I'm making a prototype of a website like this
Original: http://imageshack.us/a/img513/6013/tavor.png
My website: http://imageshack.us/a/img507/8461/manok.png
The picture on the right is the div id ovsian, the small one on the left is ovsia-mini
<div id="ovsian" name="ovsian" value="15" onclick="test()">OVSIA 15r</div>
<script type="text/javascript">
document.getElementById('ovsia-mini').style.backgroundImage="url('http://localhost/musli/mini.png')";
var kaina = this.ovsian.value;
$('#price').html("kaina");
}
</script>
I tried to do it this way but then realized that you can't put a value to a div element (at least with html).
How do I set the price value of "ovsian" (right on picture) to 15 and then onclick add the 15 to the total price and print it in the gray box at the left?
What technology should I use? XML, AJAX? PHP/MYSQL? I don't know any of them.
I'm planing to pass the final price&product selection around in a cookie. I know it's a security fail but there is no personal information in a simple shopping cart like that, so session hijacking and all that stuff is not a problem.
How hard do you think a project like this is? What would be the best way to do it?
The purpose of the website is mostly learning so all the detail you can write would be very appreciated :)
When you talk about technology, it will depend on your skills.
You have mentioned AJAX, PHP/MySQL. I deduce that you are talking about javascript to handle the client side processing and PHP/MySQL the backend. These languages will definetly work and they are pretty easy to learn and use, plus there is a great community around them.
I would also recommend learning the jQuery framework. It makes client side programming very easy.
You also mention XML. XML is mostly used for data exchange between the server side and client side. While it works, I prefer using JSON, which is easy to manipulate and handle both on the server side and client side.
Related
I am a newbie game maker that making some web games with the language of JS, HTML and CSS. But the problem is i can't prevent the right click inspect hacking thing, so a people hacked my games by using this method.
My question is, how can i prevent this method to not to being hacked...
Here is my game http://ozansiar.com/mario/oyunok.php
Here is the score page http://ozansiar.com/mario/skorekran.php
as you can see it can be hacked...
Language is Turkish, sorry for not doing this in English, but i will.
Second question is, how can i improve my game developing? I heard that phaser is a good engine, so i'm doing a research for reach to some tutorials. But also, i need some good advices from you...
Sorry for my newbie questions, but i do need some good advices to improve my web development and also game development skills... Thanks so much!
Note : Games are made by what i learned from stackoverflow community... So also thank you very much for this.
Client-side code (HTML, CSS, JavaScript) is called "client-side" because it is downloaded to the client and executed there. There is absolutely nothing you can do to protect this code from users seeing it and modifying their local copy of it. Even storing your JavaScript in an external file and linking to it does not solve the issue. The same is true with obfuscation.
All protected code should exist on a secure server and execute there in a "server-side" architecture, such as .aspx, .PHP, .jsp, etc.
So I just ran through the game and "hacked" it. The problem you have is that you use forms and hidden inputs to send the game results to the server, first when the user finishes the game you submit the time it took them, then on the second page you send their final score in a hidden input. Both of these can be easily modified by the user before they're submitted.
What you could do is create a checksum of the hidden values that you don't want the player to modify. After they're posted to the server, use the values to re-calculate the checksum in PHP, and if it doesn't match the checksum submitted by the browser, don't accept it.
This won't stop people from hacking your game, but it will make it more difficult. If they absolutely want to fake their score, they can look up the javascript function you use to generate the checksum on the client side and use that to generate a new one with the values they want, so it's not 100% secure.
As for the final score, I'd suggest you use a session for that. Your skor.php file generates a form with the final score in a hidden input. Why? Just dump it in a session property, and read that back in skorislendi.php. That way, the user won't be able to edit it.
You can't prevent the client, i.e. the player, from hacking client side materials, i.e. client-side scripts, HTML and etc... Any legitimate actions that your scripts perform on the client side can be faked. At best, you can mitigate such hacks by obfuscating your JS code and post data. This makes it harder to hack but doesn't save you.
In the end, ask yourself this one question. Is security essential to my game? If it is, then worry about it. Otherwise, build what you can and from an agile point of view, add features, such as security, when NECESSARY.
I have an internal .NET 4.0 web forms app with a sql server backend. I have a menu on the home screen that I need to show/hide parts of based on which groups the user is in. I am struggling with the best way to do this. In the past I have called js functions from the code behind using ScriptManager.RegisterStartupScript. However, I feel like this is bad practice and don't want to keep doing it if it is. I know I could just set my html table cells that need manipulating to runat server and add the property in the code behind when I lookup the user's security. Should I do that and forget about trying to go back and forth between the code behind and js? Or, is there a way to accomplish this that is good web programming practice?
Seems like this is a common scenario, which is why I think I'm missing something obvious. Lookup something from database, then execute js to manipulate front end.
Note: I bounce between plain js and jQuery, so feel free to answer with either.
