Search Results

Search found 25663 results on 1027 pages for 'script programmer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 544/1027 | < Previous Page | 540 541 542 543 544 545 546 547 548 549 550 551  | Next Page >

  • JSP: Refresh ComboBox options

    - by framara
    Hi, There's a class 'Car' with brand and model as properties. I have a list of items of this class List<Car> myCars. I need to represent in a JSP website 2 ComboBox, one for brand and another for model, that when you select the brand, in the model list only appear the ones from that brand. I don't know how to do this in a dynamic way. Any suggestion where to start? Thanks Update Ok, what I do now is send in the request a list with all the brand names, and a list of the items. The JSP code is like: <select name="manufacturer" id="id_manufacturer" onchange="return getManufacturer();"> <option value=""></option> <c:forEach items="${manufacturers}" var="man"> <option value="${man}" >${man}</option> </c:forEach> </select> <select name="model" id="id_model"> <c:forEach items="${mycars}" var="car"> <c:if test="${car.manufacturer eq man_selected}"> <option value="${car.id}">${car.model}</option> </c:if> </c:forEach> </select> <script> function getManufacturer() { man_selected = document.getElementById('id_manufacturer').value; } </script> How do I do to refresh the 'model' select options according to the selected 'man_selected' ?

    Read the article

  • Learning to think in the Object Oriented Way

    - by SpikETidE
    Hi Everyone.... I am a programmer trying to learn to code in the object oriented paradigm... I mainly work with PHP and i thought of learning the zend framework... So, felt I need to learn to code in OO PHP.... The problem is, having done code using functions for quite a long time, i just can't get my head to think in the OO way.... Also felt that probably I am not the only one facing this problem since the beginning of time... So, how did you people learn object oriented programming... especially how did you succeed in "unlearning" to code using functions... and learn to see you code as objects...? Is there any good resource books or sites where one could find help...?? Thanks for sharing your knowledge and experiences...

    Read the article

  • Why this class assignment is not working in IE

    - by user550750
    I've wrote this peice of code, this works fine in FF and Chrome but not in IE. Why is it? <html> <header> <style type="text/css"> .red{ color: red; } .green{ color: green; } .yellow{ color: yellow; } </style> </header> <body> <div id="mydiv" style="height: 50px">Some contents</div> <div> <input type="radio" value="1" name="change" onclick="onClick(this)">Red</input> <input type="radio" value="2" name="change" onclick="onClick(this)">Green</input> <input type="radio" value="3" name="change" onclick="onClick(this)">Yellow</input> </div> <script type="text/javascript"> function onClick(el){ var className = ""; if(el.value == 1){ className = "red"; }else if(el.value == 2){ className = "green"; }else if(el.value == 3){ className = "yellow"; } document.getElementById("mydiv").setAttribute("class", className); } </script> </body> </html>

    Read the article

  • Looking to eventually build a smartphone app...

    - by Brian L
    Hi all- I'm a young, inexperienced programmer (I've had a year of Java, some MATLAB, and HTML/CSS in school) but I've decided that to get better, I'm making it my goal to produce a simple smartphone app of some kind this year- probably either webOS or Android since I'm on a PC and can't afford a Mac just to write an iPhone app. So my question is, where do I start? I've read the threads about How to Write for Android and such, but I'm not sure I have enough Java experience to just jump right in. And then there's webOS which is based on JavaScript, correct? I guess I'd just like some input from more experienced folks. I have some Barnes and Noble book credit I'm looking to get rid of too, so if there's a guide you think would be useful, feel free to request. tl;dr: Programming newbie ultimately wants to build a simple smartphone app. Where do I start?

    Read the article

  • html select execute javascript onload

    - by portoalet
    I am using HTML select onchange event to fire another javascript function func1. This html select is written into a form element, which are dynamically generated when users click on a button. The problem is how can I fire the javascript func1 when the dynamically generated form is first shown ? I am thinking of something along the line of on_first_show event for form ? Here is the snippet. I couldnt get the alert('don') to work either (the one just after div) var sPopupContents = "<div ><script type='text/javascript'>alert('don');</script> </div>"; // this javascript is not executed ? I cant get the alert. sPopupContents += "<form name='theform' >"; sPopupContents += "<select name='theselect' onchange='alert(2);"; sPopupContents += "func1()>'"; sPopupContents += "<option value='0' selected='selected'>Value1</option><option value='1'>Value2</option><br/>"; sPopupContents += "</form>";

