Maybe a noob question, but I am really confused.
I'm trying to make an online quiz, where user has to choose between 4 possible answers. But I got stuck, well, because 1 question is really bothering me. So:
I have a JavaScript function which changes background color of a button and disables it, when user clicks on the wrong answer. And the right answer button (submit) calls for non-existent function, just to confuse people, if they decide to take a quick look at the source code. Everything went great, but then I started to think. What if user decides to take a deeper look at my source code? He would be able to see my JavaScript functions and, well, he could probably figure out the right answer without really playing.
Is there any way I could hide the source (as I understand, it's not possible with JavaScript), but maybe I could use something else? What are other developers using in these situations? Any suggestions? :)
If you want to be really safe, you have to do it on the server side (e.g. PHP). What you could possibly do to make it more difficult for cheaters is to obfuscate your javascript code by one of the various js obfuscators like this one which can never bring full security.
The reason users can cheat is because the answer is in the JavaScript code.
Solution: Don't put the answer in the JavaScript code. Keep it on a server instead.
Something like this: Whenever the user changes their answer to the question...
JavaScript sends answer to server.
Server replies with YES or NO.
JavaScript displays reply to user.
The user never sees the answer, only whether it was true or false.
tl;dr Learn AJAX.
This is a good question and one that every web developer should be asking themselves...
This is a major problem that we as web developers face daily. Our JavaScript is view able and sometimes even editable. Trust NOTHING that comes from the client!
What I usually do is
Generate some type of unique hash on the server
Embed this hash into the HTML and JavaScript.
Send this hash along with any request to the server.
Validate the hash on the server by recreating the hash again and making sure it matches the hash that was sent.
The hash could be a concatenation of the item's id, a session id, some salt and any other identifiable piece of data that you can reconstruct to validate the request.
To complete the other answers, providing how learning how to set up a server could cost you a few days, I'll shortcut you a 5-min guide to setting a simple node.js server that will hide your answer.
Install node.js.
Create a file called server.js with the contents below.
var express = require("express"),
app = express();
app.get("first_answer",function(req,res){
res.send("b");
});
app.listen(8080);
Open the terminal, type
npm install express
cd path_to_the_folder_you_placed_the_file
node server.js
This will install the express.js module and run the server.
Now, on your site, using jQuery, just request the answer from the server. Example using jQuery:
var user_answer = ...
$.get("http://localhost:8080/first_answer",function(answer){
if (answer == user_answer)
alert("you got it right!");
});
For more complex examples and best use of the server, just read on express.js documentation. (;
Related
I'm an 11-year-old learning how to code Javascript, I recently started 1 and a half months ago. I am making a login/register system and am trying to make the register part now. I was wondering if adding a string/number/boolean to an array stays there forever (even after refresh). I would've used cookies for this, but it is not safe.
I am currently using HTML5, CSS3, Javascript, and eventually will be using Jquery. NOTE: The time period does not have to be forever. Does any know the answer to this, please reply?
P.S. ( iff you mention PHP for this there would be no point, I don't understand it yet. :/ )
The answer is no. Note that anytime you reload a browser page, your JavaScript also reloads with the page.
If you want you data to persist, use a database.
a string or whatever you have in an array will not stay in it forever simply because an array is a data structure which is not persistent. Since you have it in your intention to use more advanced technologies in the near future and you are not comfortable with the cookie because of the obvious security risks. I suggest you use a localStorage to implement the registration feature for your app. Of course you can achieve the same with a sessionStorage, however whatever you save in a sessionStorage will be wiped off when you close the tab which can be handy in the implementation of you login and logout feature for now. Whenever you upgrade the applications to more sophisticated technologies you will have a better way to handle those features.
PS: it might be a little advanced for you right now but when you are more comfortable writing Javascript maybe you will like to checkout IndexDB then NodeJs very much later.
#cheers #dontRelent
If you want to create login functionality, you will have to start learning some server-side technologies.
When I was finished (kind of) with learning JavaScript i moved on to NodeJS and MongoDB. NodeJS allows you use JavaScript on the server-side and MongoDB is a database program where you could store data.
Using those two you would create a user model, store it and then check if the user is logged in and etc.
