How to Password Protect Index.html Only? [duplicate] - html

This question already has answers here:
password protect a single file using .htaccess
(2 answers)
Closed 2 years ago.
So, I have a website that has so many forms/surveys pages , not at the main index.html , but can be accessed by buttons that are inside my "index.html"
What I m looking for is, users can access forms/surveys pages but not the main home page by simply typing ( ex: example.com )
I know a website which when I visit requires me to enter a key to acces the page , I don't know if it's login function since it doesn't require any kind of registration, anyone with that key can visit that website.
For instance let's assume this is inside my main index.html and by clicking button I can visit forms to get shareable url to share forms with someone
<form method="get" action="/form1.html">
<button type="submit">this takes me to form1 page</button>
</form>
<form method="get" action="/form2">
<button type="submit">this takes me to form 2 page</button>
</form>
I don't want users to go to any forms/surveys pages which can be accessed by buttons in main index.html
That's why I want to Password Protect my index.html only but not it pages
Please help me out

As mentioned, This is not possible with HTML alone.
is the standard markup language for documents designed to be displayed in a web browser. It can be assisted by technologies such as Cascading Style Sheets (CSS) and scripting languages such as JavaScript.
CSS will give it some looks,
Javascript will give it some logic.
You can prompt the user for a password on page load and verify it and act accordingly. Only problem is as mentioned by #LosManos is that you'd be exposing your password in your HTML which will be visable by anyone. This is a big NO NO
That been said, Below is a proof of concept (unsecured). You could use the same logic by sending password() function to backend (your server code). - Just keep poping prompt untill it resovles.
Prompt will block all handlers in page untill resolved, thus page will be protected until password handled.
window.onload = () => {
password();
}
function password() {
let p = prompt('password:');
(p === 'password') ? true : password();
}
<form method="get" action="/form1.html">
<button class='btn' type="submit">this takes me to form1 page</button>
</form>
<form method="get" action="/form2">
<button class='btn' type="submit">this takes me to form 2 page</button>
</form>
But again as mentioned, you'd have to build a backend logic to handle prompt and respond even if not using a user authentication sys. FWIW it should look somehow, (although the next code block isn't tested and is for conceptualizing, of course), like:
function password() {
let p = prompt('password:');
fetch('/path/to/check/password', {body: {pass: p}}).then(res => {
if (res) {
return;
} else {
password();
}
});
}
When '/path/to/check/password' verifies the password and returns true/false from server, or something alike.

Related

Clicking on the htmlunit button is not responding. Help me

The configuration of the environment is as follows.
java 1.8
htmlunit 2.43
_webClient = new WebClient(BrowserVersion.FIREFOX);
// ajax, javaScript controller
_webClient.setAjaxController(new NicelyResynchronizingAjaxController());
// set options
_webClient.getOptions().setJavaScriptEnabled(true);
_webClient.getOptions().setCssEnabled(false);
_webClient.getOptions().setUseInsecureSSL(true);
_webClient.getOptions().setSSLClientProtocols( _webClient.getOptions().getSSLClientProtocols() );
//_webClient.getOptions().setSSLClientProtocols(new String[] {"TLSv1.2", "TLSv1.1", "TLSv1" });
_webClient.getOptions().setRedirectEnabled(true);
_webClient.getOptions().setPopupBlockerEnabled(false);
_webClient.getOptions().setThrowExceptionOnScriptError(false);
_webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
_webClient.getOptions().setPrintContentOnFailingStatusCode(false);
_webClient.waitForBackgroundJavaScript(10000);
// set timeouts
_webClient.getOptions().setTimeout( timeout *1000 );
_webClient.setJavaScriptTimeout( timeout *1000 );
_webClient.waitForBackgroundJavaScript( timeout *500 );
//_webClient.getJavaScriptEngine().setJavaScriptTimeout( timeout *1000 );
_webClient.waitForBackgroundJavaScriptStartingBefore(timeout *1000);
_webClient.getCookieManager().setCookiesEnabled(true);
The above is my environment.
Below is the HTML Element I want to click on.
<div class="btnConfirmWrap">
<button data-v-ffa8b1e8=""
class="hasBgColor bgColorRed roundType sizeMedium alignLeft">
<span data-v-ffa8b1e8="" class="inner"> <!----> <span
data-v-ffa8b1e8="" class=""> Login </span>
<!----></span>
</button>
</div>
This is the code for clicking on the html element mentioned above.
The content of the XPath is the fullXpath of the web page obtained by accessing Chrome.
I checked the XPath path myself. XPath wasn't wrong.
hElement = getByXPathFirstElement( _htmlPage,"/html/body/div[1]/main/div/div[1]/div/div[4]/button");
Page page = hElement.click();
_htmlPage = (HtmlPage) page;
System.out.println(_htmlPage.asText());
I checked that _htmlPage.asText() had ID and PW values ​​before clicking the login button.
However, if you click the button, the login button function is not executed and the ID and PW values ​​are lost. ID and password are correct values.
Can't log in, help me
It works very well if you directly access the site and log in. But htmlunit doesn't work. What's wrong with my code?
Without a way to reproduce i can only provide some hints:
As always check the logs, mabey there is a hint....
These two functions are not options
_webClient.waitForBackgroundJavaScript( timeout *500 );
_webClient.waitForBackgroundJavaScriptStartingBefore(timeout *1000);
You have to call them after you have started an action (e.g. after the click)
Page page = hElement.click();
_htmlPage = (HtmlPage) page;
Your code gets thy sync resulting page form the click. But maybe you click forces some js actions and maybe the action is async and maybe the action forces a page replace. You can try to do something like this:
force the click
wait for background js
get the current window content by asking the page for the current window and then asking the window for the enclosed page
Maybe this helps.
If not try to build a reproducible sample and open a issue at github.