    Read the article

  • Rank Source Control Options-VSS vs CVS vs none vs your own hell

    - by Roman A. Taycher
    It seems like a lot of people here and on many programmer wikis/blogs/ect. elsewhere really dislike VSS. A lot of people also have a serious dislike for cvs. In many places I have heard a lot of differing opinions on whether or not using VSS or cvs is better or worse then using no source control, please rate the worst and explain why!!!!! you rated them this way. Feel free to throw in your own horrible system in the rankings. If you feel it depends on the circumstances try to explain the some of the different scenarios which lead to different rankings. (note:I see a lot of discussion of what is better but little of what is worse.) second note: while both answers are nice I'm looking less for good replacements and more for a comparison of which is worse and more importantly why!

    Read the article

  • Any solution to IE8 bug rendering error when hiding elements?

    - by Magnar
    Bug: when hiding an element with JavaScript in IE8, the margin of still-visible other elements on the side is ignored. This bug has been introduced with IE8, since it works as expected in IE6+7 (and other browsers). <html> <head> <style> #a, #b, #c, #d {background: #ccf; padding: 4px; margin-bottom: 8px;} </style> </head> <body> <div id="a">a</div> <div id="b">b</div> <div id="c">c</div> <div id="d">d</div> <script> setTimeout(function () { document.getElementById("b").style.display = "none"; }, 1000); </script> </body> </html> When running this code, notice how a and c have a margin of 8 between them in normal browsers, but a margin of 0 in IE8. Remove the padding, and IE8 behaves like normal. Remove the timeout and IE8 behaves like normal. A border behaves the same way. I've been working with IE-bugs the last 10 years, but this has me stumped. The solution for now is to wrap the divs, and apply the margin to the outer element and other styles to the inner. But that's reminicent of horrible IE6-workarounds. Any better solutions?

    Read the article

  • A dynamic array of a class, inside another separate class?

    - by pinnacler
    I'm working on a robot localization simulator and I created a class called "landmark". The end result is going to be a robot that is always centered and always faces the top of the screen. As it turns, the birds eye view map will rotate around the robot. To accomplish this, I'm assuming I can rotate one class and have all elements inside rotate as well. So, the landmark class has properties x,y, label, and radius. This is suppose to simulate a tree location in a forest. To test everything, I need "forest data," and I wrote a script to generate 100 trees in a 100m x 100m area. The script automatically generates values within an acceptable range for x,y, radius. The generated data is stored in an object called tempForest and is 100x3. Ideally, I want to create a class called "landmarks" (plural) that has 100 landmark instances inside. How would I instantiate 100 instances of landmark in one instance of landmarks using that randomly generated data? Ideally, I'd just type treeBeacons = landmarks(); and it would randomly populate 100 (user definable, set in config file) instances with x, y, radius data. I'm not sure how to deal with a dynamic array of class "Landmark", inside another single class "landmarks." Any ideas?

    Read the article

  • How do I use a jQuery not selector to select relative URLs?

    - by Matt
    I'm working on a little jQuery script to add Google Analytics pageTracker onclick data to all relative URLs on my forum, allowing me to track clicks to external sites. I don't want to add the onclick to internal links on forum.sitename or sitename, and I don't want to add them to any hrefs marked # or that start with /. My script below works nicely, but for one minor problem! All of the forum's URLs are relative and don't start with /. I appear to have no way to change that, so need to modify the jQuery below to prevent it adding the onclick to links like as it currently does. What I want to do, is to write a .not() function like .not("[href!^=http") to prevent jQuery from adding the onclick to any hrefs which do not start with http. However, .not() appears not to support this. I'm new to jQuery and can't figure this out. Any pointers would be massively appreciated. $(document).ready(function(){ // Get URL from a href var URL = $("a").attr('href'); // Add pageTracker data for GA tracking $("a") .not("[href^=#]") .not("[href^=http://forum.sitename]") .not("[href^=http://www.sitename]") .attr("onclick","pageTracker._trackEvent('Outgoing_Links', 'Forum', " + URL + ");") ; }); Thanks!

    Read the article

  • How to code for Alternate Course AKA Rainy Day Scenary?

    - by janetsmith
    Alternate course is something when user doesn't do what you expected, e.g. key in wrong password, pressing back button, or database error. For any programming project, alternate course accounts for more than 50% of a project timeline. It is important. However, most computer books only focus on Basic Course (when everything goes fine). Basic course is rather simple, compared to Alternate course, because this is normally given by client. Alternate course is what we, as a programmer or Business Analyst needs to take care of. Java has some built-in mechanism (try-catch) to force us to handle those unexpected behavior. The question is, how to handle them? Any pattern to follow? Any guideline or industry practice for handling alternate course?

    Read the article

  • How to use WebSockets refresh multi-window for play framework 1.2.7

    - by user2468652
    My code can work.But only refresh a page of one window. If I open window1 and window2 , both open websocket connect. I keyin word "test123" in window1, click sendbutton. Only refresh window1. How to refresh window1 and window2 ? Client <script> window.onload = function() { document.getElementById('sendbutton').addEventListener('click', sendMessage,false); document.getElementById('connectbutton').addEventListener('click', connect, false); } function writeStatus(message) { var html = document.createElement("div"); html.setAttribute('class', 'message'); html.innerHTML = message; document.getElementById("status").appendChild(html); } function connect() { ws = new WebSocket("ws://localhost:9000/ws?name=test"); ws.onopen = function(evt) { writeStatus("connected"); } ws.onmessage = function(evt) { writeStatus("response: " + evt.data); } } function sendMessage() { ws.send(document.getElementById('messagefield').value); } </script> </head> <body> <button id="connectbutton">Connect</button> <input type="text" id="messagefield"/> <button id="sendbutton">Send</button> <div id="status"></div> </body> Play Framework WebSocketController public class WebSocket extends WebSocketController { public static void test(String name) { while(inbound.isOpen()) { WebSocketEvent evt = await(inbound.nextEvent()); if(evt instanceof WebSocketFrame) { WebSocketFrame frame = (WebSocketFrame)evt; System.out.println("received: " + frame.getTextData()); if(!frame.isBinary()) { if(frame.getTextData().equals("quit")) { outbound.send("Bye!"); disconnect(); } else { outbound.send("Echo: %s", frame.getTextData()); } } } } } }

    Read the article

  • Which ORM to use?

    - by Paja
    I'm developing an application which will have these classes: class Shortcut { public string Name { get; } public IList<Trigger> Triggers { get; } public IList<Action> Actions { get; } } class Trigger { public string Name { get; } } class Action { public string Name { get; } } And I will have 20+ more classes, which will derive from Trigger or Action, so in the end, I will have one Shortcut class, 15 Action-derived classes and 5 Trigger-derived classes. My question is, which ORM will best suit this application? EF, NH, SubSonic, or maybe something else (Linq2SQL)? I will be periodically releasing new application versions, adding more triggers and actions (or changing current triggers/actions), so I will have to update database schema as well. I don't know if EF or NH provides any good methods to easily update the schema. Or if they do, is there any tutorial how to do that? I've already found this article about NH schema updating, quoting: Fortunately NHibernate provides us the possibility to update an existing schema, that is NHibernate creates an update script which can the be applied to the database. I've never found how to actually generate the update script, so I can't tell NH to update the schema. Maybe I've misread something, I just didn't found it. Last note: If you suggest EF, will be EF 1.0 suitable as well? I would rather use some older .NET than 4.0.

    Read the article

  • jquery animate from object center

    - by mtwallet
    Hi. I am trying to create a product viewer similar to the one at the bottom of this page http://www.logitech.com/en-gb/. As you can see the product animates from the center rather than top left which I think is Jquery's default. So what I am doing is trying animate the width and height and then also the offset to make it look like it animates from the center. My code looks like this: <style> body { background: black; } .box { background: #fff url('pic.jpg') no-repeat 0 0; width: 200px; height: 200px; margin: 10px 4%; float: left; } </style> <script type="text/javascript"> $(document).ready(function() { $(".box").hover(function() { $(".box").not(this).fadeTo(500, 0.5); $(this).animate({ width: 300, height: 300, left: -100, top: -100 }, 500); }, function() { $(this).animate({ width: 200, height: 200, left: 100, top: 100 }, 500); $(".box").fadeTo(500, 1); }); }); </script> I cannot seem to get this working as I want. Can anyone help with this or suggest a better technique? Many thanks

    Read the article

  • Resizing a container when child's visibility is changed?

