Jump to content

Recommended Posts

The users at my site have suggested that I allow them to add passwords to their forums topics. So if they only want to limit the topic to a few friends then they can.

 

I want to know if the following code will work.

 

<html>
<head>
<script type="javascript/text">
<!--

function checkPassword(password){

var prompt = prompt('This forum has been password secured by the creator. Please enter the password below.');

if (prompt == password){
alert('You have entered the correct password. Press OK to continue');
}
else {
alert('That was the wrong password. Sorry.')
return false;
}
}
//-->
</script>
</head>
<body>
<?php

$getForums = mysql_query("SELECT * FROM forum_topics WHERE forum=" . $id . "");

echo "<table>";

while ($row = mysql_fetch_array($getForums)){

echo "<tr><td>";
if (empty($row['password'])){
echo "<a href='viewtopic.php?t=" . $row['id'] . "'>" . $row['topic_name'] . "</a></td>";
}
else {
echo "<a href='viewtopic.php?t=" . $row['id'] . "' onClick='checkPassword("" . $row['password'] . "")'>" . $row['topic_name'] . "</a></td>";
}
echo "</tr>";
}
echo "</table>";

?>
</body>
</html>

 

And I just thought of a problem when I was almost done coding it. If a user clicks view source they will be able to see the password... Any way around this?

 

--

DJ

Link to comment
https://forums.phpfreaks.com/topic/71177-solved-using-php-with-javascript/
Share on other sites

It would 'work', but not secure... anybody could look at the page source and see

<a href='viewtopic.php?t=12345' onClick='checkpassword("aPassword")'>aTopic</a>

which would immediately tell them

1) what the password is, and

2) what URL to type in manually to see the topic

 

Generally when doing password protection, it's best to do that server-side...

Suppose a user has JavaScript turned off -- the password protection wouldn't work, they could see every topic!

 

Most forums just allow users to PM each other instead of having passworded topics.

 

That's my take on your code: if you don't want/need the site to be secure, your code is ok, but I really would try to get it more secure.

 

Hope that helps.

javascript is not limited you just have to know what NOT to show and what you can show. You can just d it all server side or.... you use ajax and a session simply do a check on every ajax server script to see if the action id is allow

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.