...

View Full Version : URL not visible to public?



Vapor
06-01-2005, 01:04 AM
Alright,

I really don't have a clue if you would use javascript for this or not. But here we go.

I have a site where users can login. The problem that I have is that if someone types in the url they can get around the user login. Is it possible to have a user click on a link to the login page, then login and NOT display the url to that site in the address bar? This way, you must login in order to view that page.

Any ideas?

Willy Duitt
06-01-2005, 01:24 AM
Alright,

I really don't have a clue if you would use javascript for this or not. But here we go.

I have a site where users can login. The problem that I have is that if someone types in the url they can get around the user login. Is it possible to have a user click on a link to the login page, then login and NOT display the url to that site in the address bar? This way, you must login in order to view that page.

Any ideas?

Yeah... Do it correctly by using severside and sessions...
Your solution does not lie within javascript...

Vapor
06-01-2005, 01:32 AM
Well, this will probably complicate things but my user login is client-side. I am using javascript for that. This is the reason I was asking if I could either not display the url or somehow scramble it so that users can not directly go to it and bypass the login.

Thanks

Basscyst
06-01-2005, 01:54 AM
Well, if your script uses javascript for the log in, they can just by pass the log in regardless. So you may want to look into a server side language for the log in script as well.

Basscyst

Vapor
06-01-2005, 05:58 PM
So I take it there is no way to hide the url then, correct?
and also...
And even though my login uses javascript on client-side how is it possible to get around the login?

Basscyst
06-01-2005, 06:24 PM
There are a number of ways. Most obvious would be to just view the source of the page and or download the js file. There is a fairly secure javascript log in script in the post a javascript section of this forum.

Basscyst

jbot
06-01-2005, 06:32 PM
firstly, creating a site which relies on JS is plain wrong. secondly, attempting to hide the URL from users is stupid, since (a) it cannot be done, (b) even if it could be done, it would be highly immoral to screw with people's browsers simply because you were either incapable of creating a secure server-based login or just didn't know how to go about it. regardless of all this, you're wasting/have wasted your time with this already and would be better learning how to do this properly on the server. i know i sound harsh, but take it from me JS was not meant to do what your hacking it to death for.

rlemon
06-01-2005, 07:01 PM
ok, well aside from using JS for site login (and only JS) what I would do is put the entire site in a frameset. then only load the bottom frame. This will not reflect in the parent, thus the url never changes.

Vapor
06-01-2005, 08:06 PM
rlemon,

Good thinking, but I have already beat you to that. I do have my site in a frame, thus the parent site will not change and/or display the url. BUT if you look on the bottom of your browser it will say what page is being loaded which gives it away. If I can somehow hide that, I see no other way to get around the login.

Anyway to do that?

shabazmo
06-01-2005, 08:44 PM
even if you hid that it was loading, they could just right click and get the page info, like everyone is saying here, use a server side scripting language,
like php.

Vapor
06-01-2005, 09:09 PM
I have taken care of the information when you view source. It can not be seen. That is not the problem. The problem is...

Can you hide the "opening page" at the bottom of the screen when you visit a web site.

rlemon
06-01-2005, 10:03 PM
umm, the status bar is

in JS

window.status = "text";

rlemon
06-01-2005, 10:04 PM
I have taken care of the information when you view source. It can not be seen. That is not the problem. The problem is...

Can you hide the "opening page" at the bottom of the screen when you visit a web site.

and he means page info not source.

right click and 'view page info' (mozilla)
or
right click and 'properties' in IE and you can see the frame src.

I agree 100% with the other users who posted, you should be using a server side language like asp or php for this.

Vapor
06-01-2005, 10:19 PM
I agree with all of you as well. Sever-side is absolutaly 110% the way to go in order to create a secure javascript login and all that jazz.
But
I am not creating a serverside login, I am creating a client-side login.

Thanks for the help on the js though.

Vapor
06-01-2005, 11:31 PM
Alright new question.

How do I make it so that when I rest my cursor over a link, it does not display what page it is going to open?

Basscyst
06-02-2005, 01:23 AM
Vapor, this is really an excercise in futility. If your log in must be client side, use the one that is posted here (http://www.codingforums.com/showthread.php?t=10114&highlight=Login). It is about as close to it as you will come without a server side language. Otherwise, I have this really cool idea for a round thing that will roll when you put stuff on it. :p

Basscyst

rlemon
06-02-2005, 01:25 AM
ok, your comment about server side vs client side is flawed.

using javascript for your login is not secure regardless of how you look at it.

by server side login we mean only this:

using a language like PHP to validate the users and start their session upon login.
some benifits of this are,
the user can remain on the same page, but load totally different html depending on a session variable (like $_SESSION['user_permission'] )

also, another benifit of this is that the login is secure. The user will not see any of the login variables from a form post and the users information is easily attained and pumped into a database.

if you look around the net you can find 101 different php login examples.
most are for php + mySql but i'm sure you can find whatever you need.


the bottom line is, what your doing is a wasted effort. in the end your login is still not going to be as secure (assuming your using a javascript login) as a login script written in php, and, i'm almost positive, it is more code and more effort the way you are doing it.

instead of trying to recreate the wheel why not just use whats accepted and what everyone is telling you.

because obviously you do not know what you are asking for, you do not know how to ask it, or we are all idiots and don't understand you.

my guess is you don't know what your asking for and you don't know how to ask for what you want. (if that makes sense)

rlemon
06-02-2005, 01:28 AM
Vapor, this is really an excercise in futility. If your log in must be client side, use the one that is posted here (http://www.codingforums.com/showthread.php?t=10114&highlight=Login). It is about as close to it as you will come without a server side language. Otherwise, I have this really cool idea for a round thing that will roll when you put stuff on it. :p

Basscyst


OOO OOOO I THINK I KNOW THIS ONE...... IS IT..... UMMM....... UMMM......

aw darn i forgot. ohh well, i know what will keep me busy, i'l go and find some hemp and make a long maluable bar thingy... i think i'l braid it.... but to think up a name :confused:

Vapor
06-02-2005, 06:05 PM
rlemon,

I know exactly what I am asking and so does everyone else. I did not ask you if I thought that wanted me to use a php server-side login. What my question is (and has only been if I might remind you) is...


