attn: php and/or javascript gurus

[brianellisrules]

OK, I won't post my code right away but instead I'll start with a scenario and a question.

Let's say I have a standard link on my page:

<a href="http://www.site.com/blah.php">link</a>

Here's what I'd like to happen... the user clicks on the link. They're prompted with a dialog box. They fill out the info (one word) and then the page that loads checks that word against a stored value.

My initial thought was that the new page would have a javascript in it that would pop up a prompt box for the user. The user inputs the word and the page checks that against the stored value.

I tinkered with that for a while, but I'm pretty sure I'm running into an issue of client-size (javascript) and server-side (php). The purpose of the javascript is to get the variable from the user and the php is to check the variable and process the rest of the page (php/mysql interaction, etc). The problem arises because the javascript is getting the variable after the php has already executed (therefore returning a false value all the time).

(side note: I found some code online to transfer a variable from javascript to php and that part works.)

Is it possible to reload the page with a specific URL? Perhaps the user inputs the variable in the javascript popup, then the page reloads with the variable in the link, so the php can now process it. Something like:

http://www.site.com/blah.php?foo=variable (with ?foo=variable added via the script?)

Man, this is confusing as crap. If anyone can make any sense out of this, I'll be amazed.

 

[superbovine]

asking google for "passing php variables to javascript". there is a lot examples on this.

the basic idea is you can generate the javascript with php therefore you can set variables upon generation of the code.

 

[angelneo]

You can have the prompt box at the page where your link is, after processing, your javascript will open the new link. Something like this:

<script language="Javascript">
function prompt_box () {
    var yourname= prompt('Please enter your name', ' ');
    document.location.href = "http://www.site.com/blah.php?promptvalue="+yourname;
}
</script>
<a href="javascript:prompt_box()">link</a>

Although I wouldn't recommend this way as I find it quite intrusive with any pop up dialog. Why not use a text field instead?

 

[brianellisrules]

Thanks for the replies!

superbovine: I never thought about keeping it in javascript, but after I read your response I though, "duh!" Thanks

angelneo: That's it, thanks! I basically want to keep people out of a certain page/area. I realize it's probably vulnerable as heck, but it should get the job done.

 

[OutThere]

If you want to keep people out of a certain area, a quite secure and really easy to set up system is using .htaccess files. Almost all paid hosting services offer them, and they're really easy to set up if you have your own server. What kind of hosting do you have?

Much simpler than bungling around with php/javascript 'security' that doesn't really do anything to secure the page anyway.

 

[brianellisrules]

If you want to keep people out of a certain area, a quite secure and really easy to set up system is using .htaccess files. Almost all paid hosting services offer them, and they're really easy to set up if you have your own server. What kind of hosting do you have?

Much simpler than bungling around with php/javascript 'security' that doesn't really do anything to secure the page anyway.

Here's the page I'm working with: http://www.brianellisrules.com/milkshakes/

The idea is to make the update section available only to me so I have a convenient way of updating the database. Right now I'm loading the index page and using an include statement to to call the other pages.

If there's a better way to go about it, I'm all ears.

Thanks.

 

[frankblundt]

you can set up basic authentication on each page with a "require" using something like this:

//authenticate user

$username = "you";
$password = "your password";

if (!isset($_SERVER['PHP_AUTH_USER'])) {
	header('WWW-Authenticate: Basic realm="www.yoursite.com"');
	header('HTTP/1.0 401 Unauthorized');
	echo 'You need to be authenticated to use this page';
	exit();

} else {
	if (($_SERVER['PHP_AUTH_USER'] == $username) && ($_SERVER['PHP_AUTH_PW'] == $password)) 
	{ 
	} else {
	header('WWW-Authenticate: Basic realm="www.yoursite.com"');
	header('HTTP/1.0 401 Unauthorized');
		echo "The username and/or password you have entered is incorrect!";
		exit();
	}
}

although including the password in your webserver docs is not that great an idea.

If you don't have access to the Server's admin you can use htaccess but it's a bit clumsy (as they explain)
or if you do (for Apache at least) you can use server authentication