I need to check that the user is still logged in so that I can prevent them from even opening the form if their session expired (logged out but page hasn't been refreshed).
Here's the pseudo code of what I was trying to do, doesn't work obviously.
// some view.html
$('#someform').click(function() {
ajax(URL('login_status'), [], '');
});
// some controller.py
def login_status():
if not auth.user:
redirect('index')
If you want the full page to redirect as the result of an Ajax request, you'll have to do it via Javascript on the client rather than via a server-side redirect (which will only redirect the Ajax request itself). To make that happen, you can specify ":eval" as the target in the ajax() function, which will result in the returned response being executed as Javascript code (see here). So, something like:
$('#someform').click(function() {
ajax("{{=URL('default', 'login_status')}}", [], ':eval');
});
// some controller.py
def login_status():
if auth.user:
return 'this.show()' # or appropriate Javascript code to show the form
else:
return 'window.location = "%s"' % URL('default', 'index')
So, the Ajax call returns Javascript that either shows the form or redirects the page, depending on whether the user is logged in.
Also, note that the URL() function is a server-side Python function, so you can't just call it within the ajax() function, which is a client-side Javascript function. Instead, you have to put it inside web2py's template delimiters ({{ }}) so the URL will be generated in the template on the server.
UPDATE: Instead of:
return 'window.location = "%s"' % URL('default', 'index')
you can now do:
redirect(URL('default', 'index'), client_side=True)
which will do the same thing behind the scenes.
Also, this might be of help:
{{if auth.is_logged_in():}}
Related
I have a website where I want to provide an option for users, if they click on a table's rows, they get regirected to another page (based on the contect of the table row).
So what I'm doing is basically collecting the data with jQuery and POSTing that to a PHP file. In my PHP file I'd like to do the redirecting using header('Location: ***').
Is it a correct way to do this? Because this way, the ajax request does not gets anything returned, no success, no nothing, it get redirected before that.
So is it a path that I could use, or should I come up with another idea?
No.
A redirect tells the client that the resource they just requested can be found elsewhere.
The page that was previously loaded which contains that JavaScript is not the resource that the Ajax request is asking for. Something will be returned though—it should get the resource that you redirected to (which will be available in xhr.responseText (assuming the same origin policy doesn't interfere and that you get a 200 OK response at the place you are redirecting to)
If you intend to always redirect, then don't use Ajax.
If you intend to sometimes redirect, then you'll need to put the URL in the body of the response, parse it with JavaScript and then assign it to location.
You cannot redirect with PHP, however you can easily redirect with the response of your ajax call.
refer to: window.location.replace(...)
Yes and no. If you work with jquery, and your ajax call responds with a json like this:
{
success : true,
redirect_to : "http://www.google.com"
}
that in php means
<?php echo json_encode([
'success' => true,
'redirect_to' => 'http://www.google.com',
]);
then your ajax caller can do the dirty job:
$.get('/your/path', function (json) {
if(json.success) {
document.location.href = json.redirect_to;
}
}, 'json');
My two cents.
I basically want to get the id from the row and when the visitor clicks on the row, they should land on example.php?id=XXXXX
You can do so entirely from PHP. When you generate the table, in each row (whose id we'll call XXXX to follow your example) you can include a link to example.php?id=XXXXX, or an onclick event for the whole row that executes window.location.href = 'example.php?id=XXXXX';. So your table might look like:
...
<tr onclick="window.location.href = 'example.php?id=1234';">
<td>1234</td><td>some value</td><td>some other value<td>
</tr>
<tr onclick="window.location.href = 'example.php?id=1235';">
<td>1235</td><td>some value</td><td>some other value<td>
</tr>
...
It could be done a little nicer by generating the rows with javascript and using event listeners, but this should work.
How can I pass a JavaScript variable from the view to Python in controller? I don't want to use request.vars or request.args, because that would allow to user to give arbitrary parameters for the action by typing it into the address bar.
