I am a beginner in web programming and I need to create function to change password like in social network. I'm doing it first time and don't know how to do it. I don't know how to create architecture. I'm using backbone.js in user side, I will create userModel (this is backbone model). In server side I'm using Java. I have one idea that: add to UserClass (this is java class) new fields which named
#JsonIgnore
String oldPassword;
#JsonIgnore
String newPassword;
JsonIgnore make field invisible on user side. I will send the fields with userModel from user side,so I check in server side. I think, the idea is not good.
If You know any ways, please, tell me about it !
EDIT
I know how to make html-form. I don't know how to send the filds to server. If I do that:
var val1 // old_pass
var val2 // new_pass
this.model.save({password: val1,new_password: val2});
then model password change to val1, it is not correct, password do not set in user side, because user side haven't model password
I don't know how your server authentication process work but maybe you can try something like this. Create a new View with a user model inside to edit the user attributes. Inside that view render a form that displays the user attributes including the passwords. On the form the user will be able to change his information. Have a button called "Save" or something like that to store the changes. When the button is clicked create a function that grabs the values from the form and using the model save method. This method makes Backbone run a PUT command back to the server. On the server you should be able to handle this request and change the password. A very simple function you can write to save the changes in the view could be something like this:
changePassword = function() {
var attributes;
attributes = {
password: $('#password').val(),
confirm_password: $('#confirm_password').val()
};
this.model.save(attributes);
};
This functions will create an attributes object filled with the password fields and then it sends it back to the server. If you want to understand a little bit more about how the save method work you should check the Backbone documentation. Hope this helps!
Related
I have a project based on documentum, and after user login I'd like to know what's his role.
The reason is that there is a requirment for a menu-action to be enabled just for users who has the specific role.
Assume I have the username (being taken from the login page), how can I do this?
Do I have to put this data on session once the user logged in? I'd prefer to have a one line code that could be called from the client side (javascript) and on the fly doing the disabling of the menu action.
When you login at that service u can create a JSON which will have value of which all menus are enabled for the logged in user.Now when the screen loads with menus u can use this JSON data to hide/display or enable/disable the menu items.
Or else u can write a scriplet tag in the the disables attribute and in the scriplet tag you can call a class static method which returns true or false based in the user details sent.
You can use the following condition to determine the role of a user. I have provided it as a DQL, but you can use the logic to fit it in your code.
select group_name from dm_group where any i_all_users_names = "user_name"
Hope this helps.
I have a database of Students that have to log into a course advisor website using their email and password. I've hard-coded some students in the database to test this and I have the Facade doing what it needs to do but I'm so confused on the Services part of it and how the webpage sends the data to the service and calls the Facade methods I've created. Here's some code.
#Path("/Students/{email}")
#GET
#Produces("text/plain")
#Consumes("application/x-www-form-urlencoded")
public static Student getStudent(#FormParam("studentpass") String password, #FormParam("studentemail") String email)
{
PlannerFacade pf = new PlannerFacade();
Student x = pf.getStudent(email, password); //returns null if the password does not match the one in the Database. Else returns the Student's toString();
return x;
}
I'm confused on how the paths work with the {email}, and how they work in general.
Here is my javascript code:
function getStud(responseType) {
var status=0;
var theEmail = document.getElementById("studform").studentmail.value;
var url = "http://localhost:8080/CP/Students/"+theEmail;
alert(url);
var xmlhttp;
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
else
{// code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("x").innerHTML=xmlhttp.responseText;
}
};
xmlhttp.open("GET",url,true);
xmlhttp.send();
};
Right now I just have a blank div set as 'x' and I'm just trying to see if I can get the script to call the services right and change the div with the id of 'x' to display the Student's info. Classmates of mine were talking about using a combination of JQuery and Ajax is there anything you all know that would make this easier to comprehend?
OK, so there is a lot going on here.
First, your service endpoint should look more like this:
#Path("/students/{username}")
#GET
#Produces("application/json")
public Student getStudent(#HeaderParam("password") String password, #PathParam("username") String username)
Let me explain:
I made it so the path will be something like "/students/bob." An actual E-mail with its special characters could add weirdness you don't want to deal with at this stage of your learning.
