Im trying to create an encrypted cookie using Javascript Code that Laravel can understand.
My current laravel project includes a pure JS code. In that JS code I displayed a JQVMAP.com Map and people click to define their country. In order to create a location cookie I included the following code:
setCookie(cookieName, code, 60); // minutes
The problem is that the value is created and stored in plain text -> EG: 'US'
But, For Laravel I need to create a cookie in the same way laravel encryption produce one, where 'US' data is represented like:
eyJpdiI6IjBlYlZqUU14ZWt4Q2FKUjNJd25BM.....
Honestly, despite the fact I read stackoverflow and google I was not able to find a way to do that.
any help appreciated
I'm not very familiar with Laravel, but it should let you use plain PHP like Symfony does. In that case you could just read the cookie with the PHP $_COOKIE variable.
Alternatively you could use an ajax call to Laravel and let it set the cookie.
Most of the PHP framework like Laravel, Phalcon etc. are using base64 encode/decode method to secure cookie value. Because base64 method is the only two way encryption, which means you can get the actual value/string once you encrype, which another meaning is you can decrypt the value to the actual value.
So, look for the Laravel source code what method they are using. If it is base64, then you can use javascript base64 encryption/decryption function to secure the cookie value before store to it.
Related
Please I have a little challenge, I am working on a web app, I want to pass in an id from the main php file to the javascript external file.
when i inspect element, the id shows<script> let questId = btoa(<?php echo $_SESSION['questionId']; ?>); </script>
when i inspect element, i see the actual id which is wrong, even with the btoa function to encrypt the number from displaying.
Please is there a better way of using php directly on js because i want to use the id to fetch info from the database.
Thanks.
Unfortunately you have an incorrect premise! You cannot hide things from the client if the client needs them.
You may find you can generate some intermediate key (perhaps just adding a salt and hashing the real key), which represents the real key in a mapping which is not presented to the client.
Is it possible to hide api key variable in JS code, hide it somehow or or encrypt it in the source code? Thanks.
Nope.
Javascript code is client-side. Client-side means out of your control.
You can obfuscate, encode, encrypt as much as you want, but the browser will always have access to this information if it is used client-side.
I'm using AngularJS (mainly the client side) and web2py (mainly the server side)together in an app.
I have an issue now.
At a point of the program, I use AngularJS to get some data from the client and these data are store in an AngularJS variable. I planed to use $http.post to submit these data to database directly, but it didn't work due to cross-orign problem.
Right now I'm trying to pass these data(they are in JSON format) back to web2py and let web2py insert these data to database.(similar to submitting a SQLFORM).
Is there anyway I could pass these data as an argument to an web2py function and invoke that function within javascript code?
Possible approach in my mind:
1) Since I could write python in html using {{}}, and I could write html in javascript, could I write python code within javascript using something like: document.write({{python code}}) ?
I tried this but whatever html I write it goes to a brand new html page. I also tried document.getElementById('testDiv').write("<p></p>"); But it doesn't work.
2)use ajax, I'm not familiar with ajax, any example will be really appreciated!
Any thoughts?
Thank you all!
ok so you got me lost for a second there, lets see if i got it right
1- angular as your frontend
2- python as your backend
3- you are rendering an html document in python and delivering it to the browser
4- since python template language uses {{}} as delimiter am assuming you changed the angulars delimiters too
either using ajax or reload you'll need to provide a python post handler script. that takes your data and makes the DB update. if this is going to be a pattern and you are going to be making AJAX CRUD operations, you should use angular resources ngResource if not a simple
$http.post(url,data).success(function(response){})
https://docs.angularjs.org/api/ng/service/$http#post
where url would be your form submission handler url.
if you where to use a form you'll need to set the target to an iframe hidden in your page and the response should a script tag that gets the scope pertinent to your controller and let him know the result of the operation. this is an old approach, but handy when it comes to send information to sites that don't allow CORS which by the way might be the solution to your problem, when storing data directly to your db, you might just need to enable CORS headers in your storage engine API and that should allow you to submit information even when coming from a different domain
After hours of struggles and countless google, here's my workaround solution:
Main problem: the data are stored in AngularJS but AngulatJS could not submit data to database through API due to cross-orign issue. But Web2py could submit data to database using sqlform.
My approach:
1.)When the user click the submit button, invoke 'ng-click="submitBtn()"'.
submitBtn() is a function of the ng-controller, which has access to the data.
2.)In submitBtn(), the function first write data into web2py's sqlform through
document.getElementById('inputId').value=$scope.data;
then the function click the sqlform submit button through
document.getElementById('submitBtn').click();
It took me a lot time to figure out those element ids of fields in web2py's auto-generated sqlform. The way to find them is using developers' inspect element tool in a browser and see the source code directly.
Hope this will help someone will face the same issue!
I have a typical HTML form, with some fields of various types on it.
What I'm trying to achieve is the following:
Once the form's input fields are filled out with values, a button to be able to save all the filled-out field/value pairs into a local file of some sort that allows me in a future ocassion to...
Automatically fill the very same HTML form by retriving the field/values pairs from said file instead of typing them manually.
Ideally this would have to be achived thru JavaScript, because the webpage that contains the HTML form is served by an embedded system where PHP or other server side scripting is not available.
Is it possible to achive this thru JavaScript (or any other browser-side effort method)? If so, how?
Many thanks.
EDIT: The target environment is a regular user in a regular PC/laptop using any one of the 4 major browsers. It's acceptable to have "Cookies enabled" and "latest browser version installed" as requisites, but external plugins/addins are not.
Later: NullUserException has achived something in this direction. He's been able to read from a local file using JavaScript:
Using a local file as a data source in JavaScript
I think, for your particular site you can store data in local storage. Only your application will be able to access to that data. Also you can encrypt it before storing.
You can refer
diveintohtml5.info/storage to start with.
Happy coding.
Pretty sure you won't be able to save a file locally and then pick it up again.
However there are obviously cookies but there, and this is only in a modern browser, is also LocalStorage that can hold quite a bit of data that can be retrieved by Javascript and jQuery.
This is probably the way I would go but it does depend on your browser version.
question is some what ambiguous please specify what you are trying to do.
i can't tell if you want to do something just for you if so:
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/
I have a work assignment, and I don't have any alternative; I have to use the qooxdoo framework.
How can I do a query with MySQL and PHP using this framework? In the examples present in the site, all tables use random values or JSON values, but in this case, I need PHP.
I know that I can't use PHP code inside a JavaScript file, so is Ajax the unique solution?
How I can solve that?
You write a PHP RPC service which provides the data to your qooxdoo application. You can find more input on this in PHP RPC (qooxdoo documentation).
Another way is to create your own transport, for example, use AJAX to fetch JSONP.
See more info at http://manual.qooxdoo.org/1.3/pages/communication/remote_io.html