I am sending form with fields email and password through ajax request.if they do not match i am getting response 'username and password is not correct' in Div id.If name and password match page should be redirect to another page.But i am getting whole page in same div id.I want if password and name match than page redirect to another page and if password and name not match than it give the response in same id.
Why not have your webapp redirect to a different page instead of relying on ajax?
After loading (onload/onComplete (prototypejs)/done (jQuery)) you can simply check the div (or responseText) if it contains username and password is not correct. If not (e.g. with indexOf), simply window.location.href = 'loggedin.php';.
Related
i'm trying to redirect to a URL from a ajax success function, but the parameter xd_co_f is appended to the query of the URL when redirected. How do I remove the unwanted parameter?
I tried to hardcode the URL to anchor tag i did not face this issue only when redirecting from ajax success function.
Please check whether your site uses Oracle infinity analytics.
xd_co_f is appended to your URL if you use Oracle infinity for analytics.
I am using AUTH 0 server . and I am new to this one. I need passwords confirmation template and in this template a URL field is defined. but I didn't get , where the URL value is defined.
Please check the images attached. while calling the email verification end point the template is mailed in to the mail. but the if we redirect to the URL filed it shows blank.
where I can identify the value of URL and its template design
Please help me
in the 3rd image , I am asking about the {{url}}
The value for {{url}} is just a placeholder - the value comes from Auth0, but AFAIK you can't change the value of this variable. If you want a different URL in your email template, you could just remove '{{url}}' and replace it with any hard coded value.
In your example template above, the email that gets sent to the user will have a "Confirm my account" hyperlink with a href value to whatever the value of {{url}} was substituted with (as mentioned the value comes from Auth0).
When you click on the link, it will go to your Auth0 tenant and update email_verified to true for the specific user clicking on the link. Auth0 will then return a HTTP 3XX redirect response (302 from memory) with a location header of whatever you set as the "Redirect To" field in the email template.
I have posts, where users able to delete or edit them. And when I redirect them I was sending url with id number, like: test.dev/delete/15, where 15 is my id of post which should be deleted. Then I tested sending id in route like route('delete',['id' => $post->id]). In the end I realized that both methods include id number in url. I mean, for url it shows url test.dev/delete/15 and for route it shows test.dev/delete?id=15
So I was wondering if we can send id, without showing them in url, I am afraid that curious users may try to get use of these flaws
As you will always have to display the id somewhere on the page to send it through either a hidden field or id in the url all of which a user can change. That is why you should check in the Back-End if the user has privelege to delete that post or not
I am sending email to user, in that email one link is there to redirect that user to rails application. I want that link to be in encrypted form with domain name for example:
https://www.domain_name.com?hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
when user click on this link, he should directly redirect to controller method we specified in that URL which is not visible.
Controller and methods given in URL may vary according to user.
So my question is how we can do this in rails.
If I encrypt controller name, method name and parameter we passed. How routes file come to know where to redirect this URL? How to decrypt this in routes file and redirect internally to decrypted URL?
Life will be easier if you can do a slight modification to your url, something like:
https://www.domain_name.com/enc/hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr
Then you can create a route for that path to redirect where you want.
get '/enc/:encoded_path' => "controller#action"
This would give you access to params[:encoded_path], which would equal hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr in this case. From there, you could decode in the controller and then redirect however you want.
That's not the right approach. Here's what you can do instead:
Create a new controller action, say for instance, activate.
def activate
activation_token = params[:auth_token]
....
your logic to do whatever with this token
end
Create a corresponding route:
match '/activate' => 'your_awesome_controller#activate'
Now, when you email your users, I'm guessing you're sending some sort of activation token. If not, create two new fields in your users table:
activation_token:string
activated:boolean
Use some unique string generation algorithm to generate your activation_token and email it to your user:
yourdomain.com/activate?auth_token=user.activation_token
I'm using Azure ACS in my ASP.net MVC 3 website (hosted in Azure too), the scenario is this:
A user first enters my website and fills a one field form, then they need to chose a provider and login, but first I want to store the field value so when they come back from login I'm able to create a profile with this value for the loged in user.
So I believe when they first enter the site and then leaves to login and enters the site again those are two different sessions am I right? and that's the reason the stored data using session state (through SQL Server) is not present when they come back after login am I right? if this is true what would be the best approach then? if not then I'm doing something wrong storing temp data right?
Thanks
UPDATE:
I have discovered that HttpContext.Application state works keeping the data, still I'm not sure if it's a good idea to use it in a controller considering it's in Azure, will it work on production properly??
You can pass state around in the WS-Federation redirect sequence using the wctx URL parameter. In the action that handles the initial POST request, you should get hold of the form parameter you want to keep, then redirect to you identity provider selection page (this will have to be a custom page) with the form parameter appended to the URL. When the user selects an IP on your page, you can pass the parameter on again using the wctx parameter. The WS-Federation passive requestor profile says that this should be returned to you eventually when the IP redirects the user back to your site.
This has some details
http://msdn.microsoft.com/en-us/library/bb608217.aspx
Edit: To get the wctx parameter out of the request when the user finally comes back to your app. Put something like this in the action code:
var fam = FederatedAuthentication.WSFederationAuthenticationModule;
if (fam.CanReadSignInResponse(System.Web.HttpContext.Current.Request, true))
{
string wctxValue = this.HttpContext.Request.Form["wctx"];
}
My preference is to have the wcxt parameter represent a redirect URL (URL encoded) with your parameter as a query parameter in that so it be a URL encoded version of this:
wctx=https://yourserver/yourapp/yourpage?yourparameter=foo
Then the action that was receiving the redirect from the ACS would simply pull out the value of wctx and do a redirect to it without any more processing. This keeps things simple.
Another approach would be to save whatever data you need to pass around in the Database, and just pass around some ID that refers back to the database record. You'll pass this ID to IP and back through wctx (as Mike mentioned above).
This will solve the issue of limited length of URLs (in case your data is very large). Of course you would need to manage deletion of this data, but this shouldn't be hard.