I am trying to prompt users to enter a code in order to get into my website. The problem is I am using the following code but some of my user see the prompt window, instead there will be a flashing page. Is there a alternate way to do it?
<script type="text/javascript">
function show_prompt() {
var txtcode = prompt("Please enter your code", "");
txtcode.toLowerCase();
if (txtcode != null && txtcode == "special") {
confirm;
}
else {
window.location = "http://happylemon.asp";
}
}
Instead of a prompt, you should create a proper login page with a form that is submitted to the server and validated. If valid, the user can then be directed to the homepage.
If you use PHP, there are a ton of resources to help with creating a secure login: http://www.google.ca/search?aq=f&sourceid=chrome&ie=UTF-8&q=php+login+page
Why not make a regular authenticate page, but instead of username/password ask for the code? Then submit to server and compare there.
It's NOT safe to put your secret code in Javascript.
There are some typing errors:
I am trying to prompt users to enter a code in order to get into my website.
Should be
I want to keep visitors away from my website.
Just create a normal login page with a login form, and validate the data on the server. No need to ugly (and completely useless) authentication pop-ups.
Related
I want to create a static webpage which has a text field and a submit button, which after a user submits text it would automatically redirect from localhost/ to localhost/<test_person_submitted> .
Up to this point, this JavaScript is the only thing I was able to clobber together from all of the guides I found
function confirmInput() {
fname = document.forms[0].fname.value;
url = "http://localhost/"
command = (url + fname)
location.replace(command);
}
That does work, but no matter what I added as HTML to invoke the function it doesn't work properly.
Can someone please add a submit form that will properly execute this?
Right now I'm stumped and I just want to consider this small project "complete", rather to just leaving it without ever knowing how it could be resolved.
If you are wondering why I want to do this it's because I'm going to try to invoke some wild-card commands that will return JSON.
And this is just a fun project for me.
I have a website that has multiple pages and uses Firebase as backend. I've already implemented firebase auth for the login and I have knowledge of using onAuthChangeState. The problem is now I am trying to find a way to stop the users from accessing other pages without the login page. I want to have some kind of like a "session or token" in php that acts as a key in order for the user to access the page. NOTE! I did not use php because I am also using firebase as a means for hosting my site. BTW Most of the sources I saw only uses a single page and uses a lot of style.display = "none or block", I don't want to go this route, As I like to be more organized and have a proper management in terms of code segregation. That is why I have multiple pages eg; Login.html, Page2.html.
I know how to use javascript redirect
firebase.auth().onAuthStateChanged(firebaseUser => {
if(firebaseUser){
window.location.href = "page2.html";
}else{
window.location.href = "page1.html";
}
});
But the user might just type https://mysite.firebaseapp.com/page2.html
and access it. Which is what I am trying to prevent.
The solution is that I just needed to create a script that has
firebase.auth().onAuthStateChanged(function(user) {
if(user) {
//Here you can place the code that you want to run if the user is logged in
} else {
window.location.href = "login.html";
}
});
and include it on all the pages just as Harith suggested.
If I understand you correctly, you want to check if a user is logged in or not. If the user is logged in, you want to display the pages, and if the user is not logged in you want to redirect him to the login-page. Correct me if I understood you wrong, but I will give an example of doing what I described above.
This code has to be placed on every page that you won't let users access without logging in.
firebase.auth().onAuthStateChanged(function(user) {
if(user) {
//Here you can place the code that you want to run if the user is logged in
} else {
window.location.href = "login.html";
}
});
Suppose I have a javascript for a "Log in" button in a login.html page. The javascript can look like this
var attempt = 3; // Variable to count number of attempts.
// Below function Executes on click of login button.
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
if ( username == "Formget" && password == "formget#123"){
alert ("Login successfully");
window.location = "success.html"; // Redirecting to other page.
return false;
}
else{
attempt --;// Decrementing by one.
alert("You have left "+attempt+" attempt;");
// Disabling fields after 3 attempts.
if( attempt == 0){
document.getElementById("username").disabled = true;
document.getElementById("password").disabled = true;
document.getElementById("submit").disabled = true;
return false;
}
}
}
In the code where I do if ( username == "Formget" && password == "formget#123") I have 2 screnarios
1) I need to get a list of users from 2 separate external MYSQL databases and concatenate to form a list of users who are elgible to login.( In can write a python script to generate that list, no issues)
2) The users who are eligible to login needs to be validated against a LDAP link to authenticate their password. Only then they can enter the home page.
