Nik wrote:
Okay, so the next problem I ran across is automatically refreshing a page... I wamt to do something similar to SAX but based on a .txt file. I have read some of the AJAX tutorials, but they all only say things like "It's so easy, you just need to put these five lines of code in your HTML head and that's it!" totally making no sense for me, as I don't know what, how and with what they refresh...
Do you mean something like this?

Code:
<script>
  setInterval(function() {
    $("#div_element").load("load_sax.php");
  }, 100);
</script>

Instead of 100, choose any time you want.
Okay, this looks really good, but could you break it down for me please? Because I am not sure what exactly it updates, by what and whether "100" is in milliseconds...

Thanks!
Nik wrote:
Okay, this looks really good, but could you break it down for me please? Because I am not sure what exactly it updates, by what and whether "100" is in milliseconds...

Thanks!

That 100 is indeed in milliseconds. Each 100 ms a request is send to "load_sax.php" and the result (what load_sax.php displays) is now the content of div_element. The whole HTML document is now the inner part of the div with ID "div_element" (without the #!) and it gets displayed.
Sorry to say that, but your code placed in the header doesn't work...
I use the following modification (which doesn't work):

Code:
<script>
  setInterval(function() {
    $("#chat").load("chatview.php");
  }, 1000);
</script>


Also, on my end, this does not work too:

Code:
<?php
if (null === isset($_COOKIE["chat"])) {
  if (null === $_POST["nick"]) {
    $nick='Anonymous';
  } else {
    $nick=$_POST["nick"];
  }
  setcookie("chat", $nick, 60*60*24);
}
?>

It is placed before "<!DOCTYPE html>", at the very first lines... After running this, "$_COOKIE["chat"]" doesn't return anything. What is wrong?
Did you check the Javascript console for errors? Also, I don't know if this has been made clear anywhere yet, but PT_'s Javascript there uses jQuery, and I don't know if you are using jQuery.
Thank you for the reply!
KermMartian wrote:
Did you check the Javascript console for errors? Also, I don't know if this has been made clear anywhere yet, but PT_'s Javascript there uses jQuery, and I don't know if you are using jQuery.

No, I didn't know that. I am not using jQuery, and I would like to avoid libraries.

I browsed a bit on the web, I even found some pure Javascript AJAX script, but I tried to figure out what it was doing and what the arguments are, but I didn't know. Here it is:

Code:
<script>
    setInterval(refresh_logs(), 2000); // 2000 = 2 Seconds
// Well, I understand the above line and the line below... But nothing else.
   function refresh_logs()
   {
      var xmlhttp;
      if (window.XMLHttpRequest)
        {// code for IE7+, Firefox, Chrome, Opera, Safari
        xmlhttp=new XMLHttpRequest();
        }
      else
        {// code for IE6, IE5
        xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
      xmlhttp.onreadystatechange=function()
        {
        if (xmlhttp.readyState==4 && xmlhttp.status==200)
          {
           document.getElementById("logs_div").innerHTML=xmlhttp.responseText;
// Is the div id "logs_div"? Replacing that by "chat" didn't work.
          }
        }
      xmlhttp.open("POST","get_logs.php",true);
// Is the PHP file "get_logs.php"? Replacing by chatwiev.php didn't help too.
      xmlhttp.send();
   }
   </script>

From: http://stackoverflow.com/questions/31769667/refresh-div-every-two-seconds-using-ajax-without-jquery

Also (Bump) what is wrong with my own code above?
This worked for me; I replaced something at the setInterval:

Code:
<!DOCTYPE html>
<html>
   <head>
      <meta="UTF-8">
      <title>Score test</title>
   </head>
   <body>
       <div id="chat">This is the first content of my div!
        </div>
        <script>
         setInterval(function() {
            refresh_logs();
         }, 2000);
         
         function refresh_logs() {
            var xmlhttp;
               if (window.XMLHttpRequest)
              {// code for IE7+, Firefox, Chrome, Opera, Safari
                 xmlhttp=new XMLHttpRequest();
              }
               else
              {// code for IE6, IE5
                 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
              }
               xmlhttp.onreadystatechange=function()
              {
                 if (xmlhttp.readyState==4 && xmlhttp.status==200)
                   {
                       document.getElementById("chat").innerHTML=xmlhttp.responseText;
                   }
              }
               xmlhttp.open("POST","increment.php",true);
               xmlhttp.send();
         }
      </script>
   </body>
</html>

