I would like to use authentication form on every page (in the header of the page), so user could authenticated from any page.
I'm using Tomcat's FORM based authentication, but when i go to my index page, and try to login using the form in the header, I get:
HTTP 400 - Invalid Direct Reference To Login Page
Is there any workaround I could use, some settings in web.xml maybe, to solve this problem?
Edit:
Here is the header's login form:
<form method="post" action="j_security_check">
<input type="text" name="j_username" class="login"/>
<input type="password" name="j_password" class="login"/>
<input type="submit" value="Login"/>
</form>
The concept of Tomcat's form based authentication is that it intercepts unauthenticated requests to protected pages and internally redirects to a separate login page. It also saves the original page request. Once the user has successfully logged in, the original page request is replayed and the protected page is displayed.
What you are trying to achieve is - as far as I can derive from your short description - something different. Basically, all your pages are public. Optionally, a user can log in and will then get personalized pages.
Tomcat won't help you implementing this. When you use the j_security_check action, it will be unable to do anything because it never intercepted a request in the first place.
Instead, it's probably easier to check the username and password yourself if the login form is submitted. If they are okay, just put the username into your session data. An authenticated session can easily be recognized as it contains the username in the session data.
There is probably even a way to reuse the Tomcat realms that are e.g. able to check username and password against a database. But I don't know for sure.
Are you stated your login screen as "welcome" ? In case of success login it tries to loop you through login page again. What is welcome-page tag in your web.xml ?
Related
I'm following this blog post. But I'm getting 403 error in AEM 6.1.
I do not want to change in 'Apache Sling Referrer Filter'.
I think this error is coming because of CSRF token which I can get by calling /libs/granite/csrf/token.json
But how can I add this CSRF token in this form header? Or is there any other way to make it work?
you can add the csrf token with the standalone tag
<cq:includeClientLib categories="granite.csrf.standalone" />
you can add this on every page you use a form, or maybe you have a masterpage witch inherits to every page
the csrf token is a hidden field, before the formular is sent. it looks like
<input type="hidden" name=":cq_csrf_token" value="4a6sd4f6as4df6as.a5s4df6a4sdf674asd96f"></input>
As your page is outside AEM, one way to handle this globally would be to include the granite csrf JS in your application and modify it to point to your AEM token.json url. This script takes care of form posts, AJAX calls at a global level.
Secondly, this script does some checks related server url hosts and context paths. So you will have to disable those as well. It's a fairly simple JS to modify.
I know this is not an ethical approach but using AEM in this manner is also not a normal usecase :)
I have a really simple form that allows a user to input an email address here:
<form method="post" action="http://www.mydomain.com/page2/">
<input type="email" name="email">
<input type="submit" value="Submit">
</form>
This works correctly and it takes the visitor to www.mydomain.com/page2 when the submit button is clicked.
I am trying to get it to email me this input email address also when the submit button is clicked. I understand how to email using PHP but can the action have two urls?
Or is there a simpler way of doing this?
On /page2/ access the email in the global variable $_POST['email']. And then you can send it to yourself with PHP mail(). Example:
mail('myemail#domain.com', 'Someone submitted my form', 'Their email was: ' . $_POST['email']);
If you are stuck somewhere else, let me know and I can update the answer.
Once a form is submitted, you are no longer on that page. You've navigated away.
The other way you can do this is submit the first action via AJAX, then submit the form naturally to the second destination. I would suggest using jQuery to make your AJAX calls since most of the AJAX code is already there for you to use.
Another option is to have page2 be a php script, and have it perform the two actions once it receives the form data. See: Post to another page within a PHP script
I understand how to email using PHP
Then I would recommend writing some PHP code that sends the email to you.
but can the action have two urls?
No. A web browser can't make two requests at the same time. Which response would take precedence?
