So I am designing a HTML5 site and I have some data in textfields for example, "password" that I need to store into the database on the Apache server. So far I have designed a simple HTML5 site which is capable of passing data to a PHP script for the handling of server information.
If I plan to use Javascripts to implement login/registers, etc is it possible for the Javascript to parse data to my PHP script and will there be any security flaws involved by doing this? Is it also advisable/recommended to have my HTML5 page parse data directly to the PHP page for the handling of storage or are there better methods/means out there?
Using Javascript to pass the data back to the server is fine, but comes with a few caveats.
First off, you might want to consider a fallback for browsers that don't have js available.
Secondly, and much more importantly: Never trust the client. It's difficult to guarantee that data you receive on the server will have gone through all the checks in the browser. The simplest way to deal with it is to make any validation / cleaning that you do on the frontend in javascript also be done on the backend with PHP before you let anything hit your database.
Related
I'm pulling data from the Instagram API and caching it using php for use with a Polymaps application. My question is simple (but probably not simple) -- I've been approaching this from the standpoint that I should format my data in php and then make a json file I can use directly with polymaps.
Would it be better to just cache the json file and use javascript to pull the information I need from it?
Or is this mostly a matter of personal preference?
You should always favor client-side processing in these cases. Server-side processing tends to add up to server load. And it really depends on:
whether JS is a must for your application (in this case, it is; because without javascript those maps are dead anyway and so it will be the processing )
whether the processing mechanism is not hard to replicate and is not a company secret (this is up to you)
I am trying to create a website that will allow users to login with their email and password. To prepare for this I am attempting to learn the languages that will best help me. I have a knowledge of HTML/CSS and am wondering whether to learn PHP or Javascript first. I understand that PHP is server based, does this mean that I will need to provide a server that, for example, their user names/passwords will be stored on? Also, I have been told that Javascript will sometimes be used in PHP, is it necessary that I learn Javascript first?
The only way to secure a login is to have the server do the validation. If you do it on the client, anyone can view the page source and see the code. They can even execute arbitrary javascript code, bypassing any client-side validation.
You will need PHP & some database (MySQL is most common) to create a login system.
You will need to use forms, send the
username and password to a script.
Receive the data and compare the
username & password to the one in
the database
If the login credentials are valid,
create a session variable that keeps
them logged in.
It is worth noting that doing things with only HTTP instead of HTTPS allows hackers (read: Script Kiddies) to hijack your user's sessions if they are on an unsecured network such as open Wi-Fi in Starbucks.
As you say, PHP is server side (executed on a web server), whilst JavaScript is executed on the client side (in the web browser). JavaScript can't be used "in" PHP, but it's often used to improve the user experience on many web sites. However, for the majority of purposes, it can be considered as a separate concern to PHP.
However, let's take a step back. If you think about your problem, you'll probably come to the conclusion that you need to store the information about the users somewhere on the server side, so that you can check the information supplied in the form against the user data you have stored to see if the details are correct. (Once you learn more, you'll most likely decide to store the information in a database, such as the popular MySQL, which PHP can talk to and interrogate using the SQL language.)
However, at this stage of things I'd recommend getting hold of a good book on PHP, or perhaps having a look at the introduction section of the PHP manual, which contains some basic tutorials.
Yikes.
At the minimum you want some sort of server-side language. I'd also highly recommend using a pre-built system, depending upon needs, since security is not easy.
JavaScript is not required.
You will need a host to use for a webserver and for a DB, this can also be your pc check out wamp
Javascript is not required, but using jQuery can certainly help your UI look a lot better. There are a lot of very simple examples of forms (including a login form) inside the jquery site.
Javascript is client-side, it can't auth a user alone, that's were you need PHP. Usually web auth pages don't need javascript, only a client side language, like PHP.
Start with PHP. Javascript is occasionally used for working with PHP on the page (ie., get database info without having to click a "submit" button or navigate to another page.) It is used, for example, to make people's Facebook statuses appear on your homepage in real time. I programmed PHP for years and haven't learned any JS until just recently, so don't worry about it for now.
The posted tutorials (especially on w3) are excellent. There is an excellent tutorial that describes exactly what you are trying to do at devarticles, but it requires a VERY basic understanding of SQL. The example in the tutorial is also fairly unsecure, but it'll teach you the basics of working with MySQL and PHP sessions.
You'll need to run the scripts on a sever that has PHP and MySQL on it, so pay attention to these things when you're looking for hosting.
I am trying to make a plugin that people can place on their site to generate a form. I dont want to use an iframe to display the form but use javascript to generate it.
The problem is how do i connect the javascript and php together. My site is programmed in PHP.
Your getting a liite mixed up, I think.
PHP runs on your server. This is the place where you fetch data from the database and create some form of html-response.