    - by deux11
    When I set the visible property to false for a child in a container, how can I get the container to resize? In the example bellow, when clicking on "Toggle", "containerB" is hidden, but the main container's scrollable area is not resized. (I do not want to scroll through a lot of empty space.) <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml"> <mx:Script> <![CDATA[ public function toggle():void { containerB.visible = !containerB.visible; } ]]> </mx:Script> <mx:VBox height="300" width="200" horizontalAlign="center"> <mx:Button label="Toggle" click="toggle()" width="200"/> <mx:VBox id="containerA" height="400" width="150" horizontalAlign="center"> <mx:Button label="A" height="400" width="100"/> </mx:VBox> <mx:VBox id="containerB" height="400" width="150" horizontalAlign="center"> <mx:Button label="B" height="400" width="100"/> </mx:VBox> </mx:VBox>

    Read the article

  • Flash - Http service bound to a button can be used only once ?

    - by SAKIROGLU Koray
    I have a flex project, in one of the screen of my UI, I create a HTTP service that call a "doGet" J2EE servlet through the GET method; and I bind the service call to a button. The service print log to system.out so I know when it is run. The problem I have is, when I click said button the first time, the servlets do what it is supposed to do, and print the stack to system.out, but if I click another time, nothing happens. Any idea what might be the cause ? Here's the flex code (code and service has been generated by Eclipse flex plugin) <mx:Script> <![CDATA[ protected function button_clickHandler(event:MouseEvent):void { LaunchSimulResult.token = simulation.LaunchSimul(); } ]]> </mx:Script> <mx:Canvas> ... <mx:Button label="Simulation" id="button" click="button_clickHandler(event)"/> .. </mx:Canvas> <mx:CallResponder id="LaunchSimulResult"/> <simulation:Simulation id="simulation" fault="Alert.show(event.fault.faultString + '\n' + event.fault.faultDetail)" showBusyCursor="true"/>

    Read the article

  • Apache ReWriteEngine throwing 500 Internal Server Error for too many internal redirects... why?!?!?!

    - by Stephen G
    I'm trying to implement a new ReWrite rule on my local dev machine. I have 13 rules set up already, and all work fine (even as of this writing). However, for some reason the newest one is throwing me 500 Internal Server Errors. The ReWrite rule is: RewriteRule stuff/public_html/vault/mystuff/view/(.*) /stuff/public_html/vault/mystuff/view/index.php?stuff=$1 RewriteRule stuff/public_html/vault/mystuff/view/(.*)/ /stuff/public_html/vault/mystuff/view/index.php?stuff=$1 Checked my apache logs and got this: [Thu Jan 13 22:07:43 2011] [error] [client ::1] mod_rewrite: maximum number of internal redirects reached. Assuming configuration error. Use 'RewriteOptions MaxRedirects' to increase the limit if neccessary., referer: http://localhost:8888/stuff/public_html/vault/mystuff/all/index.php?curr=7 On the script I am trying to redirect to view/index.php?stuff=$1, there is nothing that even remotely resembles a redirect of any kind. I do have a very, very basic session verifier being called at the top of the landing script, which is as follows: //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { header("location: ".$root_http.""); exit(); } However, when I access the page directly, it acts as it should, and there is no redirect. All of my other ReWrite rules and their corresponding landing pages are set up the exact same way. This is blowing my mind. Any help, PLEASE!?

    Read the article

  • making clean page via page.tpl.php

    - by user360051
    I have a Drupal module creating a page via hook_menu(). I am trying to make it so the page has no extraneous html output, only what I want. You can view the page here, http://www.thomashansen.me/chat/thomas. If you look at the source, you can see a strange script tag at the end. My page-chat.tpl.php looks like this, <?php // $Id$ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php print $language->language ?>" lang="<?php print $language->language ?>" dir="<?php print $language->dir ?>"> <head> </head> <body> <?php print $content; ?> </body> </html> Where is that script tag coming from? and how do I get rid of it? If you need more information just ask.

    Read the article

  • Most efficient way to update a MySQL Database on a Linux host with that of an ASP.Net Form on Window

    - by NJTechGuy
    My kind webhost (1and1) royally asked me to go elsewhere to do something like this. I have 2 sites. One of them was developed by a .Net programmer. Now I am contracted to implement a PHP site and fetch data from the .Net site. There is an ASP.Net form that a customer fills and when they hit submit, the data gets stored in SQL Server DB. How do I also store the same data in MySQL parallelly? I cannot directly use some database connectors with ASP.Net since MySQL connectivity is not supported on 1and1 Windows hosting (biz account, no less!). What I thought of is to publish an RSS feed of entries in ASP.Net site and routinely scrape that data into MySQL on Linux host. It is an overkill, I know. Not efficient. I thought I would pick the best brains on SOF to get a different, efficient opinion. Thanks in advance guys...