There are many choices to go with when learning back-end, I went with NodeJS because as I already knew JavaScript it was easier to use the same language for the back-end. That and it was part of the Udemy course I had.
Good luck.
It depends on where you're storing that array. If you want to make a functional login/register on a web-page, you will likely need to use a database such as PostgreSQL.
However, if you want to just create a simple program to run on the command line, the username or password strings you enter in will not remain in memory if you terminate the program. If you terminate your program, it will delete the strings added to your array.
So. I have a working code for defining a user set variable.
Currently, I use the var data= prompt("prompt", "default entry")
for cleanliness sake.
Is there a way I could log this variable string to a .txt file or some information on my server so I could access the user's input?
This is for a Linux Based Web Server, but I do file management remotely through an FTP Server on Windows.
I am inexperienced in JavaScript, so I could be missing a glaring issue.
However, I have looked through much of Google, but I have not experienced any results with their methods.
No error messages come up on my console, on either end, with any of the methods I have tried. A couple of methods remove the prompt entirely.
No file has shown up with any of the methods I've tried so far.
You need to be running some kind of server side application, this is a topic way out of range for a StackOverflow question as you could choose a huge range of different technologies from Node.JS, ASP.NET Web API, Java, PHP and a huge list more.
One quick way I would recommend is read up on Node.js, create an end point expecting a post and just put an action on your form pointing to the end point and then log the contents of the post to a text file.
The proper solution would involve setting up a database but is way more involved.
First of all, I've tried to look for answers in different questions and forums, but I've struggled to find the correct search keywords, so I haven't found anything relevant.
Basically, I've taken on developing a simple implementation of a live chat widget for websites, similar to olark, liveChat, etc. Since, I will be using Socket.IO, I am looking for an easy way to provide the javascript code to a potential client (which might very well not be tech savvy). So the idea is to have just a simple <script> tag which either dynamically creates another script tag with the source pointing to my server, or just a script tag with the correct source.
The problem I have is regarding the server response to that request. In the test implementation, I am adding a script tag which makes a call to the server and the server responds with the javascript code in a string, which I find a very crude way to do it. The reason why I can't just serve a simple javascript file is, because it needs to be personalized, so I can keep track of where the client is connecting from in order to get the to the proper "agent" (manager of website). I could probably create separate files for each user, but I am not sure how maintainable and efficient that would be.
So my question is, how would I serve this personalized javascript code in an efficient and secure way? I am using Laravel as a backend, if that makes any difference.
In the test implementation, I am adding a script tag which makes a call to the server and the server responds with the javascript code in a string, which I find a very crude way to do it.
If it works for your needs, this is a good solution.
If it feels crude, there are a few things which can help keep it clean. Keep your javascript in a separate file and use file_get_contents to read from that file. Where you need to use placeholders to personalize this, you can add %s and use sprintf to pop in the personalizations.
There are a few pretty large ad networks out there which are serving up javascript in just this fashion so I do not believe there is anything inherently wrong with this method.
As far as security goes, I'm not sure what you can do besides making sure everything is served via HTTPS. I'd hope that there is no need to pass sensitive information via get variables.
You can transmit just the javascript without a <script> tag to the client and then use eval() to run the code there.
I wanna build an app something like mobile messanger. But i'm not quite a programmer. I mean, i know js in the middle level but i have not used it for something serius.
Anyway, the basic idea that i need to be done in the app is push massages or something like that. Let's imagine that one app's user turn on flashlight on mobile phone of other user. And othe user can do the same thing in other direction or with any contact's nubers who have this app. In other words i need to seending some code from one client to another.
I do not want to grow a beard while learning Cbjective C or Java. I just want my app. And obviously it will be on phonegap with node js.
My question is not like that "please write the code for me". But if someone can tell something about it or give some links or keywords for googling then i will be very happy.
At the now momment i have smooth imagination about the indentification of user, then sending the massage, then server searching othe user, then sending them the message... and in the other direction.
There may be some standard technique for such things?
PS: Sorry for my eanglish.
This question may be to broad and open for interpretation. The answers you get may be based on opinionated, rather then helpful solutions based on a specific technical problem. It's probably best to recreate your question with more specific information. Try something specific, document what you did, then post specific technical questions here.