I've been working on a dynamic webpage that uses quite a bit of jQuery. I'm going to give my users the ability to post short messages similar to Facebook or Twitter and I want to use PHP/mySql to do so. So while most of the page will be written in Javascript/jQuery, I will have a div positioned on the side displaying a Facebook like status feed.
My question is this...Is it ok to readily mix PHP and jQuery/Javascript or will this lead to problems?
I'm fairly new to programming so I thought I would ask
Yes, that is perfectly fine, and in some situations a perfect solution, combined the powers of both.
Good to remember: Never trust the input of javascript (clientside data), it can always have been altered to mess up your website. BUt the same for for plain'ol'inputs.
To give you an example right here in SO, when someone votes, you will see the 1-up aswell-> ajax.
Its not a problem at all. Look into AJAX, as its designed to do exactly what you're trying to do: communicate from Client to Server in the background. This way you don't have to load a page just to send/receive data to/from the server.
For example I have a (feedback area) on my website, its a text area, when users type into this area and click a button, I would like Javascript to take thier information and write it to a feedback blank oage or place it in an array which I can use for a feedback update area
Any ideas thoughts??
This is what forms are designed to do. You are probably going to need a middle tier app like php, asp or coldfusion .
Using some server side scripting such as ASP, PHP etc as invertedSpear suggests will be the easiest way, would strongly suggest looking at the tutorials over at w3Schools or Tizag for code snippets.
Alternatively if your web hosting provider does not support server side programming (it's rare but some don't) then there may be a way using a Javascript / AJAX call and Yahoo Pipes to store the data and use JSON to display. However this is a method of last resort being way more complicated than a simple PHP form.
When I say "Vanilla Coding", I am referring to websites that don't utilize server side coding (such as PHP, ASP, etc.), only HTML, JavaScript, and CSS.
I know that there are a plethora of sites that already exist that don't utilize (to my knowledge) any of the common, server side languages used by many others (PHP, ASP, etc.), but still function just fine!
I am confused! How do these sites continue to save login information, keep records, etc. etc. without using a server side scripting language? Is there something that I am missing? Can JavaScript access more (such as databases and local files) than what I thought it could?
EDIT
Turns out I've made a serious and shameful mistake in assuming that just because it ended with a .html extension that it was client-side only. That is okay though because I'm learning. Thanks so much for the help everybody!
Essentially, unless you have some sort of server-side programming, you don't stand a chance at making a site with any amount of functionality. To break it down for you:
What you can do without server-side scripting:
Serve static pages
What you need server-side scripting for:
Absolutely everything else
Even something so simple as keeping a site consistent and up to date is a nightmare on wheels without, at the very least, some some sort of management system that pre-generates the static pages to be served. (Technically, one could argue that Copy+Paste in Notepad counts as this.)
As has been mentioned elsewhere; obfuscating the true nature of precisely what system is being used is trivial; and having URLs ending in, say, .html while using PHP is no issue.
Edit: In the most perverse case I can think of off the top of my head, you could have a lighttpd server masquerading as an IIS server, serving pages generated by an offline renderer fed to it by a Perl FastCGI script, sent together with PHP signature heading and using a mix of .asp and .jsp file extensions.
Of course, noone would do something as silly as that. I thinkā¦
No client side script can access server side information (like a database) without some sort of server side communication (through something like ajax or the like)
If you really ( i mean really as in don't do it ) want to do logins and the like on clients side, you would have to make some sort of cookie that you store on the user's computer, also you would need a list of users (which anyone can read) to use against
This answer is very late but I leave this reply for anyone who may stumble upon it.
Using javascript/jQuery, and various APIs a simple site can be created only using client-side coding.
For instance, a simple shopping cart type of site can be created. I've done it before.
There are few (not many) strictly 100% jQuery based shopping cart solutions that are open-source.
How does the PG (pay gateway) get taken care of? You are limited to accepting payment through paypal, google checkout, and direct deposit.
What about allowing customers to leave comment? You can use API's like Disqus. What about chat support? Zopim is pretty handy.
How do you get notified when purchase is made? Paypal & google checkout notifies you.
What about sending mass email? Mail Chimp.
Personally, I almost always use WordPress or some other types of CMS but using only vanilla coding to build a simple site is not only feasible but very sensible in certain circumstances.
You're not going to see whether a site is using a server side language unless they let you see the file extensions. With URL rewriting, MVC patterns, etc., it's easy to hide, or even fake that information. Therefore, chances are very good that the sites that you think aren't using a server side language are actually using one.
Now, a site can save certain information in cookies, such as some basic preferences, but any authentication they appear to be doing wouldn't actually be doing anything without a server-side script accessing a database somewhere.
As a side note - I have worked on a site where the content was actually static, but made to look like a blog or CMS. It was an absolute nightmare and hugely error-prone.
What are these sites that you think aren't using server-side scripting?
Nowadays a lot of sites are using Javascript as a server side solution, Node.js being the most popular. Check out this list: https://github.com/joyent/node/wiki/Projects,-Applications,-and-Companies-Using-Node