hey guys,
on the main page of my site, i have a login area (user/pass text
boxes). when the user submits the form, the page is reloaded with with
a global php variable "loggedIn" set to true. i also store the
username and password in the page in a hidden form -- so that it can be
passed to other pages on the site through standard navigation
(maintaining the "loggedIn" status). however, is there any way to save
this information if the user hits refresh? as it stands, whenever the
user hits refresh, the user/pass data is lost, and loggedIn is set to
false. can this be worked around without using cookies? thanks!
4  2036 
This is more of a PHP question than JavaScript. Take a look at PHP
sessions-- they do use cookies when they can, and don't when they
can't.
I'd say it's generally bad practice to have the password sent back and
forth so often, especially as the password might be cached by the
user's browser.
If you're not concerned about it (bad!), you might try having the
username and password as part of the URL
(mypage.php?use rname=Random&pa ssword=lost+hop e)
though that's far worse, I should think...
yeah, you're definitely right -- saving and passing around the password
is a bad idea. after i've verified that their username/pass is valid
(a database check), all i really need to pass around is the "login
status" and their "username" -- which could really just be condensed
down to username (when not null, the person is logged in). passing
around the username would allow them to post messages in their own
name, etc without having to continuously re-enter it. i could do what
you're suggesting, and do something like: "mypage.php?use rname=random",
however, then anyone could impersonate somebody else, by simply typing
"?username=rand om" into their browser. that's why i was trying to
store the username in a hidden form. but it seems there isn't any way
to grab that info when the page is refreshed. unless i'm missing
something?
The hidden form idea is still very easily forged.
What's to say I don't make a form, store it locally, and click a button
to impersonate someone?
<form action=http://losthope.com/mypage.php method=POST>
<input type=text name=username />
<input type=hidden name=loggedin value=1 />
<input type=submit value=Impersona te />
</form>
[File > Save As > C:\NameThief.ht ml]
See what I mean?
Check out PHP sessions. They'll take care of you.
But if you absolutely want to do it with an embedded form field...
well, refreshing shouldn't make a difference, because theoretically the
browser should repeat the exact same HTTP request it used in the first
place. i.e. Same form data.
There is no (simple, reliable) way to make JavaScript help you here.
The entire JavaScript 'state' is lost upon page refresh.
(if you're adamant, you could use an unload event handler that opens a
new window which monitors the main window for a return to your site and
auto-re-populates the information you want, then closes itself. but
this is really a lot of trouble when PHP [which you're already
implementing] can do all of this automatically with sessions)
P.S.
Did I mention PHP sessions?
lost hope wrote: yeah, you're definitely right -- saving and passing around the
password is a bad idea. after i've verified that their username/pass is valid
(a database check), all i really need to pass around is the "login
status" and their "username" -- which could really just be condensed
down to username (when not null, the person is logged in). passing
around the username would allow them to post messages in their own
name, etc without having to continuously re-enter it. i could do
what you're suggesting, and do something like:
"mypage.php?use rname=random", however, then anyone could impersonate somebody else, by simply
typing "?username=rand om" into their browser. that's why i was trying to
store the username in a hidden form. but it seems there isn't any
way to grab that info when the page is refreshed. unless i'm missing
something?
heh, ok, PHP sessions it will be! i was wondering if one could easily
circumvent the hidden form part, and it certainly seems to be the case.
i suppose it's time for a bit o' php research ;) thanks for the help!
Random wrote: The hidden form idea is still very easily forged.
What's to say I don't make a form, store it locally, and click a
button to impersonate someone?
<form action=http://losthope.com/mypage.php method=POST>
<input type=text name=username />
<input type=hidden name=loggedin value=1 />
<input type=submit value=Impersona te />
</form>
[File > Save As > C:\NameThief.ht ml]
See what I mean?
Check out PHP sessions. They'll take care of you.
But if you absolutely want to do it with an embedded form field...
well, refreshing shouldn't make a difference, because theoretically
the browser should repeat the exact same HTTP request it used in the
first place. i.e. Same form data.
