I am running a Perl application named bitlfu.For login it is using something like Apache HTTP Basic Auth but not a form.I want to make form for the login with username and password field.
I have tried JavaScript and PHP with no results till now.
So I need help!
PS:
this kind of url works
http://user:password#host.com
I think a simple JavaScript like:
document.location='http://' + user + ':' + pass + '#mydomain.tld';
should do the work.
So basically, you have to create a form, with a user and pass field, then onsubmit, use the part of JavaScript given here:
<form method="post" onsubmit="javascript:document.location='http://' + $('login') + ':' + $('pass') + '#mydomain.tld';">
<input type="text" name="login" id="login" />
<input type="password" name="pass" id="pass" />
<input type="submit" value="ok"/>
</form>
where $() is a document.getElementById or jquery or so. I used the $() function to make the code shorter. Here is an implementation, which does not work on every browser. Again, look throw jQuery for cross browser solution.
function $(_id) { return document.getElementById(_id); }
Otherwise, you can use php and redirect the user with a header location.
php way:
<?php
if (isset($_POST['login']) && isset($_POST['password'])) { header('Location: ' . urlencode($_POST['login']) . ':' . urlencode($_POST['password']) . '#domain.tld'); }
else
{
?>
<form method="post" onsubmit="javascript:document.location='http://' + $('login') + ':' + $('pass') + '#mydomain.tld';">
<input type="text" name="login" id="login" />
<input type="password" name="pass" id="pass" />
<input type="submit" value="ok"/>
</form>
<?php
}
You can redirect the user to http://user:password#host.com with Perl, or using JavaScript. I don't know Perl so I'll show you the JS:
function submitted() {
document.location = "http://" + document.getElementById("username").value + ":" + document.getElementById("password").value + "#host.com";
}
<form onSubmit="submitted">...blablabla...</form>
This should work. The only problem is that this shows the password in the URL.
The awesome AJAX way using jQuery:
$.ajax({
'url': 'http://host.com/',
//'otherSettings': 'othervalues',
username: $("username").val(),
password: $("password").val()
},
sucess: function(result) {
alert('done');
}
});
The ultimate Perl way (I think)
$username = # somehow get username
$password = # somehow get password
use CGI;
my $query=new CGI;
print $query->redirect('http://host.com/');
The method of explicitly redirecting document.location with username#password in URL caused me some problems with Safari giving a phishing warning.
If I instead first make an AJAX request to a URL with basic auth headers added, and then redirect document.location without the username/pass in the URL then it worked better for me
Example
<script
src="https://code.jquery.com/jquery-3.2.1.slim.min.js"
integrity="sha256-k2WSCIexGzOj3Euiig+TlR8gA0EmPjuc79OEeY5L45g="
crossorigin="anonymous"></script>
<script>
$(document).ready(function() {
$('form').submit(function() {
$.ajax({
url: 'https://site/collaborators/',
username: $("#login").val(),
password: $("#pass").val()
}).done(function() {
$("#error_msg").html("");
document.location='https://site/collaborators/';
}).fail(function(result) {
console.error(result);
$("#error_msg").html("Error logging in: "+result.statusText);
});
return false;
});
});
</script>
<div id="error_msg" style="color: red"></div>
<form method="post">
Username:
<input type="text" name="login" id="login" />
Password:
<input type="password" name="pass" id="pass" />
<input type="submit" value="Submit"/>
</form>
Unfortunate caveat with Safari only, if you type your username and password incorrectly, then it makes another standard HTTP basic auth popup, but this is better than a big red "Phishing warning" that occurs when you make the document.location include username/pass
Chrome doesn't have duplicate popup if login credentials are incorrect though
This is a simple plug&play solution ;-). Will work for any domain (and on HTTPS too):
<script>
function submitAuthForm() {
var login = document.getElementById('login').value;
var pass = document.getElementById('pass').value;
location = location.href.replace('://', '://' + encodeURIComponent(login) + ':' + encodeURIComponent(pass) + '#');
// might be required to reload on Firefox (FF shows confirmation dialog)
setTimeout(function(){
location.reload(true);
}, 5000);
}
</script>
<form method="get" onsubmit="submitAuthForm(); return false">
<input type="text" id="login" />
<input type="password" id="pass" />
<input type="submit" value="OK" />
</form>
You can drop this in your 401 error document.