I put the password in the HTTP headers. This is insecure too, but I couldn't bear to put it in the path.
The respective locations of these parameters indicate the reason I have #PathParam and #HeaderParam.
No need for static.
You produce JSON because apparently you want to send a Student object back. This means you need to populate a Student object with the data you fetch from the database and serialize it to JSON that the REST client can read.
You will do something like this once you've fetched your data from MySQL:
Student s = new Student("Bob Smith");
s.setStatus("Passing");
//just all the stuff you need to create a Student in Java.
Then you will need to configure your REST framework to use a JSON serializer (like Jackson, GSON, etc) to convert this Java object into JSON that looks like this:
{'name':'Bob Smith', 'status': 'Passing'}
If configured properly, the conversion will "just work." Then your JavaScript REST client will know what to do with the resulting JSON.
As for the JavaScript, your students are right. Use an abstraction rather than fiddle around with the low-level details of the DOM and XHR. JQuery is as good as any. You can find information on how to use JQuery's $.post here. Come to think of it, maybe we should do one of our video tutorials on this topic.
Hope this helps.
I have a template accountlist.scala.html looking like this:
#(accounts: models.domain.AccountList)
#titlebar = {<p>some html</p>}
#content = {
#for(account <- accounts) {
<p>#account.name</p>
}
}
#main(titlebar)(content)
... and another template account.scala.html like this:
#(account: models.domain.Account)
#titlebar = {<p>#account.name</p>}
#content = {
#for(transaction <- account.getTransactions()) {
<p>#transaction.detail</p>
}
}
#main(titlebar)(content)
From both of them I am invoking the template main.scala.html.
I have access to the entire Account POJO in the first view accountlist.scala.html, so really there is no need for me to invoke the server to get the details of the account when I go to the view in which I display the details. I would just like to change view on the client side. How could I call the second view account.scala.html from the view accountlist.scala.html a user clicks on an account in the list? I am ready to change the templates as needed.
I have provided a previous answer, which is still available at the end of this post. From your comments, however I understand that you are asking for something else without understanding how dangerous it is.
There are three ways of handling your use case, let's start with the worst one.
A stateful web application
If you have loaded data into a Pojo from some data source and you want to re-use the Pojo between multiple requests, what you are trying to do is to implement some kind of client-state on the server, such as a cache. Web applications have been developed in this way for long time and this was the source of major bugs and errors. What happens if the underlying account data in the database is updated between one http request and the following? Your client won't see it, because it use cached data. Additionally, what happens when the user performs a back in his browser? How do you get notified on the server side so you keep track of where the user is in his navigation flow? For these and others reasons, Play! is designed to be stateless. If you are really into web applications, you probably need to read about what is the REST architectural style.
A stateless web application
In a stateless web applications, you are not allowed to keep data between two http requests, so you have two ways to handle it:
Generate the user interface in a single shot
This is the approach which you can use when your account data is reduced. You embed all the necessary data from each account into your page and you generate the view, which you keep hidden and you show only when the user clicks. Please note that you can generate the HTML on the server side and with Javascript makes only certain part of your DOM visible, or just transfer a JSON representation of your accounts and use some kind of templating library to build the necessary UI directly on the client
Generate the user interface when required
This approach becomes necessary when the account data structure contains too many informations, and you don't want to transfer all this information for all the accounts on the client at first. For example, if you know the user is going to be interested in seeing the details only of very few accounts, you want to require the details only when the user asks for it.
For example, in your list of accounts you will have a button associated with each account, called details and you will use the account id to send a new request to the server.
#(accounts: models.domain.AccountList)
#titlebar = {<p>some html</p>}
#content = {
#for(account <- accounts) {
<p>#account.name <button class="details" href="#routes.Controllers.account(account.id)">details</button></p>
}
}
Please note that you can also generate the user interface on the client side, but you will still need to retrieve it from the server the data structures when the user clicks on the button. This will ensure that the user retrieves the last available state of the account.