Example view:
<button onclick='myFunction();'>Execute</button>
<script>
function myFunction();{
var value = calculateValue();
//pass value to my_action
window.location = 'my_action';
}
</script>
Example controller:
def index():
return dict()
def my_action():
#retrieve passed variable
#handle the variable
#...
redirect(URL('index'))
You could make an Ajax call:
<script>
function myFunction();{
var value = calculateValue();
ajax('{{=URL('default', 'my_action')}}' + '?value=' + value, [], ':eval');
}
</script>
Followed by a client-side redirect once the Ajax response is returned:
def my_action():
value = request.vars.value
# handle the variable
redirect(URL('index'), client_side=True)
Note, however, that even with this method, someone could still make a manual request to /default/my_action?value=some_value to send arbitrary data to your function (of course, they would have to be a little more technically savvy to do so, as the above URL would never appear in the browser address bar for them to observe -- they would have to inspect your code or watch the network traffic to figure out what request to make).
In general, if you are calculating a value in the browser and then submitting it to the server via an HTTP request, there is no way to prevent a knowledgeable attacker from submitting some arbitrary data rather than the value calculated by your Javascript code. Your best bet is to instead focus on doing some server-side validation of the input data, or move the calculation to the server (though presumably the calculation is based on some input that must ultimately come from the browser and therefore be validated in some way).
I am not sure if I worded my question correctly. I'm not actually sure how to go about this at all.
I have a site load.html. Here I can use a textbox to enter an ID, for example 123, and the page will display some information (retrieved via a Javascript function that calls AJAX from the Flask server).
I also have a site, account.html. Here it displays all the IDs associated with an account.
I want to make it so if you click the ID in account.html, it will go to load.html and show the information required.
Basically, after I press the link, I need to change the URL to load.html, then call the Javascript function to display the information associated with the ID.
My original thoughts were to use variable routes in Flask, like #app.route('/load/<int:id>') instead of simply #app.route('/load')
But all /load does is show load.html, not actually load the information. That is done in the Javascript function I talked about earlier.
I'm not sure how to go about doing this. Any ideas?
If I need to explain more, please let me know. Thanks!
To make this more clear, I can go to load.html and call the Javascript function from the web console and it works fine. I'm just not sure how to do this with variable routes in Flask (is that the right way?) since showing the information depends on some Javascript to parse the data returned by Flask.
Flask code loading load.html
#app.route('/load')
def load():
return render_template('load.html')
Flask code returning information
#app.route('/retrieve')
def retrieve():
return jsonify({
'in':in(),
'sb':sb(),
'td':td()
})
/retrieve just returns a data structure from the database that is then parsed by the Javascript and output into the HTML. Now that I think about it, I suppose the variable route has to be in retrieve? Right now I'm using AJAX to send an ID over, should I change that to /retrieve/<int:id>? But how exactly would I retrieve the information, from, example, /retrieve/5? In AJAX I can just have data under the success method, but not for a simple web address.
Suppose if you are passing the data into retrieve from the browser url as
www.example.com/retrieve?Data=5
you can get the data value like
dataValue = request.args.get('Data')
You can specify param in url like /retrieve/<page>
It can use several ways in flask.
One way is
#app.route('/retrieve/', defaults={'page': 0})
#app.route('/retrieve/<page>')
def retrieve():
if page:
#Do page stuff here
return jsonify({
'in':in(),
'sb':sb(),
'td':td()})
Another way is
#app.route('/retrieve/<page>')
def retrieve(page=0):
if page:
#Do your page stuff hear
return jsonify({
'in':in(),
'sb':sb(),
'td':td()
})
Note: You can specify converter also like <int:page>
how do we check if table is empty with cakephp and ajax? In my index.ctp I have an image that when clicked, it will inform the user if the table is empty or not. If it's empty, an alert box will appear, and if it's not, it will be redirected to another page.
<?php
echo $this->Html->image('movie.png', array('onclick'=>'check()'));
?>
JAVASCRIPT:
function check(){
//check browser comp, create an object
object.GET("GET", url, false);
//rest of the code here
}
MoviesController.php
function index(){
//something here
$moviecount=$this->Movies->find('count');
$this->set('moviecount', $moviecount);
}
I know how to do it using the normal PHP coding, but with cakephp, and since I am new, I dont know yet. For regular PHP coding, I used the GET method for AJAX, and I can specify the URL for the PHP query inside the GET function. I don't know how to do it using cake.
