I want to to connect to another page after logging in HTML.
For example I have my login page when I submit my information (username, password) I have an action for my login and I want to go to another page when my Authentication is true.
I don't have acces of the code of the server, server using jps
Try with:
<meta http-equiv="refresh" content="0;url=http://example.com/" />
or
<?php header( 'Location: http://example.com/' ) ; ?>
When you authenticate user
It depends what language you use in the backend.
If you do only javascript validation of the login, you should drop this logic and rewrite it using a proper backend language (php, .net, rails, or whatever), since it would be a huge security problem.
Example of redirection using Ruby on Rails:
redirect_to "yourpath"
using PHP:
header("Location:yourpath");
If you are using form in jsp or html you can use the folowing code,
<form name="frm" method="post" action="sec.jsp">
This will direct to sec.jsp. You can also use servlet mapping if you are using servlets.
Related
I'm making an online quiz using AJAX. I've made a registration form for a user to input their details, and the php file returns a username if the details are valid. I'm trying to figure out how to go straight to the main quiz page once the form POST works and be able to display the given username on that main page where I will be using another php file to display the quiz questions. Also I'm using a sample php file for the username return and am unable to view or change anything in that.
You don't have to use Ajax if you want to go to another page after POST request
Post the form.
Validate data on server.
If credentials is valid put the username in cookie session which means the user has successfully logged in.
redirect the page to the main page.
I strongly recommend you to read more about PHP authentication and use third party libraries if possible.
NOTE: Using an unhashed value as a credential stored in cookie is completely unsafe.
Apparently you have two pages, one is login form and second is the quiz page. You can save the username to a session(not cookie) from the login page itself and redirect to quiz page upon successful authentication. In quiz page you can easily retain the username from session variable.
The session will long last until a certain period of time that you've mentioned in settings.
You can get this session variable throughout your application.
Using session is pretty straight forward in php, you can read it here on PHP.net
Use password_hash and password_verify (PHP 5 >= 5.5.0, PHP 7 ) with bcrypt for security when saving the passowrds.
please add your code.
you can useheader() function in php to redirect your page to quiz page after getting valid data from user.
I have a login page that sends a request to a Python script to authenticate the user. If it's not authenticated it redirects you to the login page. If it is redirects you to a HTML form. The problem is that you can access the HTML form by writing the URL. How Can I make sure the user came from the login form with my Python script without using modules because I can't install anything in my server. I want it to be strictly with Python I can't use PHP. Is it possible? Can I use other methods to accomplish the task?
It's apparent to me that you only want to use Python, no frameworks etc... So the problem is that you are actually redirecting to an existing web HTML page. Don't do that, instead serve the HTML with Python itself.
# pages.py
class DefaultPage(object):
def __init__(self):
self.html = '''
All Your HTML Here
'''
def self.display:
return self.html
Obviously your using something to serve your Python, I'm assuming something simple like Google App Engine Launcher, in which case you can just write the class. Even if your using some other simple WSGI, the concept remains the same.
# main.py
import webapp2
from pages import DefaultPage
class MainHandler(webapp2.RequestHandler):
def get(self):
page = DefaultPage()
self.response.write(page.display())
app = webapp2.WSGIApplication([
('/', MainHandler)
], debug=True)
The best method to handle user login is to use tokens as cookies.
After the user successful login generate a token and send it to them , save this token in your "in memory" DB(if you are using something like django server)- https://docs.djangoproject.com/en/1.9/intro/tutorial01/ , it does it for you.
Each time the user access any internal page in your website check the user token which have been sent as a cookie header , if is found in your DB direct him to the requested page , else , direct him to the login page.
I can help you more if you give more details about your server(server type)
What you just asked for is called Session Management. Here's the OWASP guide on it: https://www.owasp.org/index.php/Session_Management
You can use frameworks like Django written in python which already provide this security layer. https://docs.djangoproject.com/en/1.9/topics/http/sessions/
You have to add CSRF protection to disallow form submitting from untrusted sources. Dive into What is a CSRF token ? What is its importance and how does it work? question to understand how it works, also you can take a look on How does a CSRF token prevent an attack.
You can implement own csrf protection logic or use existing one like Django CSRF or Flask CSRF Protection etc.( it depends on technologies used on your project).
Make sure to check the "referer" header in Python, and validate that the address is your login page.
I have a Java application (servlet, written by someone else) that does some processing. I have a PHP application (web site HTML that uses PHP in places) on top that posts data to the Java application:
<form method="post" action="http://site/java" onsubmit="return validate(this)">
I have the JavaScript validating, as well onsubmit.
This works fine, but when I try and validate with PHP (in case JS is disabled), I run into problems.
I'm not sure how to do this. I've tried a few things but none has been really what I want. I want to be able to mimic the JS behavior but with PHP.
It would be cool if I could do something like this:
if ('POST' == $_SERVER['REQUEST_METHOD']) {
//do post to servlet
}
I've tried other things like this:
if (isset($_POST['field'])) {
//validate form with function
}
Part of the problem is that the Java application also does some validation and returns some parameters I can get. I might use something like this to check these:
if ($_GET['error'] == 'invalidEmail') {
$error = 'Please enter a valid email address.';
}
How would I do this? Can I use Location response header or does this not send POST data? If I set action="" and post back to page, I can get the PHP to validate but obviously the whole point is to post to the Java application.