Note that return false is required so that the page is not reloaded twice.
Related
What is a cross browser way to disable autocomplete for input fields in a login form ?
I have already used autocomplete='off' which is not working in chrome for example
Thank
So Chrome doesn't care about "autocomplete" anymore so you have to trick it into saving empty fields or nothing at all. Here is one possible solution:
<form action='/login' class='login-form' autocomplete='off'>
Email:
<input type='email' name='email-email-input'>
<input type='hidden' name='email'>
Password:
<input type='password' name='password-input'>
<input type='hidden' name='password'>
</form>
<script>
$('.login-form').on('submit', function() {
$('[name="email"]').val($('[name="email-input"]').val());
$('[name="email-input"]').val('');
$('[name="password"]').val($('[name="password-input"]').val());
$('[name="password-input"]').val('');
});
</script>
I have one input bar which must redirect to another https page (contains google-search) on submit. The code of the form is the next:
<form class="navbar-form navbar-left hide-inputs buscadoMovilLine" role="search" target="_blank" action-xhr="https://www.tuotromedico.com/buscadorg.php" action="https://www.tuotromedico.com/buscadorg.php" method="get">
<div class="form-group buscador">
<input class="SearchInputMovil2 inl" type="text" placeholder="Buscar..." class="form-control" name="q">
<button class="inl" type="submit" class="btn btn-default"><i class="fa fa-search lupaBuscarMovilBoton2" aria-hidden="true"></i></button>
</div>
</form>
I have added the amp-form extension too. The official documentation says this:
Redirecting after a submission
amp-form also allows publishers to redirect users to a new page after a submission happens through AMP-Redirect-To response header.
Note that you'd also have to update your Access-Control-Expose-Headers
response header to include AMP-Redirect-To to the list of allowed
headers.
The redirect URL must be absolute HTTPS URL otherwise AMP will throw
an error and redirection won't happen.
https://www.ampproject.org/es/docs/reference/components/dynamic/amp-form
But im not sure how have i to specify that.
I know 2 ways, this is for node:
app.post('/register', function (req, res) {
let form = new formidable.IncomingForm();
form.parse(req, function (err, fields) {
res.setHeader('AMP-Access-Control-Allow-Source-Origin', 'https://example.com/');
if (fields.first_name && fields.last_name) {
res.setHeader('AMP-Redirect-To', 'https://example.com/some-key');
res.status(200).json(fields);
} else {
res.status(400).json({error: 'Please select a size.'});
}
});
and the second, in amp you can use navigateTo()
<form class="proceed__form" method="post" id="requirements-form"
action-xhr="https://localhost:4040/check-requirements"
target="_top"
on="submit-success:AMP.navigateTo(url='https://google.com')"
>
</form>
OR you can get variable from response
(res.status(200).json({message: 'success', navigateTo: domain + '/profile'});)
<form class="proceed__form" method="post" id="requirements-form"
action-xhr="https://localhost:4040/check-requirements"
target="_top"
on="submit-success:AMP.navigateTo(url=event.response.navigateTo)"
>
</form>
I'm trying to insert a variable collected from a form into a URL, but I don't want the "?variable=value" part of the URL.
<form action="http://www.example.com/<?php echo htmlspecialchars($_GET['entry']);?>/" method="GET">
<input type="text" value="" name="entry" id="entry">
<input type='submit'>
</form>
Is there any easy way to do this? I want the browser to go to the following URL when the user types "whatever"
http://www.example.com/whatever/
Edit:
I've changed the code to the following, which seems to work, but have I now introduced a script vulnerability?