You need to set the layout to AJAX then render your view. I strongly recommend not to use the index() method for this. Instead you can define a whatever() method in the MoviesController:
function whatever(){
//It is not a bad idea to do this only for GET - use the RequestHandlerComponent
$this->layout = 'ajax';
$moviecount=$this->Movies->find('count');
$this->set('moviecount', $moviecount);
}
The in the view file whatever.ctp:
echo json_encode(array('moviecount' = $moviecount));
//It is a good idea to add an isset() ternary check here like:
// echo isset($moviecount) ? json_encode(array('moviecount' => $moviecount)) : json_encode(false);
Notice that I am creating an array and encoding it to JSON. This is the way to convert variables to and from JSON. To decode use json_decode() of course.
The Client-side code really depends on what you're using to make the AJAX call but let us say that the call succeeded and you got the data back in the data variable:
//Make the AJAX call to example.com/movies/whatever via GET
//Check what data is but it should definitely be an array
if (data['moviecount']) {
//If moviecount is 0 it will go in the else statement - 0 i falsey
window.location = 'example.com/redirect/url';
} else {
alert('No records');
}
I advice against using alert() to inform the user that there are no records. Better put it somewhere in the page - in some div or whatever. Since this is an AJAX request it could be repeated many times. Consecutive use of alert() is not really user-friendly in this case.
I have a situation where I want to hit a button in the GSP (actionSubmit) and update a div when I finish the call (which includes a call to a javascript function). I want to ultimate end up in the controller rendering the searchResults parameter and the div with the results (which is currently working).
Problem is, I need to (presumably) wrap my actionSubmit in a remoteForm. But how do I:
1) Run the javascript method already existent in the onClick
2) Render the page in the controller.
If I try both wrapped in a controller, I finish the remoteForm action and the javascript action "hangs" and never finishes.
Any ideas?
List.gsp
<g:actionSubmit type="button" value="Ping All" onclick="getIds('contactList');"/>
function getIds(checkList)
{
var idList = new Array();
jQuery("input[name=" + checkList + "]:checked").each
(
function() {
idList.push(jQuery(this).val());
}
);
$.ajax({
url: "pingAll",
type:"GET",
data:{ids:JSON.stringify(idList)}
});
}
controller:
def pingAll() {
String ids = params.ids
if(ids == "[]") {
render(template:'searchResults', model:[searchResults:""])
return
}
def idArray = contactService.formatIDString(ids)
idArray.each {
def contactInstance = Contact.get(Integer.parseInt(it))
emailPingService.ping(contactInstance)
}
/**
* Added this on 3/13. Commented out line was initial code.
*/
def searchResults = contactSearchService.refactorSearchResults(contactSearchService.searchResults)
render(template:'searchResults', model:[searchResults:searchResults, total:searchResults.size()])
}
You have a couple options:
1) You can avoid using the Grails remote tags (formRemote, remoteField, etc.), and I really encourage you to explore and understand how they work. The Grails remote tags are generally not very flexible. The best way to learn how they work is to just write some sample tags using the examples from the Grails online docs and then look at the rendered page in a web browser. All the tags do generally speaking are output basic html with the attributes you define in your Grails tags. Open up your favorite HTML source view (i.e. Firebug) and see what Grails outputs for the rendered HTML.
The reason I say this is because, the code you've written so far somewhat accomplishes what I've stated above, without using any GSP tags.
g:actionSubmit submits the form you are working in using the controller action you define (which you haven't here, so it runs the action named in your value attribute). However, you also have an onClick on your actionSubmit that is running an AJAX call that also submits data to your pingAll action. Without seeing the rest of your code and what else is involved in your form, you are submitting your form twice!
You can simply just not write actionSubmit, and simply do an input of type button (not submit) with an onClick. Then in your javascript function that runs, define a jQuery success option for your AJAX call
$.ajax({
url: "pingAll",
type:"GET",
data:{ids:JSON.stringify(idList)},
success:function(data) {
$('#your-updatedDiv-id-here').html(data);
}
});
2) If you want to use the GSP tags, I think you are using the wrong one. Without knowing the full extent of your usage and form data involved, it looks like g:formRemote, g:submitToRemote, and g:remoteFunction could serve your purposes. All have attributes you can define to call javascript before the remote call, as well as defining a div to update and various event handlers.