There is no (simple, reliable) way to make JavaScript help you here.
The entire JavaScript 'state' is lost upon page refresh.
(if you're adamant, you could use an unload event handler that opens
a new window which monitors the main window for a return to your site
and auto-re-populates the information you want, then closes itself. but
this is really a lot of trouble when PHP [which you're already
implementing] can do all of this automatically with sessions)
P.S.
Did I mention PHP sessions?
lost hope wrote: yeah, you're definitely right -- saving and passing around the
password is a bad idea. after i've verified that their username/pass is
valid (a database check), all i really need to pass around is the "login
status" and their "username" -- which could really just be
condensed down to username (when not null, the person is logged in). passing
around the username would allow them to post messages in their own
name, etc without having to continuously re-enter it. i could do
what you're suggesting, and do something like:
"mypage.php?use rname=random", however, then anyone could impersonate somebody else, by simply
typing "?username=rand om" into their browser. that's why i was trying to
store the username in a hidden form. but it seems there isn't any
way to grab that info when the page is refreshed. unless i'm missing
something? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: XP |
last post by:
I am having problems with the blow page. I have a login page where I
enter the userid and password. This then connects to this page. If I
enter the userid and password correctly, it prints successfully logged
into system. If I enter the wrong information all I get is an erro page
HTTP status 502 etc.
Can anyone help?
<?php
|
by: Wayne Smith |
last post by:
Applies to: Microsoft FrontPage 2000, Microsoft Access 2000, IIS 5.0
Operating System: Microsoft Windows 2000 Professional
I am trying to protect a portion of a web site by allowing users to register a username and password & then login with those details, but so far I am having only marginal success. I am far from an expert on ASP programming, indeed the code I am using comes from "Sams Teach Yourself E-Commerce Programming with ASP" but it...
|
by: Geoffrey Callaghan |
last post by:
I have a set of variables in an ASP Page that are sent from another page
using properties. This works fine. However, when I refresh that page, those
properties are lost. How do I maintain those values between refreshes? I
tried creating another set of properties, but that didn't work.
|
by: satishknight |
last post by:
Hi,
Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it has to tell then them its wrong information but currently it takes then to a next page and then tells them its incorrect information. This is tedious as every time they enter wrong they will be redirected to a different page and then they have to...
|
by: darrel |
last post by:
This is an issue I brought up probably a year or so ago, got some advice,
then was sidetracked on the project until now. So, here I am again. ;o)
The situation is that we have an older chunk of code I've been tasked to
maintain 'as-is'. It's a CMS we wrote in ASP.net 1.1 about 4 years ago.
It works.
But we have one major issue and that's when people log in, maybe 5% of the
time, the end up with someone elses credentials. There's...
| | |
by: mcfly1204 |
last post by:
I am attempting to use WebRequest to access a page that requires a login/password to access. My last WebRequest continues to timeout. Any help or thoughts would be appreciated.
namespace FormsAuthTest
{
class Program
{
static void Main(string args)
{
HttpWebRequest request = null;
|
by: tvnaidu |
last post by:
I have Two kinds of web pagess, one is for control page for only admin login, another one is to view status for user login. initially both html files can view with 192.168.0.10/control.htm and other file is 192.168.0.10/status.htm. I searched on Internet and I got some login code. this login comes when I give 192.168.0.10, then I gets login page, I can login with admin/admin, also I can login with user/user, once login, the corresponding page...
|
by: tvnaidu |
last post by:
This is the Java script I am using fo rlogin page, but cursor not pointing to login box, any idea how can I point cursor to login box when this page loaded?. here admin login take to control page and user login take to status page, if I give direct path without goto login, both pages display, can I add a check if user didn't login, then redirect to login page for both control.htm and status.htm, let me know. thanks in advance.
<script...
|
by: Apostle |
last post by:
Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting the progress and I hope you guys will help me.
The code below is what I have so far. Just put two scripts in the same directory and that is! I hope you will help me
Thanks!
class.php
<?php
//php login sytem
class LoginRegister{
function...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
