Do you have an AJAX / FoxWeb example?
I read the article that you pointed me to and while I understood the concept and the sample that they provided, I have no idea how this would work with FoxWeb.
Have you considered putting an AJAX / FoxWeb sample on the website?
Thanks Again,
Jeff
Sent by FoxWeb Support on 06/28/2006 08:34:17 PM:
You should use AJAX to make an SSL request to the server with the password that the user provided. If the server returns a positive reply, then you should submit the form with JavaScript.
FoxWeb Support Team
support@foxweb.com email |
Sent by Jeff Grippe on 06/28/2006 12:00:09 PM:
I understand and agree but then I'm faced with the problem of how to do it.
The form is a form that requests from 2 - 4 files for uploading. At the bottom of the form is a text box for password entry and a submit button.
I need to check the password before the user clicks the submit button and uploads the files. If I check the PW on the server then I must upload the files first. This is a long time for my users to have to wait just to find out if they typed the PW correctly.
I offered to design the system so that they validated the PW and then got access to the upload screen but my lawyers are insisting that it all has to be done on one screen.
The only way I know to validate at submit is to use JavaScript. When I use JavaScript the code returned from the server contains the PW in the script.
I'm open to any suggestions.
Thanks
Sent by FoxWeb Support on 06/28/2006 10:05:17 AM:
Authentication must be done on the server in order for it to be secure. Under no circumstances should you send the password to the client -- even in encrypted format. If the JavaScript code that will run on the client knows how to decrypt the password (which it needs to in order to validate), then it's not a secure system.
FoxWeb Support Team
support@foxweb.com email |
Sent by Jeff Grippe on 06/28/2006 08:20:45 AM:
Thank you for your reply. I was actually able to achieve the result using the technique that you originally recommended for accessing FoxWeb variables inside of JavaScript.
My next problem is that the page that is served contains the password in the JavaScript code that is generated. This is a problem because a sophisticated user could view the source and acquire the password.
I can not re-organize the page to collect the password somewhere else other than at the time the form is submitted. This is something that my legal department has insisted on.
Is there any way to either encrypt the PW in the JavaScript code or to serve a page whose source can't be viewed?
Thanks again.
Sent by FoxWeb Support on 06/27/2006 08:31:45 PM:
In your original message you asked:
Is there some way to load a value (such as the password that I need to check) into a variable that javascript can access so that I can write code in my validate function to check it against the value in a text input field?
My question referred to the password value. I assume that the user enters a userid in the same form that contains the field that asks for the file to be uploaded. Is this correct? If yes, then why not split the forms in two pages. The first page will ask for the userid and password. Once the user clicks the submit button, a script on the server should validate the password and return a subsequent form that asks for the file to be uploaded.
If you don't want to split the forms, then you will need to use AJAX to make a request to the server, without actually submitting the form. I can't teach you how to employ AJAX technology in this forum, but you can look it up on the Web. A quick search will turn up lots of helpful information on this subject. This article is particularly useful:
http://developer.mozilla.org/en/docs/AJAX:Getting_Started. In fact, the article contains everything you need to know in order to use AJAX in your FoxWeb scripts.
FoxWeb Support Team
support@foxweb.com email |
Sent by Jeff Grippe on 06/27/2006 01:58:07 AM:
I am not sure about the answer to "Do you know the value you are validating against?"
My typical FWX file has the following structure:
<%
* SETUP CODE, GET Session Variables, Open Files, Run Queries, Etc.
%>
// Javascript Validation Code
<HTML>
HTML Stuff
</HTML>
I could lookup the password in the setup code but I think that may be too late, or is it? When is the '<%=pswd%>' from your example resolved? Does my setup code run first allowing me to retreive the value from a database
or session variable?
Thanks!
Sent by FoxWeb Support on 06/26/2006 09:47:40 PM:
Do you know the value you are validating against at the time that the form is served by FoxWeb? If yes, you can dynamically create some JavaScript code that sets the variable value dynamically:
|
<script language="JavaScript">
var password='<%=pswd%>';
</script>
<form ... (your form) |
You could even populate an array with a bunch of values.
If, on the other hand, you are validating against a large set of values (such as your password example), then there are two options:
- Split data entry into two pages. First ask for the values that need to be validated and in the following request return a form that asks for the file upload.
- Use AJAX to retrieve the values that you want to validate against. There are lots of resources on the web that provide information on this subject.
FoxWeb Support Team
support@foxweb.com email |
Sent by Jeff Grippe on 06/26/2006 01:28:51 PM:
I need to validate a form value before the user clicks submit in order to prevent a long file upload when a required password is incorrect.
For validating dates and amount ranges I use a javascript function called validate in some of my forms.
The form line contains onsubmit="return validate()"
Is there some way to load a value (such as the password that I need to check) into a variable that javascript can access so that I can write code in my validate function to check it against the value in a text input field?
Thank you very much.
Jeff