Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Authenticate users in database tables


  • Please log in to reply
4 replies to this topic

#1 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:06 PM

Posted 31 August 2011 - 11:52 PM

Hi,

I am making a webpage only using javascript/html/classic asp.

I have an asp page that will "GET" user name and a password and authenticate it in the database and "ECHO" a 0-4 integer based on whether it succeded or not.

My next problem is getting my web page to call the asp page pass it some values (user/pass) and check the return value.

I will need every page of my website to "AUTH" the user or check a "token".

I have looked into AJAX but can't quite get it right, i have it returning the value, but it's a mess and i'm looking for something a little cleaner (plus if i run this page through phonegap/xcode to an iphone app ajax won't check across to a "different domain" as the html/javascript will be on the phone...).

Any help would be appreciated!!

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:06 PM

Posted 06 September 2011 - 08:12 PM

Umm, you may be having some confusion. If a web page is delivered from a particular domain, the ajax absolutely will be able to access code on that domain. But you really shouldn't need to do that anyway.

One simple way is as each page loads, have it 'include' another file; for instance, call it session.php. When the user authenticates it, have it pass it some value calculated by the server (like the session id, for instance). When the page loads, the 'included' file could check to see if that value is valid.

Are you familiar with session variables?

#3 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:06 PM

Posted 07 September 2011 - 10:57 PM

This 'webpage' will be packaged up into an iphone/android app so i can't use server side script, i have a web server set up that i was going to host multiple databases on and have the app use ajax to pull/push data?

Once i have authenticated the user i will store the credentials in session variables.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:06 PM

Posted 08 September 2011 - 06:07 AM

I have no clue what you are proposing to do here. You are going to have a wen server, and a web page running on a mobile device, but it is not going to have access to a server to run server side scripts. If you can't run server side scripts, then you can't use ajax either, because the ajax simply calls a script on the server to connect to the database and return the data.

EDIT: Ajax is an asynchronous javascript call to get some information from a web server. If you are not retrieving web pages from a server, then you have no session, so you need to be a little more clear about what you want to accomplish.

Edited by groovicus, 08 September 2011 - 07:30 AM.


#5 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:12:06 PM

Posted 11 September 2011 - 07:56 PM

OK, to try and clear this up...

I am making a web based "app" for smart phones using sencha touch and phonegap. Smartphones can view the "app" using their local web browser (hence the pages I ship in the app must only use HTML/Javascript). I also have a database/web server set up that i need the "app" to be able to return information from the database/web server using javascript.

I hope this makes sense...

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users