Nor does it need to. Now, you have a target already:
http://www.mydomain.com/page2/
Don't you control that page? That would be the page on which you'd put your PHP code for sending an email. If you don't control that page, then you would want an intermediary page. Something like:
sendmailandredirect.php
(Named solely to illustrate intent, you can call it what you like.) What this page would do is send the email, then issue a redirect to your final target. Something like:
header('Location: http://www.mydomain.com/page2/');
In effect, there would be "two urls" but they're invoked in serial instead of in parallel.
If you wanted to keep the code seperate and the action url as /page2/ you could fire off an ajax request on submit to your sendmail handler.
<FORM ID='htmlform' action="" onsubmit="return valforms(this)">
.....
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
When the user is done filling out the form, and clicks the submit button, I want all of the form information to be sent to me. How do I do this? This is only part of the code, the whole code is too long for me to type in here.
To reply on your question:
Oh, so like the page that emails the data is that an html page that I can have a message saying, "Thank you for your interest, you will hear back from us soon." and then have the page redirect to the home page again? I hope I'm not getting too complicated with this
You're almost right. Let me explain it to you:
the user gets a HTML page that was made in PHP, ASP,.. to fill in
some data in a form
the user fills in the data and clicks a button
The action on the button tells the server to process the page, or have another page to process it. Let's call this page PageX
PageX (written in PHP, ASP,...) will email the data to you
You can also have pageX return some text to the user's browser saying "thank you for your interest,....". You can also make a redirect to another page from this page
Does this answer your question?
The action part of the form element tells the browser what URL to post the information to. You would need to specify some page with some server-side code that would take that information and store it or send it in an email. The onsubmit part of your form element fires a JavaScript event that can be handled on the client's machine. You cannot do much on the client's machine without sending the data back to the server.
I have a simple form on my site that allows users to add comments on photos. However, the form doenst use ajax (like facebook). Instead, it submits the form and refreshes the page. This is fine however, if a user reloads the page, there is an alert that he/she will resubmit the data resulting in two of the same comments. Id like to remove this resubmit without sending the user to a confirmation page. Thanks.
Here is my form:
<form name='form' action='index.php' method='POST'>
<input type='text' name='comment'>
<input type='submit' value='submit' name='submit'>
PHP:
if (isset($_POST['submit'])){
$comment=$_POST[comment];
$time=time();
$id=$_GET['id'];
$put=mysql_query("INSERT INTO comments VALUES ('','$user','$time','$comment','$id')");
Is your PHP script simply re-rendering the page in response to a form post? The standard way to get the behavior you describe is that it should either return a HTTP status of 204 (No content) or 303 (see other, with a redirect to the page you want to show).
We're hosting a PHP facebook canvas application (http://apps.facebook.com/myapp). One of the pages (http://apps.facebook.com/myapp/foobar) requires authentication from facebook so we can access some information about the user. This is achieved by using the PHP-SDK's $facebook->getLoginUrl() method to generate the url for authentication and works as expected.
We have since added the app to as a Tab (iFrame) to our Page (http://www.facebook.com/MyPage?sk=app_nnnnn). Now when we try to authenticate the user they are redirected to the app's url (http://apps.facebook.com/myapp/foobar) rather than having the /foobar page load in the Tab's iFrame as expected.
Is it possible to set the auth so that it doesn't bounce to the app's url but stays within the Tab using the PHP-SDK? If so, what is the workflow I should follow to achieve this?
I would simply add code to http://apps.facebook.com/myapp/foobar to check for authentication, and if it is, echo:
<script type="text/javascript">
top.location.href = 'http://www.facebook.com/MyPage?sk=whatever';
</script>
That should break out of the iframe and redirect you to where you want to go.
The way I have achieved this is to do the following:
On the /myapp/foobar page I check to see whether the user has been authenticated. If they haven't I set a session value and use the PHP-SDK's $facebook->getLoginUrl() to generate the auth url and send a response back containing just the javascript to redirect window.top.
Once they've authenticated they're redirected back to the main page. When this page loads it checks for the session value and, if set, removes it and issues a redirect header to /myapp/foobar.
It's a little convoluted but seems to be quite a stable solution.