and I need to be able to determine exactly who clicked the link (I have a list of all email addresses) and add the email address of the "victim" to another list. I think there's a way to do that with Node.js and Express but I'm not sure exactly how to track those clicks. Any ideas?
I'm aware that a script like that should come before the user enters the actual website and I can deal with most HTML, CSS and JS programming myself.
Thanks a bunch!
...and I need to be able to determine exactly who clicked the link...
It depends.
If you have some form of single-sign-on implemented across your intranet, then you can at least know what user account was signed in when they followed the link (which doesn't guarantee you what user it was, but people really shouldn't leave their workstations unattended and unlocked), assuming your Node.js application gets that information.
Otherwise: You can't, reliably. What you can do is make the link slightly different for each recipient (perhaps a code at the end in the query string), keeping track of which code you sent to which recipient, and then when they follow the link look at the code in the link they followed.
It's unreliable for at least a couple of reasons:
A user could remove the code
A user could share their link with other users, who then use it
Similarly, trying to use the user's IP address or MAC address only tells you...what the IP address or MAC address of the connection was, not who the user was.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
Is it possible to remove the parameters from a url after they have been used by using either php, JQuery or Javascript?
I would like to do this because I have jquery functions that are triggered by results of $_GET and at the moment if the user refreshes the page the functions are called again.
So that you can understand why I am doing is...
My site will only allow one person at a time to log in with each account and to prevent multiple simultaneous there is a db value changed when the account is being used. Problem is I can't count on the user to log out without just closing the browser which means the value doesn't get changed and they can't get back in. To get round this I have given the user the ability to close the other open session when they try to log in from another device. At this point, when either the session on the other device has timed out or the other user clicks on a link, they are redirected to the home page with a message explaining why they have been logged out and the name of the person that did it.
The params in the redirect url triggers the message and has the name.
I have found lots of ways of removing params before the url is used but nothing about after which makes me ask the question is this possible?
As I said before, you COULD go to the trouble of turning on url rewriting and create a .htaccess file that checks for the GET parameters and deletes them from the URL.
However, it may be better and easier to choose another option.
Such as setting $_SESSION variables prior to redirecting to the home page (with no GET parameters. Then you can just check for these session variables that indicate that the user is has been forcefully logged out and contain the message.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Is it possible to recover if someone is visiting my website using a fake user agent? If yes, can someone please tell me how can find out this information?
Thank you very much!
You can check the user agent from PHP like from this global variable $_SERVER['HTTP_USER_AGENT']. But if someone is using a fake user agent which claims to be something else* it's going to be difficult to spot.
This shouldn't really matter unless they are a hacker who is able to find some security weaknesses in your site and use those to do something nasty like access your database, delete all your data or download your users' credit card numbers.
The solution to the hacker problem is make sure your website is secure.
This is called 'spoofing' as #JAL mentions in his comment above.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Improve this question
I am trying to make a button that will allow me to send a preset message to an email address. I don't want it to be a form, or an email tab that sends the message. I just want to be able to click a button, so that I can send this premade message. Is there any way that I could do that?
This may not be the exact answer you're look for, but an easy alternative would be:
Send Message
Make sure you replace spaces with %20
You can add an <a> tag with a mailto: href:
<a href="mailto:someone#somewhere.com?subject=your subject&body=your message">
Click here to email me</a>
Yeah, but you're going to need some sort of backend, like Python, .NET, Rails, or PHP. When you click the button, it would have to be either a link or a form submit button that sends a request to some backend page that handles actually sending the email.
Each backend has its own specific way of doing this. You would need to specify which language you wish to use for anyone to provide further help.
You would need to write a serverside script to send the email. Your button could fire an AJAX request to the serverside script to send the email that way.
Unfortunately there is no way to send emails strictly using HTML or javascript (with Node being the exception).