I am using a flask application(using apache and mod_wsgi to run it). Though flask has its own way of handling this, I am bit confused of a convenient way to handle this. Please help, I am a beginner.
There are a couple problems here.
If you are using Flask you should be handling most logic in the back-end, such as in your views.
User authentication (and security in general) should be handled server-side, not client-side. JavaScript (in this case anyways) is used entirely for client-side logic.
Now that that's out of the way, the usual way that people handle user authentication in Flask is by using Flask-Login. The documentation that I linked goes over setting up your application, installing the proper dependencies, and how to login/logout among other things.
This answer also has some good information about the database and user model side of things, as well as linking to a good example of a complete working user authentication system.
am using a JavaScript to connect users to the homepage after the processing page have finish loading and sent the user to the homepage of welcome.html but the fact is how do i end the session after the click the log out button, because after signing out and if they hit back they will still get back the welcome.html, i have try disabling the back button in the browser but that's not awesome, i just need to kill the session so that it won't get them back to the welcome.html after they sign out instead it goes back to login page and require them to sign back in to access the welcome.html, and in this fact am not using php or DB to connect the user login, am using javascript, i don't know if it could work maybe with php simple line of codes or tags.
Here is my JavaScript code, i use to connect the users:
function Login(FORM){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="jonson111" && password=="happy111") { window.location="HomeAccess_uche/processing.html"; done=1;}
if (username=="wilsonqaz" && password=="open123qaz") { window.location="HomeAccess_wilson/processing.html"; done=1; }
if (done==0) { alert("USERNAME OR PASSWORD IS NOT IN THE DATABASE PLEASE TRY AGAIN!"); }
}
am using dreamweaver and yes i know i will encrypt the Java codes so that users will not understand it, but i just need to end the session after they sign out, this have given me a hard time to figure out i have search everywhere in Google but nothing, anyone can help?
what ever you wrote is all about client side code. there is no point in worry about session , because you don't have a session at all. you are just using javascript. you don't have any server side code to handle session. anybody can see the user name and password by looking at your javascript code. More over once you redirect the page by window.location="HomeAccess_wilson/processing.html"; your " done=1; " and all the javascript variable will reset.
DISCLAIMER: This is a TERRIBLE IDEA. Your site will be completely unsecure. I am ONLY explaining a way to make it work so that a completely innocent, naive user would get the intended effect. Also, this will only work in modern browsers supporting local storage.
function save_login() {
localStorage.loggedIn = true;
}
function save_logout() {
localStorage.loggedIn = false;
}
Call those functions when they log in or log out, and then on every "secure" (but not really, this is totally unsecure) page you do
if (localStorage.loggedIn == false) {
window.location.href = "yoursite.com/login" //or whatever page you
//want to send them to
}
What I want to do is to have a form field that allows a person to try to guess from a picture what type of bird it is, and if they get it right, it tells them they got it right and gives them the code to be able to get a discount.
Here is the code I'm using within the head tags:
formCheck()
{
var birdName = document.forms[0].birdName.value
if (birdName == "red bellied woodpecker")
alert("That's Correct! Please enjoy 10% off your next purchase by entering the code NAMETHATBIRD92 during checkout.")
else
alert("That's isn't the correct answer! Make sure your answer is very specific and keep trying, you can guess as many times as you want.")
}
Here is what I have within the body tag:
Can you name this bird?
It works here:
www.madhatwebsolutions.com/namethatbird.html
It does not work here, where I really need it to work:
http://www.wildbirdsmarketplace.com/pages/Name-That-Bird!.html
This shouldn't be JavaScript.
Any potential customer will be able to right click and view your JavaScript source and retrieve the code without bothering with the guesswork.
You'll need to query a server with the user input, and the server will need to return a response indicating whether this input is correct or not.
You might want to look at either a normal HTML form submission, or venture into AJAX
Workflow:
User enters guess into textfield
Launch a request to http://yourserver.com/check_bird.your_server_language?guess=theTextFieldValue
Server returns either a success or failure indication
Display response to client
Other things to consider: Are you going to allow your customers to guess multiple times, or restrict them? Are you going to be showing several different birds or not?
in http://www.wildbirdsmarketplace.com/pages/Name-That-Bird!.html
<script type="text/javascript" src="birdname.js"></script> refers to 404 - check the file path
don't use document.forms
var birdName = document.getElementById('birdName').value;