You can use REST to post to your java application from php. More specifically the cURL library.
I have very simple web site (which is actually single page), there is one input field and a button.
I need to store data submitted by users somewhere on server side. Perfect way could be simple text file and new lines appended to it after each button click. Log file will be also ok.
As I understand it is not possible with JavaScript itself. I'm looking for easiest solution, preferably with no server-side programming (but if it is required, it should be as easy as possible and work out-of-box). I can use some side service if it could be helpful.
Please help.
Thanks in advance.
UPD. Just want to rephrase the main question. I do not really need to store something on server side. I need to collect some input from users. Is it possible? It would also be ok if it for example will be just sent to my e-mail.
For a very simple form-to-server-log script:
Your form:
<form action="save-to-log.php" method="POST">
<fieldset>
<legend>Add to log</legend>
<p>
Message:
<textarea name="message"></textarea>
</p>
<p>
<input type="submit" value="SAVE" />
</p>
</fieldset>
</form>
Then save-to-log.php
<?php
$log_file_name = 'mylog.log'; // Change to the log file name
$message = $_POST['message']; // incoming message
file_put_contents($log_file_name, $message, FILE_APPEND);
header('Location: /'); // redirect back to the main site
if it's a unix host you'll need to add 755 permissions to the directory of the log so PHP has access to write to it. Other than that, you'll have a form that keeps appending information to mylog.log.
Follow-Up
If you don't necessarily need it store on the server (you mentioned email) you can use the following instead as the PHP script:
<?php
$to_email = 'kardanov#domain.com';
$subject = 'User feedback from site';
$message = $_POST['message'];
// this may need configuring depending on your host. If you find the email isn't
// being sent, look up the error you're receiving or post another question here on
// SO.
mail($to_email, $subject, $message);
header('Location: /');
You can't store information on the server without some sort of server side script.
There are two different places to store data, on the client and on the server.
On the client side, there are lots of ways from cookies to Store.js, however it sounds like you want to store the information on the server.
To store on the server you need some sort of application that can receive posts from javascript/http and save them in a file.
In your case a very simple PHP script like the below would be perfect:
<?php
//Was the request (post or get) parameter data supplied?
if(!empty($_REQUEST['data']) {
$file = 'log.txt';
$data = $_REQUEST['data']."\n";
// using the FILE_APPEND flag to append the content to the end of the file
// and the LOCK_EX flag to prevent anyone else writing to the file at the same time
file_put_contents($file, $data, FILE_APPEND | LOCK_EX);
}
?>
How about dumping JSON to a file with PHP and then loading it on request?
How to safely write JSON data to file using PHP
If you want to get the data sent to your email address, there are several free services that can do this without installing any server side applications... A PHP or CGI script is still being used but it is hosted by the service, not by you.,
All you have to do is paste some code into your site and then all submitted data will be sent to your email address., A lot of people don't have the know-how to do this on their own, or their hosting service will not allow send-mail to work. Thats why these services exist. And of course most of them are supported by ads that are placed in the email that you get from the form. Anyway, here is the link for a good service I found. You can also Google "Free Form Processing" to find more.
https://secure.tectite.com/hf/auth/GetStarted?WWWTECTITE
Hope this helps.
I am working on a basic HTML page that requires the user to send details to a script located on a third-party website. What I require is for the user to fill out a form on my web page, and have that information submitted to another third-party form.
I do not wish to return anything to the user, other than whether the submission was successful or not. I also do not want the user to have to go to this third-party site to submit using their form.
It was suggested by the website itself to use an iframe and hold its form on your page, but I was wondering what other, preferably better methods are available to me. It'd be nice if there were some form of jQuery/js code I could use to do such a thing.
It'd be nice if there were some form
of jQuery/js code I could use to do
such a thing.
One way is to use jQuery's $.ajax or $.post methods like this:
$.ajax({
url: url,
success: function(data) {
alert('succeeded');
}
});
Maybe you could try cURL with CURLOPT_POST and CURLOPT_POSTFIELDS?
well it depends if you have control over the other website as well. as in you are able to access the code.
If you are you can use JSONP to pass the values and get a response, but to do it you will have to assign a callback that is sent and then formatted at the front of a JSON object for it to work (they do this for security).
The other option is to use a php ob_start() function. (Note: this will only work if the form you are trying to submit these values to allow $_GET to be used to proccess the form)
ob_start();
include('http://wwww.anotherwebsite.com?key1=value1&key2=value2&key3=value3');
$returnString = ob_get_contents();
ob_end_clean();
So then from here $returnString is the result, which you can basically search (strpos() to see if true is how I would do it) in php to find key words to see if it was successful or not or what ever you need to check for.
But again, this only works if the form on the remote server uses $_GET and not $_POST (or allows both through globals).
I know this is a php solution, but a warning is that for security purposes, there are serious restrictions on what javascript can do cross server.. the best javascript way to do cross server is JSONP, which jQuery does support so you might want to look into that.. but as I mentioned, for it to work you need to have a callback be able to be sent back with the response, and the response needs to be in a jsonp object format.. (basically you either need to 1. have the other server have a jsonp api for you to use or you have control over the other server's server side files to make the changes needed).
Do you want like that? It's simple form submitting to another website. But, I can't check whether it's successfully submitted or not.
<form action="http://www.another.com">
<input name="myInput" type="text">
<input type="submit" value="Submit">
</form>