Jump to content

[SOLVED] Using PHP with Javascript.


DJTim666

Recommended Posts

The users at my site have suggested that I allow them to add passwords to their forums topics. So if they only want to limit the topic to a few friends then they can.

 

I want to know if the following code will work.

 

<html>
<head>
<script type="javascript/text">
<!--

function checkPassword(password){

var prompt = prompt('This forum has been password secured by the creator. Please enter the password below.');

if (prompt == password){
alert('You have entered the correct password. Press OK to continue');
}
else {
alert('That was the wrong password. Sorry.')
return false;
}
}
//-->
</script>
</head>
<body>
<?php

$getForums = mysql_query("SELECT * FROM forum_topics WHERE forum=" . $id . "");

echo "<table>";

while ($row = mysql_fetch_array($getForums)){

echo "<tr><td>";
if (empty($row['password'])){
echo "<a href='viewtopic.php?t=" . $row['id'] . "'>" . $row['topic_name'] . "</a></td>";
}
else {
echo "<a href='viewtopic.php?t=" . $row['id'] . "' onClick='checkPassword("" . $row['password'] . "")'>" . $row['topic_name'] . "</a></td>";
}
echo "</tr>";
}
echo "</table>";

?>
</body>
</html>

 

And I just thought of a problem when I was almost done coding it. If a user clicks view source they will be able to see the password... Any way around this?

 

--

DJ

Link to comment
https://forums.phpfreaks.com/topic/71177-solved-using-php-with-javascript/
Share on other sites

It would 'work', but not secure... anybody could look at the page source and see

<a href='viewtopic.php?t=12345' onClick='checkpassword("aPassword")'>aTopic</a>

which would immediately tell them

1) what the password is, and

2) what URL to type in manually to see the topic

 

Generally when doing password protection, it's best to do that server-side...

Suppose a user has JavaScript turned off -- the password protection wouldn't work, they could see every topic!

 

Most forums just allow users to PM each other instead of having passworded topics.

 

That's my take on your code: if you don't want/need the site to be secure, your code is ok, but I really would try to get it more secure.

 

Hope that helps.

javascript is not limited you just have to know what NOT to show and what you can show. You can just d it all server side or.... you use ajax and a session simply do a check on every ajax server script to see if the action id is allow

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.