Jump to content

sending and checking securely

fix3r

By fix3r
in Javascript Help

 Share

Recommended Posts

fix3r Member

fix3r

Posted
Posted

I have a php form for changing a password for my users in the database, and I am trying to do this with ajax so it looks cleaner and doesn't have to wait on the load time, ect..anyways I just want to learn how to do this with ajax .. but I don't really know how exactly?

 

Usually I would just do this:

 

function submit(blah, blah2)
{
request.open('GET', '/blah.php?blah=' + escape(blah) + '&blah2=' + escape(blah2));
request.onreadystatechange = SubmitHandle;
request.send(null);
}

 

then the handle ect..

 

But here is my question.

 

I have 3 fields (current password, new password, confirm password)

 

After submitting (perferably without a button(rather a hyper link) .. don't really know how because using document.change_password.submit(); is not really doing something, I need to check the "current password" field to check with the database.

 

Of course I could do this through the GET command I posted above but I don't really want the info going plain text through headers is what I am getting at.

 

Then, if the password is wrong, it would say its wrong, maybe with document.getElementById('submit').innerHTML = "wrong password" .. ect .. and if it's right then go onto another function to submit check the new password and confirm password and later say if its wrong or then send it through the database with another function..

 

What I am trying to get at is, I don't really want this sensitive data to be sent through the way I am sending it now and I need a way to check with the database first to see if your current password is right or not without it sending the way i am sending it now and how you normally would check it with a basic php page.

 

I know, I am really bad at explaining but if anyone understanded the gibberish I just wrote here I would be very pleased to hear what you had to say.

Link to comment
Share on other sites
mainewoods Newbie

mainewoods

Posted
Posted 

function submit(blah, blah2)
{
request.open('GET', '/blah.php?blah=' + escape(blah) + '&blah2=' + escape(blah2));
request.onreadystatechange = SubmitHandle;
request.send(null);
}

--use 'POST' not 'GET' in request.open when sending passwords through ajax, otherwise the passwords will be on the url and in log files

--the blah.php page will be the one that would check the password against the db and make the change and return 'Success', or return 'Failure' if not.  It would then be up to the javascript client side to differentiate between the two and take appropriate action.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.