<form onSubmit=" location.href = 'https://www.example.com/' + document.getElementById('entry').value + '/' ; return false; ">
<input type="text" value="" name="entry" id="entry" placeholder="Your Promo Code">
<input name="promoSubmit" type="submit" value="Buy Now">
</form>
you could use javascript for this kind of tasks, i don't see why would you involve server side for such thing
but the easiest answer will be like:
<script>
function go(){
window.location='http://www.example.com/'+document.getElementById('url').value;
}
</script>
<input type='text' id='url'>
<button id='btn_go' onclick='javascript:go();'>Go</button>
I am used to get the echo message of the php script using the jquery ajax success function now I use a plugin but I dont know how to use it
my approach is this but definitely do not work how should the right way? It just go directly to my php script
$(function() {
$('form').ajaxForm(function() {
success: function(data){
$('.new-profile-pic').html(data);
}
});
});
HTML:
<p class="new-profile-pic">
<!--Image should be here-->
</p>
<form enctype="multipart/form-data" action="upload-image.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
<input class="profile-pic-name" name="uploadedfile" type="file">
<input type="submit">
</form>
PHP:
<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo '<img alt="" src="'.$target_path.'">';
} else{
echo "There was an error uploading the file, please try again!";
}
?>
You need to prevent the default action from occuring.
I believe this post has the answer you are looking for:
How do I submit a form using jquery (ajaxForm plugin) to an external site but not reload to a different page?
You need to use .preventDefault() on the submit event, or get it to return false on the form submit, e.g.:
<form enctype="multipart/form-data" action="upload-image.php" method="post" onsubmit="return false;">
I'm very very new on HTML5 development and this question could be very silly but I've found an answer for it (or I've searched very well).
I want to send a form to a web service via post (I don't want to show all fields in URL).
I have two question:
How must I named forms fields? If I trying to send an userName I think I have to put this test as ID to the field which will held that value.
And this is because I'm so curious. Which is the post message content which is sent to web service?
This is an example that I've found searching Internet:
<FORM action="http://somesite.com/prog/adduser" method="post">
<P>
<LABEL for="firstname">First name: </LABEL>
<INPUT type="text" id="firstname"><BR>
<LABEL for="lastname">Last name: </LABEL>
<INPUT type="text" id="lastname"><BR>
<LABEL for="email">email: </LABEL>
<INPUT type="text" id="email"><BR>
<INPUT type="radio" name="sex" value="Male"> Male<BR>
<INPUT type="radio" name="sex" value="Female"> Female<BR>
<INPUT type="submit" value="Send"> <INPUT type="reset">
</P>
</FORM
I think I will need those ids to get those values while processing them on web service, isn't it?
It depends, you could do a post to a page with a redirect (in .NET you would handle it this way):
<form action="http://myurl/postpage.ashx" method="post">
<input name="forename" />
<input name="surname" />
<input type="submit" value="Submit" />
</form>
And then pick this up in the server side script at postpage.ashx using:
string forename = Request["forename"];
string surname = Request["surname"];
You could also use jQuery to make an ajax call to the same page using the following:
var forename = $("input[name=\"forename\"]").val();
var surname = $("input[name=\"surname\"]").val();
$.ajax({
url: "http://myurl/postpage.ashx",
type: "POST",
async: true, // set to false if you don't mind the page pausing while waiting for response
cache: false,
dataType: "json",
data: "{ 'forename': '" + forename + "', 'surname': '" + surname + "' }",
contentType: "application/json; charset=utf-8",
success: function(data) {
// handle your successful response here
},
error: function(xhr, ajaxOptions, thrownError) {
// handle your fail response here
}
});
You would handle the post in the server side code the same way. The key thing to note here is that whatever you enter as the name attribute of your input element is what will get POSTed as a key/value pair to your receiving URL.
every web service should give you something like WSDL which normally contains specification of available fields and methods you can use. if the webservice you are connecting to have url webservice.com than try webservice.com/wsdl to get the WSDL.
Check this topic: click
Attribute "name" is the one that needs to be unique in order to pass that parameter to a Servlet (or wherever). The post method then encrypts the message and sends it to the Servlet.
<form method="post" action = "LoginServlet">
Name: <input type="text" name="userName">
Password: <input type="password" name="password">
<input type="submit" name = "Login" class="button">
</form>
In order to access that data you will do something like this in the Servlet:
String userName = request.getParameter("userName");