    Read the article

  • jQuery AJAX Redirection problem

    - by meosoft
    Hello please consider this: On page A I have a link that takes you to page B when JS is off, but when JS is on, I want to replace content on current page with content from the page B. Pages A and B are in fact the same script that is able to tell AJAX calls from regular ones and serve the content appropriately. Everything works fine, as long as there are no redirects involved. But, sometimes there is a 301 redirect and what seems to be happening is that client browser then makes a second request, which will return with a 200 OK. Only the second request is sent without a X-Requested-With header, therefore I cannot tell within my script wether it came from AJAX or not, and will send a complete page instead of just the content. I have tried checking for 301 status code in my error, success, and complete handlers but none of them worked. It seems to be handling the 301 behind the scenes. Could anyone help me with this? jQuery 1.4, PHP 5 Edit: People requested the code to this, which I didn't think was necessary but here goes: // hook up menu ajax loading $('#menu a').live("click", function(){ // update menu highlight if($(this).parents('#menu').size() > 0){ $("#menu>li").removeClass("current_page_item"); $(this).parent().addClass("current_page_item"); } // get the URL where we will be retrieving content from var url = $(this).attr('href'); window.location.hash = hash = url; $.ajax({ type: "GET", url: url, success: function(data){ // search for an ID that is only present if page is requested directly if($(data).find('#maincontent').size() > 0){ data = $(data).find('#maincontent .content-slide *').get(); } // the rest is just animating the content into view $("#scroller").html(data); $('.content-slide').each(setHeight); $('.content-slide').animate({ left: "0px" }, 1000, 'easeOutQuart', function(){ $('#home').css("left", "-760px").html(data); $('#scroller').css("left", "-760px"); $('.content-slide').each(setHeight); } ); } }); return false; });

    Read the article

  • start-stop-daemon quoted arguments misinterpreted

    - by Martin Westin
    Hi, I have been trying to make an init script using start-stop-daemon. I am stuck on the arguments to the daemon. I want to keep these in a variable at the top of the script but I can't get the quotations to filter down correctly. I'll use ls here so we don't have to look at binaries and arguments that most people wont know or care about. The end result I am looking for is for start-stop... to run ls -la "/folder with space/" DAEMON=/usr/bin/ls DAEMON_OPTS='-la "/folder with space/"' start-stop-daemon --start --make-pidfile --pidfile $PID --exec $DAEMON -- $DAEMON_OPTS Double escaping the options and trying innumerable variations of quotations do not help... Then they end up at the daemon they are always messed up. Enclosing $DAEMON_OPTS in quotes changes things... then they are seen as one since quote... never the right number though :) Echoing the command-line (start-stop...) prints exactly the right stuff to screen. But the daemon (the real one, not ls) complains about the wrong number of arguments. How do I specify a variable so that quotes inside it are brought along to the daemon correctly? Thanks, Martin

    Read the article

  • CSS style refresh in IE after dynamic removal of style link

    - by rybz
    Hi! I've got a problem with the dynamic style manipulation in IE7 (IE8 is fine). Using javascript I need to add and remove the < link / node with the definition of css file. Adding and removing the node as a child of < head / works fine under Firefox. Unfortunately, after removing it in the IE, although The tag is removed properly, the page style does not refresh. In the example below a simple css (makes background green) is appended and removed. After the removal in FF the background turns default, but in IE stays green. index.html <html> <head> </head> <script language="javascript" type="text/javascript"> var node; function append(){ var headID = document.getElementsByTagName("head")[0]; node = document.createElement('link'); node.type = 'text/css'; node.rel = 'stylesheet'; node.href = "s.css"; node.media = 'screen'; headID.appendChild(node); } function remove(){ var headID = document.getElementsByTagName("head")[0]; headID.removeChild(node); } </script> <body> <div onClick="append();"> add </div> <div onClick="remove();"> remove </div> </body> </html> And the style sheet: s.css body { background-color:#00CC33 } Here is the live example: http://rlab.pl/dynamic-style/ Is there a way to get it working?