And my file increment.php looks like this:

Code:
<!DOCTYPE html>
<html>
   <head>
      <meta="UTF-8">
      <title>Increment Script</title>
   </head>
   <body>
      <?php
            $messages = array(
            'This is the first message',
            'This is the second message',
            'This is the third message'
        );
       
        echo $messages[rand(0, count($messages) - 1)];
        ?>
   </body>
</html>
That displays random text.
Thank you very much, this really works well. However, at least on chrome mobile, div#main keeps blinking every two seconds, for some reason it displays the whole array in a row for a moment and only after that it is formatted. What might be the cause? On the pre-installed android browser it works absolutely well.

Edit: For my code above, I use sessions instead of cookies and it perfectly works too!
A new task, that I guess everyone programming in php will get across:
I need to identify users reliable (So as much as possible should happen server side).

What are possible solutions? Is there a tradeoff between security and simplicity which allows me to avoid an actual login form?
Okay, so I decided to implement a login.
The problem is that I can't use HTTPS - my free host doesn't support it. I don't need super security, again, it is really nothing important. But I still don't want to send the password in plain text via HTTP...

So here is my idea:
When the password is submitted,
1) Generate a random string server side, store it and send it to the client (This is only done to keep the resulting value different every time)
2) Client side has the entered password and encrypt the random string, using the hashed password as key, send result to server
3) Server side encrypt the string with the hashed password (The hash is stored on the server, not plain text)
4) Compare both values


How (un-)safe is that? I can't think of a way this could be hacked by MITM, as neither the password is sent unencrypted, nor one can spy the correct value and re-enter it in the URL because it is different every time.
Also, how can I encrypt stuff in Javascript? I saw the CryptoJS library, but I only need that encryption on a single page and I don't want to use a whole library for a single use.
You've basically described hashing with a salt. A better way to do what you're describing would be this:
1) When the user registers, generate a salt, append to their password, hash, and store the hash and salt on your server.
2) When the user logs in, send the salt with the login form.
3) When they enter their password, append the salt, hash, and send the hashed salted password. The server can then compare passwords.

But this is no better than just sending passwords, really. The attacker can intercept the salted hashed password and just use that to log in, even if they don't know the password.
KermMartian wrote:
3) When they enter their password, append the salt, hash, and send the hashed salted password. The server can then compare passwords.

But this is no better than just sending passwords, really.
Less secure. Anybody who learns what the salted hashed password is (such as by breaking in to your database) can log in. If you transmit plaintext and hash on the server an attacker who learns the ciphertext still needs to find a hash collision.
Tari wrote:
KermMartian wrote:
3) When they enter their password, append the salt, hash, and send the hashed salted password. The server can then compare passwords.

But this is no better than just sending passwords, really.
Less secure. Anybody who learns what the salted hashed password is (such as by breaking in to your database) can log in. If you transmit plaintext and hash on the server an attacker who learns the ciphertext still needs to find a hash collision.


I'm not sure how much this will help:
[/youtube]
Okay, more than a year has passed now since I learned PHP... accidentally. Heh.
All thanks to Cemetech. This site is great, and the community never ceases to amaze me. Thanks, guys!

Well, I seriously need o get some proper webspace, but won't happen anytime soon, I fear... Sad

Anyway, here's the problem: My webhost does not allow cURL or allow_url_fopen in the free plan, and offers to suscribe to a paid one for using these. As I said, I do not intend to subscribe (at least yet), but a project I am working on needs a file from an external server. A session of googling things combined with some luck yielded a suggestion to use "Javascript integration" (see last paragraph, "If cURL does not work..."), whatever thing that is.
And despite my efforts, I found nothing on this. What do they mean? Just download the file client side and upload it via AJAX or a hidden form?
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 2 of 2
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement