Page 1 of 1
Need help with Javascript
Posted: Wed Aug 30, 2006 9:54 am
by Bigun
Ok, the, I believe that the PHP portion of the code is done.
But there are some things that I believe cannot be done by PHP, some 'realtime' things.
For instance, on my site, a current password is required before any changes can be made, including pictures, music, so on....
So, by the time the user has uploaded an entire song, they find out they didn't type their password.
So, this would have to be coded in javascript... right?
Posted: Wed Aug 30, 2006 10:04 am
by Luke
That made very little sense, but my answer is no. You don't need javascript. Until you make more sense of what you said, that will stay my answer.
Posted: Wed Aug 30, 2006 10:08 am
by CoderGoblin
Only PHP...
At it's simplest 3 scripts, Login.php,Index_list.php,Download.php
Login.php - Login form, when sucessful set userid (whatever) in a session. If no previous information is stored go to Index_list.php otherwise use the stored information to go back to where you came from.
download.php - Checks if userid is set, if not store information (again session) and go to Login.php
This means PHP is used at all times. Using javascript to log in could be a security issue has the javascript would be examined.
Posted: Wed Aug 30, 2006 10:17 am
by Bigun
I'll reword it...
You have an account...
You have a form that you post an MP3's path....
You have an upload speed of 10Kbps....
It takes 10 minutes to upload the MP3...
Aww damn... didn't type the password, have to do it all over again...
Anyway I can check for a password before the form is processed?
Posted: Wed Aug 30, 2006 10:20 am
by Luke
wouldn't you make the user log in before even seeing that form?
Posted: Wed Aug 30, 2006 10:21 am
by Bigun
Yes, they are logged in... but I'm thinking of the user walking away from the keyboard and some jackass comes along and f***s it up.
*OR*... they have their login set through cookies and are logged in for 3 days, same scenario.
Posted: Wed Aug 30, 2006 10:22 am
by malcolmboston
personally i would do
Code: Select all
if (isset(($_SESSION['username'])) {
// set at login time
// show form
} else {
// the user has not logged in
// auto-redirect
header ("Location: login.php);
}
Posted: Wed Aug 30, 2006 10:23 am
by Bigun
malcolmboston wrote:personally i would do
Code: Select all
if (!isset(($_SESSION['username'])) {
// set at login time
// show form
} else {
// the user has not logged in
// auto-redirect
// header ("Location: login.php);
}
Again.... the user *has* to be logged in to even see this page
Posted: Wed Aug 30, 2006 10:25 am
by Luke
so why would they need to enter a password if they are already logged in?
Posted: Wed Aug 30, 2006 10:27 am
by Bigun
To keep other people from 'locally' screwing up any settings.
Just an extra layer of CYA.
Posted: Wed Aug 30, 2006 10:49 am
by nincha
save a time stamp on the session when user logs in. In the file that the form is going to (action=file.php)
check the timestamp. Or add another field for the user to enter password and authenticate the user again.