    Read the article

  • php mailer attachments

    - by Matthew
    I have been using this script to send emails to certain staff but because of changes to my system i have to now send attachements with the email and i have tried multipul peices of code to accomplish this but have been unsuccessful... I still recive the email but without the attachement which is quite pointless in this case i have placed the script i am using bellow i have removed the real addresses i was using and smtp server require("PHPMailer/class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsSMTP(); // set mailer to use SMTP $mail->Host = "SMTP.SErver.com"; $mail->From = "[email protected]"; $mail->FromName = "HCSC"; $mail->AddAddress("[email protected]", "Example"); $mail->AddReplyTo("[email protected]", "Hcsc"); $mail->WordWrap = 50; $mail->IsHTML(false); $mail->Subject = "AuthSMTP Test"; $mail->Body = "AuthSMTP Test Message!"; $mail->AddAttachment("matt.txt"); //this is basicly what i am trying to attach as a test but will be using excel spreadsheets in the production if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } echo "Message has been sent"; i have also tried a few other emtods of attaching the file but none seem to work any help is greatly appricated

    Read the article

  • Nokogiri changing custom elements

    - by dagda1
    Hi, I have sample html that I have marked up with some special tags that will be used by a different program, an example of the html is below. You should note the <START:organization>..<END> elements. <html> <head/> <body> <ul> <li> <START:organization> Advanced Integrated Pest Management <END> </li> <li> <START:organization> American Bakers Association <END> </li> </ul> </body> </html> I wanted to use nokogiri to preprocess the html to easily remove irrelevant tags like <script>. I created the following extension to the nokogiri document class: module Nokogiri module HTML class Document def prepare_html xpath("//script").remove to_html.remove_new_lines end end end end The problem is that nokogiri is changing the <START:organization> element to <organization>. Is there anyway that I can preserve the htnl to maintain my custom markup tags? Thanks Paul

    Read the article

  • PHP curl timing mismatch

    - by JonoB
    I am running a php script that: queries a local database to retrieve an amount executes a curl statement to update an external database with the above amount + x queries the local database again to insert a new row reflecting that the curl statement has been executed. One of the problems that I am having is that the curl statement takes 2-4 seconds to execute, so I have two different users from the same company running the same script at the same time, the execution time of the curl command can cause a mismatch in what should be updated in the external database. This is the because the curl statement has not yet returned from the first user...so the second user is working off incorrect figures. I am not sure of the best options here, but basically I need to prevent two or more curl statements being run at the same time. I thought of storing a value in the database that indicates that the curl statement is being executed at that time, and prevent any other curl statements being run until its completed. Once the first curl statement has been executed, then the database flag is updated and the next one can run. If this field is 'locked', then I could loop through the code and sleep for (5) seconds, and then check again if the flag has been reset. If after (3) loops, then reset the flag automatically (i've never seen the curl take longer than 5 seconds) and continue processing. Are there any other (more elegant) ways of approaching this?

    Read the article

  • PHP check http referer for form submitted by AJAX, secure?

    - by Michael Mao
    Hi all: This is the first time I am working for a front-end project that requires server-side authentication for AJAX requests. I've encountered problems like I cannot make a call of session_start as the beginning line of the "destination page", cuz that would get me a PHP Warning : Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\comic\app\ajaxInsert Book.php:1) in C:\xampp\htdocs\comic\app\common.php on line 10 I reckon this means I have to figure out a way other than checking PHP session variables to authenticate the "caller" of this PHP script, and this is my approach : I have a "protected" PHP page, which must be used as the "container" of my javascript that posts the form through jQuery $.ajax(); method In my "receiver" PHP script, what I've got is: <?php define(BOOKS_TABLE, "books"); define(APPROOT, "/comic/"); define(CORRECT_REFERER, "/protected/staff/addBook.php"); function isRefererCorrect() { // the following line evaluates the relative path for the referer uri, // Say, $_SERVER['HTTP_REFERER'] returns "http://localhost/comic/protected/staff/addBook.php" // Then the part we concern is just this "/protected/staff/addBook.php" $referer = substr($_SERVER['HTTP_REFERER'], 6 + strrpos($_SERVER['HTTP_REFERER'], APPROOT)); return (strnatcmp(CORRECT_REFERER, $referer) == 0) ? true : false; } //http://stackoverflow.com/questions/267546/correct-http-header-for-json-file header('Content-type: application/json charset=UTF-8'); header('Cache-Control: no-cache, must-revalidate'); echo json_encode(array ( "feedback"=>"ok", "info"=>isRefererCorrect() )); ?> My code works, but I wonder is there any security risks in this approach? Can someone manipulate the post request so that he can pretend that the caller javascript is from the "protected" page? Many thanks to any hints or suggestions.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 540 541 542 543 544 545 546 547 548 549 550 551  | Next Page >