..."When I hold my cursor over a link can I hide what page is going to load when I click on that link."

I understand that server-side is more secure. But I am creating a project that I want to use client-side for.

Again (if I might add) I am NOT asking your opinon on what is safer. If I wanted to know that (which I already knew) I would have entitled this thread "What is safer, client-side or server-side login"

Now, can anyone answer my question about the link please?

Thank you,

-Vapor

Basscyst
06-02-2005, 06:12 PM
If I ask a fire eater how I can go about eating flaming swords, and he replies, you shouldn't eat flaming swords, you should just eat flaming batons. Then 5 more fire eaters come and tell me, flaming swords is not the way to go. Then, I don't heed the experienced fire eater's advice, and I go ahead and shove a flaming sword down my throat. Now that it's there I seem to have run into problems. Who am I to ask for help? Not the fire eaters.

Basscyst

P.S. Your question has already been answered in this very thread.

jbot
06-02-2005, 06:13 PM
Again (if I might add) I am NOT asking your opinon

if you're not asking for an opinion, then why post in the forum to begin with. if you don't agree with the response it's only because it's not what you want to hear.

why are you doing this anyway, is it for a college project, because no matter how hard I try, I cannot find any rationale why you'd implement this in a professional project!

Vapor
06-02-2005, 06:19 PM
I simply want to create something and I need help on it.

As for Basscyst's last post. That doesn't even make sense! I have done nothing wrong, so coming to the forums and asking for help on my project doesn't mean I'm "crawling back for help" as you have implied. I am merely asking a simple question that lacks an answer.

Vapor
06-02-2005, 06:22 PM
As soon as I get all the information I need and such I will release my site in the site review forum and let you all hack my site to death if you wish, but I am not going to release a half completed project.

Basscyst
06-02-2005, 06:23 PM
It makes perfect sense. You asked for advice, we gave it to you, you won't take it. Now you need help with something that most people don't do.

If you continue to have a client side log in, that is not secure and you are trying to protect data of any sort. You will come crawling back, or perhaps you won't and you will just have, "They told me so." going through your head.



I am merely asking a simple question that lacks an answer.


Again, your question was answered by rlemon.

Basscyst

jbot
06-02-2005, 06:28 PM
hiding the URL from users is not on. users should always be able to decide where they want to go. furthermore, the common JS methods used for obscuring a links' URL will no longer work, given that FF by default blocks the script. dunno about IE, but given XP SP2 it's prolly a safe bet that it's no longer the case either.

honestly, instead of wasting time arguing with us (those more knowledgable than you), you'd be better off researching how to do it serverside. continuing to be intransigent leads me to suspect you either don't have the skills to do it (which is fair enough, but you could still try to acquire them) or else this is a lame college project and your prof/lecturer has given you it to do and doesn't understand what he/she is doing either.

now, we're not being argumentative for the sake of it. we are genuinely trying to help you. we're giving you sound advice. if you choose to ignore it, that's your lookout, but don't get ratty with us just because it's not what you want to hear.

Vapor
06-02-2005, 06:30 PM
Dude, in your last post you stated


It makes perfect sense. You asked for advice, we gave it to you, you won't take it.

Ok, well where is this advise? My question is, "HOW can I make it so that when I put my cursor over a link it does not display what page it is going to."

Where is your advise on this? I don't see it in the forum.

Vapor
06-02-2005, 06:33 PM
Finally,

Bout time I got a decent answer from someone in the thread! jbot, youve come the closeset to answering my question then anyone else so far. I will at least thank you.

...

Basscyst
06-02-2005, 06:43 PM
What? What do you think this thread is filled with? People rambling on about nothing wasting there day? I gave you good advice which you failed to take. I understood your need for a client side log in script and directed you to one as such. I continued to explain that it is not the best way to go about making a log in. That's advice man. I don't know what you peg it as. Do to you not taking my advice I made an analogy, that perhaps might sway you to the right path, as talking in coding terms may not always due the point justice. Anyhow, Seems Jbot is right. As the window.status="", will no longer work on a link hover. So, you are up a creek. Good luck to you, and congratulations for being the first member ever on my do not help list.

Basscyst

rlemon
06-02-2005, 09:16 PM
Dude, in your last post you stated



Ok, well where is this advise? My question is, "HOW can I make it so that when I put my cursor over a link it does not display what page it is going to."

Where is your advise on this? I don't see it in the forum.

Ok, whatever man. you make your login however you want.

mouseover a link:
here is the code:
use it, release your site, have someone hack you, and come back and ask for help with a server side login. i don't care. you can find these things out on your own. i'm no longer helping you on this.

*Removes himself from the subscribers list*



<a href="whatever.html" onMouseOver="window.status='';return true;" onMouseOut="window.status='';return true;"> Link text</a>



the rest of you can have fun with this.

Vapor
06-02-2005, 09:32 PM
Thank you rlemon,

I really do appreciate it. That little tid bit of code is all that I wanted. Sorry about all of that,

Thank again,

-Vapor



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum