I am trying to create an html file that open a web page in default browser and login,
the page is in company intranet, and is .aspx strctured.
The page contain user, pwd field and a link to complete login procedure.
the related source row is
<a id="lnkAccedi" href="javascript:__doPostBack('lnkAccedi','')"
style="background-color:Transparent;font-family:Arial;">Accedi...</a>
and the simple code i've already tested is
<script language="JavaScript">
window.open("intranet_web_page","_self");
</script>
where intranet_web_page is the URL of my login page.
I tried to call the function defined in webpage source as "__doPostBack('lnkAccedi','');" in the script tag of my html file, but not work at all.
How can i do that?
Thanks in advance.
Actually I'm not an ASP user, but I believe that __doPostBack is a user defined function, you should defined it as a javascript function under the script tag.
And one point, I don't think that __doPostBack is need a parameter.
So if you want to create redirecting the user after authorized it without change the url, you can use jquery post method to post your data, then retrieve the server response under callback function to detect that user was authorized or not
I'll give you sample code, but actually I'm not tested it yet.
In HTML :
<form name="loginform" action="test.asp" method="POST">
username : <input type="text" name="username" placeholder="please put your username here." /><br>
password : <input type="password" name="password" placeholder="your password here" /><br/>
<a id="lnkAccedi" href="javascript:__doPostBack" style="background-color:Transparent;font-family:Arial;">Accedi...</a>
</form>
On script:
function __doPostBack() {
var usernamestr = document.loginform.username.value;
var passwordstr = document.loginform.password.value;
$.post("authorize.asp", { username: usernamestr , password: passwordstr },
function(data) {
if(data = "success") {
window.open('newwindow.asp','_self');
} else {
alert("Username or password was wrong");
}
});
}
Last, suggestion :
I think you don't have to control login process in the front end, because it's very dangerous, anyone can recreate your code and hack to your server, because it is client side. You should give the process control to the back end server.
Do NOT do any kind of authentication with JavaScript!!!
Do your login authentication on the ASP code-behind and then pass a success condition where you can use
response.write
to open a new window. I do a similar thing opening a messenger window. On login success I have the following code:
Response.Write("<script> var win =window.open('chat.aspx','mywindow','width=700,height=450,left=800,top=10,location=1'); win.close();</script>") //closes the window if it is already open
Response.Write("<script>window.open('chat.aspx','mywindow','width=700,height=450,left=800,top=10,location=1')</script>") //open the window
Again, that is how I call the script from the code-behind.
Hopefully that points you in the right direction!
Related
In my form, I have a user enter in a link, and my goal is to redirect to that link. However, my problem is that whenever I try and get the user to redirect, the form wont redirect to the page. Several people have recommended this:
<form>
<input type="text" name="blah blah blah" id="url">
<input type="submit" onclick="return submit_form()">
</form>
function submit_form(){
window.location.href="a url";
return false;
}
However, when I do this, my server does not receive the input by the user. How can I fix this?
Edit:
I have also tried this:
function submit(){
url = getElementById("url").value;
window.location.href = "url";
}
When you use browser javascript to set window.location.href to a URL, your browser immediately navigates to that URL without intervention from your server. It's similar to typing a URL into the browser's location bar.
If you want your server to do the navigation you need a more complex setup. On your browser, something like this.
<form action="/your/server/route">
<input type=hidden" name="redirect" value="https://example.com/where/to/redirect">
<input type="text" name="blah blah blah">
<input type="submit" >
</form>
Then in your node code handling /your/server/route ...
if (req.body.redirect) res.redirect(req.body.redirect)
That way your server tells the browser to redirect as part of handling the post of your form.
Security tip cybercreeps can misuse the situation where you pass a redirect URL from a browser to your server. Always validate req.body.redirect to make sure it matches what you expect before you use it to actually redirect.
My Form Works Successfully But in website URL it only Shows the address to a Form.I have multiple Pages in which the Form button shown.All I want when a user click on The Form for Page A for that Particular page it should shown as
"www.form.com?test=page A" - this should displayed on website URL
or when the Form is submitted the receiver should view that this form coming from Page A..In the Form field I hidden this fields name 'Test' so the user cannot see it but only the receiver can view it that its coming from Page A
On my Html code I have redirected to the Build in Form.
Here is my java script code
<script type="text/javascript" src="http://test.com/form/y.php/test2"></script><no1script>Online Form - </no1script>
How to show it to my Website URL
I understand your question as "How can I redirect with a specific GET parameter?", correct me if I'm wrong.
The solution for that would be quite simple: Append the GET parameter to the forms action:
<form action="target.php">
gets
<form action="target.php?test=page_a">
so that on target.php if you evaluate the GET values, test has the value page_a.
If you're trying to hide the post data, you can try something like:
<form action="https://test.com/forms/discount" style="display:none">
<input type="text" name="couponCode" value="secret">
<input id="myform" type="submit">
</form>
<script>
document.querySelector("#myform").click();
</script>
Note: This won't stop any web ninjas, so you should think of something else, like web tokens that function sortta like private public keys.
I would like to do a web site using Aptana IDE and xampp, and it has a few pages. Index page is where all users which does not log in the system and home is where all users which does log in the system must visit. I am very new to develop web site. Because of that I am changing a lot of and vital things during the development. An here my problem is began.
I have created log and sign pages separately using HTML5, CSS, Javascript, JQuery and Php. To achieve more quality service, decided to use also Ajax. These pages works correctly, log page can control validation with jquery
$('#login-form').validate({
//validation rules, messages and submitHandler(ajax code) goes here});
and with using ajax, it can communicate with php file and mysql database so can check whether the user is exist or not.
$.ajax({
type: 'POST',
url: 'log.php',
data: strAjax, //username and password
success: function(data) { //data is echoing from php file either as true or false
if(data) {
window.location.href = "home.php";
}
else {
//some error messages
}
}
});
Sign systems works like it and correctly. But I do not like the design of these pages because of emptiness. So in index file when user click log in button, the log file is showing inside a div with jquery load function.
$(".jumbotron").load("login.html").hide().fadeIn(1500).delay(5000);
Same thing for sign system as well. For good looking, I am satisfied but...
The whole system messed up. (I want to cry) I have to think before start to coding web site, very bad I know but this is my first complete web site. How can achieve a system working properly in this way? I have searched some pages on the internet and they said that the ajax can not work across the pages or something like that. I am also new to stack overflow too, so some important thing will be forgotten. I can edit if you want more information.
Thank You and Regards...
EDIT 1:
<div class="jumbotron">
<div class="container">
<h1>//sometext</h1>
<p>//some text</p>
</div>
</div>
Firstly this is showing on the screen. And when the user press login button, jquery load function running which is above. And loads login.html which works properly by itself.
<form id="login-form" class="text-left">
<div class="form-group">
<label for="lg_username" class="sr-only">Username</label>
<input type="text" class="form-control" id="lg_username" name="username" placeholder="username"
data-container="body" data-toggle="popover" data-placement="left" data-content=""
value="">
</div>
<div class="form-group">
<label for="lg_password" class="sr-only">Password</label>
<input type="password" class="form-control" id="lg_password" name="password" placeholder="password"
data-container="body" data-toggle="popover" data-placement="left" data-content="">
</div>
<div class="form-group login-group-checkbox">
<input type="checkbox" id="lg_remember" name="lg_remember">
<label for="lg_remember">remember</label>
</div>
<button type="submit" class="login-button">Submit</button>
</form>
The jquery validation works right. My rules are valid. If the inputs are ok upon my rules, it send me to home.php. I think ajax code can not work.
submitHandler: function() {
var username = $('#lg_username').val();
var password = $('#lg_password').val();
var checkbox = $('#lg_remember').is(":checked");
var strAjax = "username=" + username + "&password=" + password + "&checkbox=" + checkbox;
$.ajax({
type: 'POST',
url: 'logDeneme.php',
data: strAjax,
cache: false,
success: function(data) {
if(data) {
window.location.href = "home.php";
}
else {
//error message. but when this code run, always send to home page.
}
}
});
return false;
}
This parts all works. It does not works inside index.php. My question is why and how to handle this!
Problem 1
Your form is submitting via a GET request because the JS is not getting called (see #2 below) and the HTML is likely declared like this:
<form action='log.php'>
[...]
</form>
You must specify method='post' to submit POST data.
Problem 2
Unless you're using a jQuery plugin there is no .validate event for forms. You want to use .submit.
Finally, make sure all your javascript is in $(document).ready(function() { ... }); or it won't execute at the right time. Look in the Firefox/Chrome developer console, it's a lifesaver for debugging.
I got specs that need a little work before I can be sure it can be implemented. I'd appreciate to hear comments and suggestions on the following scenario:
I need a web software where users log in. All users have a user account AND can have 0-3 secondary user accounts, which they can use via the main website while authenticated. The secondary user accounts are controlled by a third-party javascript library, but I can control the usernames and passwords that are stored in a database.
Goal is to enable users to not have to authenticate several times, only using one user account and the ohter ones should work automatically via script.
So, is there a viable, secure and proper way to accomplish this? I know playing with user names and passwords in script is a security issue in itself but hopefully I can find the next best thing if this can't be done properly. I will use Asp.Net MVC as a platform, with all calls made using ajax, so the software will look and feel like a single page application. The underlying technology is irrelevant though, any server side technology can be used here.
There are some options to play with:
Basically I can use any user name and password for authentication, it's just a matter of which fields in which tables to compare
I can force all of the user accounts' passwords to be the same so user doesn't have to remember/use many passwords
I can retrieve the secondary user names from db in the login call so the website will have access to secondary user names, but obviously I can't do that to passwords as they are hashed/salted in the db
Here's one thought I've been toying around with:
First show a login page. Authentication is done via ajax and credentials are saved on the login form, which gets hidden when user logs in. In the success callback event of the login call we can show the main content that the ajax call can return (this could be something like the main page of the authenticated users. Since the original credential fields are still on the page they can be accessed via script and used for the secondary system credentials.
However, I'm not convinced this is a secure way to handle the secondary system logins, even though I could have https throughout the site. I just don't know what the actual security issue here would be. Comments, experts? Better ways to accomplish the same?
The login page and main structure could look like this (a VERY simple example):
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<script type="text/javascript" src="/Scripts/jquery-2.1.0.min.js"></script>
<script type="text/javascript">
function VerifyUser(name, pass, remember, container) {
$.ajax({
type: 'POST',
contentType: 'application/json; charset=UTF-8',
url: 'Account/VerifyUser',
data: JSON.stringify({ "userid": name, "password": pass }),
processData: false,
success: function (response) {
if (response.Success) {
// Here I could stash the password somewhere if needed.
// It's not visible in the source code but it is accessible via jquery
$('#secondarypass').val(pass);
// Here I can show the html data that the ajax call could return, or
// send out another ajax call to retrieve the actual content separately.
//Show here data that was returned by ajax call in response object. This could be a main page etc
$("#maincontainer").show();
$("#maincontainer").html(response.Message);
$("#logincontainer").hide();
}
},
error: function (a, b, c) {
$("#maincontainer").show();
$("#maincontainer").html(a.responseText);
}
});
return false;
}
</script>
</head>
<body>
<div class="page">
<input id="secondarypass" type="password" />
<div id="logincontainer">
<input id="UserName" name="UserName" type="text" value="" />
<input id="Password" name="Password" type="password" />
<button onclick="javascript:VerifyUser($('#UserName').val(), $('#Password').val());">Log In</button>
</div>
<div id="message"></div>
<div id="maincontainer">
<!-- this is where the main content of the software would be -->
</div>
</div>
</body>
</html>
And the ajax call could return something like this
<script type="text/javascript" src="/Scripts/secondarysystem.js"></script>
<script type="text/javascript">
function SecondaryLogin() {
var data = {
'username': 'mysecondaryusername',
'pass': $("#secondarypass").val() //NOTE here I could access the password-stash I set up earlier
};
var system = new SecondarySystem(); //This could be an object from the secondarysystem.js library
system.LogIn(data);
// this could have a onsuccessfullogin callback event, where we could populate some secondary system specific data to the div below
}
</script>
<div id="secondarycontainer">
</div>
In this setup a page refresh would cause problems, but I can disable f5 (or replace it with reloading the right content) and at least add a dialog saying "refresh will force you to re-login, sure to leave this page?" etc.
The thought you 've been toying around , sounds good, and it has been practiced by many of us. there are few problems you mentioned you dont want to face, here are some points you can keep in mind if you really gonna make it a single page application.
1.Refresh F5
If refresh is your problem you can probably use localstorage so your username and password are not lost when page refresh.
Is it secure ?
I think you can store your password variables encrypted so you only decrypt it when you need to authenticate the user. For encryption you can refer to https://sourceforge.net/projects/pidcrypt/ (URL update).
I am developing a django web app in which I would like to have a registration process. In this registration process I have of course a form asking for name, email and password. What I would like to do is, send the form via post to 2 different places. One of which is of course the registration database which saves the password and the like, and the other being the Emencia newsletter app. In the case it helps, Emencia only needs email and a name (optional).
So how can I do this with only one form, 2 places to send it to and, taking just some of the data of the form and not all?
Thank you!
While I agree that the better approach is to handle this on the server side, let me correct that it is very possible to submit the same form to different server side scripts.
See the page below for the script and some demos:
How to create a multi-submit form
It works in IE, Firefox and Chrome.
You can't. There is no way to send a form to two ressources.
What you CAN do is send a HTTP request in your register script to the newsletter script, e.g. using urllib2.
To do this you would have to use Javascript & AJAX
http://www.tizag.com/ajaxTutorial/
This kind of trickery used to work in most browsers but...it seems that it only works in Firefox now. Adding a delay between the two submits makes it work in IE but not Chrome. I'm actually amazed it still works in firefox :)
<html>
<body>
<form method='post' action='place1.php' onsubmit='this.action="place1.php";this.submit();this.action="place2.php";this.submit();return false;'>
<input type='text' name='thing' value='something' />
<input type='submit' value='send' />
</form>
</body>
</html>
Here is a solution with jQuery...
$("input:submit").click(function(e) {
e.preventDefault();
// javascript validation
// run this if validation succeeds
$.ajax({
url: "url to emencia newsletter",
type: 'post',
data: "Email=" + $("#emailField").val() + "&Name=" + $("#nameField").val(),
success: function(result) {
// do stuff
$('form').submit();
}
});
// could also go here if you don't want the success callback -- $('form').submit();
});
So what happens is you click your submit button. The e.preventDefault tells the browser to stop the form from submitting. You then run an ajax request to submit to emencia. On success it submits the original form. I am not sure if you need to put the form submit in the success or simply place it after the ajax request. I don't think it really matters.