freelance84 Posted January 16, 2011 Share Posted January 16, 2011 Is it possible to get a $_SESSION value into js without actually printing the value in the html source? I want a button to change class and type when the user enters the correct string into a text field which matches a value set in $_SESSION['correct_c'].... I'm guessing this isn't possible as the SESSIONS are set by php by the SERVER. Any tips here would be great. Thanks, John. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted January 16, 2011 Author Share Posted January 16, 2011 http://www.velocityreviews.com/forums/t232172-get-session-variable-in-javascript.html says it can't be done http://www.dotnetspider.com/forum/129085-how-get-session-value-javascript.aspx says you pass it to a js variable... i've tried endlessly but its not working Quote Link to comment Share on other sites More sharing options...
requinix Posted January 16, 2011 Share Posted January 16, 2011 You can use AJAX to ask PHP for the value. If you're doing this for "added security" then don't bother: by doing the work in JavaScript (ie, client-side) you've already lost control of how the code behaves. Should someone be motivated enough they could just trigger the "change class and type" code manually. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted January 16, 2011 Author Share Posted January 16, 2011 It's the login page... Every incorrect login increments a login count by one. At value 3 the user must enter a CAPTCHA to re-enable the login button (even if some forces a class change they won't get past the authenticate without the correct details).... However the whole point of the CAPTCHA here is to stop a "brute force" attempt so i suppose if they can force a class change it renders it all useless... back to php then. Cheers. Quote Link to comment Share on other sites More sharing options...
requinix Posted January 16, 2011 Share Posted January 16, 2011 Oh, I was thinking "class" and "type" were some aspects of your application, not the class and type of an HTML element... When you do the login checks, PHP gets involved. You can keep a counter in PHP/the database so that's fine. Once that hits 3 then the login form requires a captcha as well. Even if someone changes the HTML in a way you don't want them to, the PHP still needs the captcha. Quote Link to comment Share on other sites More sharing options...
freelance84 Posted January 17, 2011 Author Share Posted January 17, 2011 Ok here's what i originally wanted (to cut down on one client - server communication): 1 User logs in from index.php | authenticate.php sends back with fail | index.php increments SESSION log in fail count by 1 | 2 User logs in again | authenticate.php sends back with fail | index.php increments SESSION log in fail count by 1 | 3 User logs in again | authenticate.php sends back with fail | index.php increments SESSION log in fail count by 1 | 4 User now sees the CAPTCHA and the login fields with the login button greyed out and the type changed from submit to button | When the user enters the correct CAPTCHA into the CAPTCHA text field, javascript then changes the login button back to normal without the user doing anything. To do this JS would need to have access to the CAPTCHA stored in the SESSION. What i have now done instead is: When the CAPTCHA is required, index.php does not print the login form, it only prints the CAPTCHA form. Also the authenticate will not run if the SESSION log in fail count is > 2. When the user completes the CAPTCHA correctly the SESSION log in fail count is reset, meaning the user gets another 3 attempts to log in After testing it everything all works fine. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.