Javascript runs in the browser. It can't directly talk to your database.
iframe is a special html-element: Therfore it is passive and can't do anything like creating a form.
You have two ways:
Create a PHP script which handles everything through plain HTTP-Requests. This is the "old school" way and requires a lot of page-reloading.
Write most of the logic in javascript and let it communicate to PHP/your database through AJAX. In this case. Have a look at jQuery which makes AJAX-requests (and a lot of other things) very easy.
One issue you will be faced with is 'Cross site Scripting' with Javascript / AJAX.
You can read up on it a bit here:
http://snook.ca/archives/javascript/cross_domain_aj
Also, thinking your process through, you will need sufficient javascript code to create a 'widget' on any place, and have a way to communicate BACK to your server (keep in mind PHP only runs local on your machine, so it cannot be used remotely in your javascript).
You will probably need to build a JSON API (google / stack search this if needed).
And enable communication from your JAVASCRIPT to the API (don't think of it as to PHP, even tho php will be your API server side language).
Here is an example of a PHP JSON API (on youtube too):
http://www.youtube.com/watch?v=F5pXxS0y4bg
If you put PHP into JavaScript and someone implements this, PHP will compile on their server. So you just can't. You just need to put the form in your plugin.
I want to write a PHP script that performs a routine task in a web app I use. I am trying to figure out the easiest way to submit a form, click a link, and get some information. What's the easiest way to do this (keeping the session open, etc.).
Javascript would be a better solution than PHP. You can use it in tandem with PHP to submit a form that references the same page, ie. <form method='index.php' action='post'>
If method is GET then you ought to be able to work it out form the URLs of a few real world attempts.
It POST then you are probably SOL unless it's your own web page./app and you know what $_POST it expects ... unless you find a tool to snoop your HTTP traffic and get the POST info from observing a few real wrold examples.
You can use CURL in PHP to simulate submitting data, clicked links, etc., I suppose, but a client-side scripting language like Javascript--as opposed to a server-side language like PHP--is more suited to what you're describing. I'd need more info to give you a specific example.
You will not be able directly emulate those events in PHP as web apps use Javascript on the client side and PHP is a different language and operates on the server side.
Firstly, I would see if there is an open API available for the web app you're wondering about, e.g. Gmail: http://code.google.com/apis/gmail/ . Not all APIs can do what the web app can do, so you'll need to check the documentation to make sure the API does what you want and has an easy way to interface with PHP.
The other option is to essentially reverse engineer how the web app communicates with it's server. Most all web apps operate by sending POST or GET HTTP data in some sort of serialized format like XML, JSON or text. You can use something like the Firebug add-on for Firefox to view POST/GET data. If you know what the server sends to the client and what the client sends to the server, you can essentially write a script using something like CURL to emulate the client in PHP instead of JavaScript. This would take quite a bit of work and probably involves a lot of trail & error.
Is it possible for a web page using Javascript to get data from another website? In my case I want to get it for calculations and graphing a chart. But I'm not sure if this is possible or not due to security concerns. If it is considered a no no but there is a work around I would appreciate being told the work around. I don't want to have to gather this information on the server side if possible.
Any and all help is appreciated.
Learn about JSONP format and cross-site requests (http://en.wikipedia.org/wiki/JSON#JSONP).
You may need to use the "PHP-proxy" script at your server side which will get the information from the websites and provide it to yours Javascript.
The only reliable way is to let "your" webserver act as a proxy. In PHP you can use curl() to fire a HTTP request to an external site and then just echo the response.
You can't pull data from another server due to the same origin policy. You can do some tricks to get around it, such as putting the URL in a <script> tag, but in your case it wouldn't work for just parsing HTML.
Use simple_dom_html, to parse your data server side. it is much easier than doing it in JavaScript anyways.
A simple way you might be able to do this is to use an inline iframe. If the web page you are getting the data from has no headers, or you can isolate the data being pulled in (to say an image or SWF), this might work.
cross-domain javascript used to be impossible, using a (php-)proxy was a workaround for that.
jsonp changes this entirely, it allows to request javascript from another server (if it has an API that supports jsonp, a lot of the bigger webplayers like google, twitter, yahoo, ... do), specifying the callback-function in your code that needs to be triggered to act on the response.
the response in javascript will contain:
a call to a callback-function you defined
the actual payload as a javascript-object.
frameworks like jquery offer easy support for jsonp out of the box.
once you have the raw data you could tie into google chart tools to create graphs on the fly and insert them in your webapp.
Also worth considering is support for XMLHttpRequest Access Control which is support in some modern browsers.
If the service provider that you are trying to access via a web page has this set up, it is a very simple call to XMLHttpRequest and you will get access to the resources on that site without the need for JSONP (especially useful for requests that are not GET, i.e. POST, HEAD etc)