I have a problem, I am writing a system for an company and I want it to be as secure & robust as possible, but now I'm stuck.
I have a product list, where a logged-in employee can edit, delete or emit (print) specifications about a product.
Let's assume I'm a logged-in employee on that system. When I click a product from the product list and then click on emit (print), javascript will send data over POST to the next page (Yes, it must be JS, because of the design of the page).
So the next page is displayed with correct info about that product (because POST passed the product id to the next page, which then realized an SQL query and fetched all info).
Now, on that page, I can verify if all info is correct and then click again on emit (print) to finally print the specifications. But here I came across a caveat: How will the next page know the product ID? I can't use POST, because there's nothing to post..
Cookies are designed for such stuff, but I think that when I'm logged in two tabs on the same browser and then click print on both tabs at once, the same Cookie will get called twice and overwritten twice (conflict), and, consequently, product id's could get swapped.
$_SESSION I believe I can't use too, because if two users are logged on the same Machine, data could get swapped too, just like in cookies.
Now, what is the 'best' practice to pass data between pages that "supports" multiple concurrent users on the same machine, and even in the same browser?
This somewhat similar question solved my problem:
Any way to identify browser tab in JavaScript?
This way I can create an unique "emitID" for that tab and then use that to take track of the current product id.
Also thanks to #SteevePitis for pointing me in the right direction.
Related
I'm fairly new to web development and I am trying to build a fashion ecommerce site for a project.
I would like a user to be able to chose a product e.g a dress which has associated details like product name, product price, image and size in a page called product.html. I have been able using a separate javascript, to ensure that when a user presses 'add to cart' that the details are logged.
However, how do I then transfer these details to a separate basket.html page and display them?
I'm struggling to understand if I need to use local storage and if so how do I show the details if I'm using a separate javascript file and a another html file.
Essentially, if a user picks a product, how do I get that specific product and details to appear in my separate basket page?
Apologies if this is badly worded or made little sense !
Thank you :)
There are several options to this, depending on how your ecommerce site is built and what parts you have control over.
You could
Submit it to a server and have it respected in the response of the next page.
Hold it locally using webstorage (localStorage or sessionStorage). Keep in mind, that 3rd-party-scripts on your website will be able to read it, too!
Share it with a server by setting a cookie (can be read by 3rd-party-scripts). Keep in mind the limited size of a cookie.
Pass the information along as query parameters. This can have affects on SEO (duplicated content because similiar pages are indexed by a search engine).
Pass information along as hash parameter. Those aren't transmitted to a server, but can be read from JavaScript (yours and 3rd party). It was a hack applied in the early days of Single Page Applications.
You can build REST API which will be used to
store item into cart (called when pressed Add to cart button)
read items from cart (called on Basket page)
The API will persist it in some sort of DB and return when needed.
REST API should be secured (e.g. by OAuth2) so you can distinguish actions for individual users.
I am currently redesigning a website and looking for a solution on how to add a paid version of the site.
For example, say I have a <select> drop-down box with 20 elements inside. However, I want 15 of these 20 elements to be disabled unless the user has a paid account. At this time, that is the extent of what I need to differentiate between free/paid versions.
I'm planning on adding the ability to register an account and log in, as well as some type of payment processor (recommendations are appreciated for this! - currently looking at using Django/Python). I just don't know how to best go about managing two different levels of the website, and allowing those additional options to paid members.
I'm working with calculators that are pure Javascript. Using Bootstrap for the page design. As far as anything else goes, I'm open.
To do that, you'd have to add a field with a default value of NULL to your database, let's call it "subscription", into your users table. Then, everytime a user login to your website, fetch the subcription value and write it into a session variable. The last thing you have to do to ensure free members aren't allowed to perform any actions the subscribed members can is checking the content of the session variable while :
building your html, or you could check it on the client side with javascript right after the premium element has loaded (this is for user experience only since a client can remove any html attribute whnever they want)
and
while recieving the data of the premium element on the server side, accept it if the user is premium, reject it if they're free (again, just checking the session variable should do the job).
So as you can see, it's much more about preventing free users to gain access at the paid members options than allowing paid members to browse a completly new version of the website designed specifically for them.
I will try to give you a blunt idea maybe this might help you.
So lets say a user has paid for your service you can flag a token in yours app's backend if a particular user is paid or not. So whenever the user logs in your app next time you can get the status of the logged user.
Once you get the status of the logged user you can enable or disable ui elements.
I hope this made some sense.
My problem is simple.
I have two users on two different devices accessing the same servers pages (page 1 and page 2 respectively ).
I want to use php forms in one page to change the second users page.
(i.e. 1st user on page 1 presses a button and changes the image on 2nd users page 2 , on a separate device).
I thought I could do it by using the 2nd users session ID in the form on the 1st persons page, and fool the server to reload the 2nd users page with the updated info.
But i can see no example of it anywhere on the web. Is this possible or should I just use Ajax?
Thanks for any help.
I would suggest not hacking Session ID's like that, they're meant to identify a single user.
If you want data shared between users it's likely you'll be well served using a database, such as MySQL as commonly runs along PHP.
Please be advised, this is not a code-problem question.
I have a resource in my app that is available only for authenticated users. In case a guest user tries to access the resource by clicking on it - registration modal shows up.
Now, I'm building logic using jQuery and PHP in order to store those clicks of guests. However, I also would like to implement something, that will let me retrieve rough information on unique users among the ones who clicked.
The idea I have is this:
When a specific page is loaded, set a JS cookie of "unique" value,
like this: [random string of fixed size][timestamp]. The cookie
would expire in a year from now. If the cookie already exists, don't
do anything.
When the guest clicks on the resource, make an Ajax
call to store the click AND the cookie value.
Later, to get "unique" clicks, make a SELECT that will GROUP BY
the cookie value.
Unless the cookies are cleared or the custom cookie expiration date is exceeded, this should give me a way to determine unique clicks (users) among guests.
I'm interested, if anyone can provide me with a better way to achieve what I need.
I wouldn't reinvent the wheel and use Google Analytics for this kind of task, since it's almost doing al the job and giving you nice graphics and statistics for free.
(I apologize for any incorrect lingo)
I am creating an internal web page as a sort of intranet for me and another associate to use in our department to keep track of information. I have created "pages" using HTML to navigate and saved in our department folder. Doesn't need to be flashy just functional.
I have a table with 5 columns of information for each item we need filled out. I have created a pop-up window and form for these 5 columns to open and the idea is that when the the user (me) fills the form out and clicks the submit button, the information is transferred to the parent page, saved and stored for later tracking.
I'm assuming this isn't possible by just saving .html files into our network folders. I think i might need a database to "save" the information the user filled out.
I wouldn't necessarily need the window pop-up..
Is this way over my head?
You would at least need a server side language such as PHP. Using a Database is highly recommended.
In my very humble opinion - Yes, it does sound as if this is over your head right now.
Recommended readings:
http://www.amazon.com/s/ref=nb_sb_ss_c_0_3?url=search-alias%3Dstripbooks&field-keywords=php&sprefix=php%2Caps%2C129
Let me know if my answer is helpful.