Generally speaking, I'd create some back-end service that saves and serves up messages between each chatter/participant, and call that service with javascript utilizing JSON as the data to pass back and forth. That's just one way. There's too many different ways to describe here. My answer is just me simply trying to be helpful. However, this question might get closed for being to opinion based. But that's my 2 cents.
the same problem haunting me a month ago is still haunting me now. i know ive asked several questions regarding this on this site and i am truly sorry for that. your suggestions have all been excellent but the answer is still elusive. i now realize that this is a direct result of me not being able to phrase my question properly and for that i am sorry.
to give you guys a generalized view of things, here i go: the situation is like this, i have 2 server side scripts that i want to run.
a python program/script that continuously spouts some numbers
based on the output from that python script, a javascript script will perform some action on a webpage (e.g., change background color, display alert message, change some text)
ive studied the replies to my previous posts and have found that what i want to accomplish is more or less accomplished by json. it is my understanding that json transforms 'program-specific' variables into a format that is more 'standard or general or global'.
two different programs therefore now have the means to 'talk' with each other because they are now speaking the same 'language'.
the problem is then this, how do i actually facilitate their communication? what is the 'cellphone' between these server side scripts? do they even need one?
thank you!
If I understand what you're asking, the "cellphone" is TCP/IP. The javascript is not server-side; it runs on the client side, and alters what the client's browser displays based on json data that it downloads from the server -- data that in this case is generated by Python.
This question provides a relevant example, though it's a bit technical: JSON datetime between Python and JavaScript
Here's a very basic tutorial that explains how to create a dynamic webpage using python and javascript. It doesn't appear to use json, but it should familiarize you with the fundamentals. Once you understand what's there, using json to transport more complicated data should be fairly straightforward.
http://kooneiform.wordpress.com/2010/02/28/python-and-ajax-for-beginners-with-webpy-and-jquery/
I assume you mean: Python is on the web server, and Javascript is running in the client's web browser.
Because browsers are all different (IE6 is terrible, Chrome is great), there are a huge number of ways people found to "hack" this "cellphone" into place. These techniques are called AJAX and COMET techniques. There is no one "cellphone", but a whole bunch of them! Hopefully, you can find a library to select the right technique for the browser, and you just have to worry about the messages.
Comet is harder to do, but lets the server "push" messages to the client.
Ajax can be easier - you just periodically "pull" messages from the server.
Start with Ajax, then look at comet if you really need it. Just start by have the client (javascript) make a "GET" request, to see if the number has changed.
I don't know Javascript or json, but...
if you've ever seen an Unix-like operating system, you know about pipes. Like program1 | program2 | program3 ... Why don't you just connect Python and Javascript programs with pipes? The first one writes to stdout, and the next one reads from stdin.
This probably isn't the answer that you are looking for, and without links to your previous posts, I don't have much to go on, but nonetheless...
javascript is client side. I can interpret your question 2 different ways...
Your python script is running on your computer, and you want a script to actually alter your current browser window.
Not too sure, but writing a browser plugin may be the answer here.
Your python script is running on the server, and as a result of the script running, you want the display of your site to be changed for viewing persons.
In this case, you will could use ajax polling (or similar) on your site. Have your site be polling the server with ajax, call a server method that checks the output of the script (maybe written to a file?), and see if it has changed.
When 2 process need to communicate, they need to decide of a common/shared way to express things and a protocol to exchange those things.
In your case, since one of the processes is a browser, the protocol of choice is http. So the browser needs to do an http request or regular http request to your python process.
This python process Will need in Some way or another to be exposed via http.
There are several ways to build a web server in python. You should read this article : http://fragments.turtlemeat.com/pythonwebserver.php as a jumpstart.
Once you have this, your browser Will be able to issue HTTP GET requests to your server and your server can reply with a string.
This string can be whatever you like. Nevertheless if your answer contains structured data it can be a good start to use the XML notation or the json notation.
Json (stands for Javascript object notation) is very easy to use in javascript and this is why many people advised you to choose this notation.
I hope this will help you
Jérome wagner