Old answer
If your goal is to reuse your views, Play views are nothing else then Scala classes, so you can import them:
#import packagename._
and then you use it in another template:
#for(account <- accounts) {
#account(account)
}
The question reveals a misunderstanding of play framework templates. When compiling the play project the template code is transformed to html, css and javascript.
You can not "invoke"/link another template showing the account transactions from a href attribute of your Account row. However, you can do any of the following:
In case you have loaded all transactions from all accounts to the client in one go: extend the template to generate separate <div> sections for each account showing the transactions. Also generate javascript to 1) hide the overview div and 2) show the specific transaction div when clicking on one of the accounts in the overview. Please see the knockout library proposed by Edmondo1984 or the accordion or tabs in twitter bootstrap.
In case you only load the account overview from the server. Generate a link such as this one href="#routes.Controllers.account(account.id)" (see Edmondo1984 answer) and make another template to view this data.
Since the question concerned a case in which you got all data from the server, go by option 1.
I'm pretty new to android development. One of my buttons in the app, sends the user to a webpage, where the user can login into specific system.
The webpage has text boxes for username and password. Once you click on the Login button (in the webpage) it triggers a javascript to login into the system.
The code triggered is: onclick="updateAction('TourAccLogin');document.main_form.submit();
The webpage form to login:
My question is:
I have the username and password in the app, I want to know if I can somehow manipulate this form, the sign in automatically without user interference? Meaning, I will fill the username and password, I "click" the login button. So the user will be directed to the system right away, without having to put in the username and password.
This technique has worked for me. In my case, I'm loading a hidden field named in mElementId with a string value stored in someData, then firing its onchange event, which didn't fire on its own. I included it to show how you can stack javascript commands in a single injection. I'm sure a variant of this would work for you.
I also escaped any single quotes to prevent a javascript error. You may need to escape any other special characters, including semicolon. In my case it wasn't necessary because the data had already been cleansed.
// Copy data to element
mWebView.loadUrl("javascript:(function() { " +
"document.getElementById('" + mElementId + "').value = '" +
someData.replace("'", "\'") + "'; " +
"document.getElementById('" + mElementId + "').onchange();" +
"})()");
You say that it is your system, so you know what is running behind the scenes to process the login. I'm not mocking, just verifying. I'm assuming you've created a view of some sort where you have the username/password prior to doing this. I'm questioning this because you ask if there is a way of manipulating the form...
That being said, send the data as you normally would to the script that processes the login. If you're using a GET then http://some.domain.com/somescript?username=mumble&password=foo. If you're using a POST then create the post args and send it. Either way, you can process the results in a webview, which would allow your existing interface to pick up where it should.
Of course, if you're using a hash for the password or salting the password, you will need to do all that prior to sending it.
I am working on an existing Web based application.
Now, I need to secure the application against what I think is called url hacking. For instance, if the customer with customerId 1 is logged in and viewing his profile, the following http get variable will be visible in the address field: customerId=1.
I need to prevent a customer from being able to set customerId=2 and see the profile of another customer.
The problem is that, the application is already in production and in good working condition, so the changes should be minimal with respect to this change.
How is this best achieved?
Any sugggestions/comments?
why do you give the id in the URL when the user should only be allowed to change his profile? I don't see any need for this. Rather get the current user from SecurityConext and display its profile on an URL without the id.
with the new information you gave in the comments I suggest sth. like this:
just check if the given orderid in the URL belongs to the current user.
You're saying you use "normal web based Application" so I assume Servlet/jsp based. In your servlet you would do something like this:
int orderId = Integer.parseInt(request.getParameter("orderId"));
String username = request.getUserPrincipal().getName();
/*now you need to check if username match with the username of the order e.g. by using hibernate to get the order by id and check its user and if not throw PermissionDeniedException or similiar*/
95% agree with Korgen's answer above.
5% - if you want to allow administrator access to edit user profiles using the same functionality just switch to UUID to identify edited user.