Which Captcha or related is easy to is install on form?

I am a newbie to programming and I already struggled a lot for a week to have a fully functional form that validates, stores data, and then redirects.
Please let me know about a captcha that is easy to install and doesn't mess up my code resulting in data not being sent to PHP which javascript did to me.
A very cheap way of doing a quick and dirty check could be something like this:
<form name="form" method="post">
<!-- your other form fields -->
<input type="text" id="title" name="title" value="somethingsomething">
<input type="submit" value="send">
</form>
You can make the field invisible and choose a name, that a bot would definitely fill out. Choose anything meaningful just not something like "antispam" or the like.
input#title {
visibility: hidden;
height: 0;
width: 0;
}
And then just check if the input field got set:
<?php
if (isset($_POST["title"])) {
// a bot had filled the field now, do something
}
?>
The concept is called "honeypot". You can also check out this stackoverflow post here:
Better Honeypot Implementation (Form Anti-Spam)
You can use the google cpatcha.
You do not have to code at all
Procedure
1.Log on to your Google account.
2.Access https://www.google.com/recaptcha/adminInformation published on non-SAP site from your browser.
3.Select the Invisible reCAPTCHA radio button.
4.Register your domain.
Remember
Your domain is the URL of your Identity Authentication tenant. It has the <tenant ID>.accounts.ondemand.com pattern.
Tenant ID is automatically generated by the system. The first administrator created for the tenant receives an activation e-mail with a URL in it. This URL contains the tenant ID.
5.Save your Site key and your Secret key. You need them for the configuration steps in the administration console for Identity Authentication.
Source of answer
[Try this
The best CAPTCHA codes
No CAPTCHA reCAPTCHA
Image CAPTCHA
add a CAPTCHA to your website
][1]
document :- url [1]: https://internet.com/website-building/how-to-add-a-captcha-to-your-website/
Try this:
Register an hcaptcha account and follow it's instructions.
Add <script src="https://hcaptcha.com/1/api.js" async defer></script> to your head if you have not already done so
Add <div class="h-captcha" id="captcha" data-sitekey="INSERT SITEKEY HERE" data-theme="dark"></div> (Leave data-theme="dark" in for dark theme).
In your form tag, add onsubmit="return checkCaptcha()" as an attribute, like so: <form onsubmit="return checkCaptcha()">
Add the function below to your JS code:
function checkCaptcha() {
if (hcaptcha.getResponse() == "") {
return false;
} else {
return true;
}
}

laravel blade form not routing to a named route

I am new to named routing in Laravel 5.5 and I am facing a strange thing while trying to perform an action of a form;
Setups and Explanations:
I set up my routes in web.php
Route::post('questions/save_bulk', 'QuestionsController#save_bulk')->name('save_bulk');
Route::post('questions/store_bulk', 'QuestionsController#store_bulk')->name('store_bulk');
Then I set up store_bulk and save_bulk in QuestionsController:
public function store_bulk(Request $request)
{
//$x = some DB::selects statements;
return view('questions.store_bulk', ['x'=> $x]);
}
public function save_bulk(Request $request){
dd($request);
}
And finally this is my blade form in questions.store_bulk which should lead to QuestionsController.save_bulk:
<form method="post" action="{{route('save_bulk')}}">
{{csrf_field()}}
/* some codes and input fields */
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit"/>
</div>
</form>
Problem
The problem is that when I submit this form, instead of taking me to the desired route and perform dd($request), it is just refreshing the page without the inputs I had as if Laravel took the last post form which returned the view questions.store_bulk.
Though this is the exact same way I used to get into the view questions.store_bulk in the first place, a strange thing occurs: when I try to inspect elements in the blade page I get the following:
<form method="post" action="http://127.0.0.1:8000/questions/store_bulk">
/* some codes and inputs */
</form>
in the codes the route should go to QuestionsController.save_bulk but when inspecting the HTML it says it goes to http://127.0.0.1:8000/questions/store_bulk, and if I inspect and change the route manually inside the HTML and write http://127.0.0.1:8000/questions/save_bulk it goes to the right route and perform dd($request).
Question
Why is this happening? am I missing something?
Note
I am using Laravel 5.5 locally on my PC preparing a website.
I've had similar issues with routing.. You can change the url.. e.g. questions/somethingelse/save_bulk.. so the urls won't clash.. Or run php artisan cache:clear or view:clear incase you implemented a page caching system

Is it possible to allow user to edit and save html template in angularjs application

I have an traditional asp.net application which reads HTML template and renders it inside div control. Using bootstrap xeditable user can edit certain parts of the template (only text). This template is later used to send emails. This functionality is working fine. Now I am rewriting this application using AngularJs and WebApi. I am using angular route to route to different pages (plain html) of the application. I am able to load the template using directive. now I want to allow user to edit the text and save the complete template so that it can be used later for sending email.
MyTemplate.html
<p>this is some text</p>
<p>this is some more text</p>
<p>this is some another text</p>
Directive
myapp.directive("customDirective", function () {
return {
templateUrl: 'MyTemplate.html'
};
});
Notify.html
<div>
<h2>{{message}}</h2>
<input type="button" ng-click="Redirect()" value="Report" />
</div>
<custom-directive></custom-directive>
I want that user should be able to edit the text in MyTemplate.html and save it as complete template for later use. Is this achievable?
Do not store it in file. Store the template in your database. Provide a default value there, so something shows if the user has not modified it yet.
In you directive, load the template from your database through your API. After you do that, append the template to the contents of your directive inside your link callback function and compile the directive (if needed).
myapp.directive("customDirective", ($compile, yourService) => {
return {
link: (scope, elem) => {
yourService.fetchTemplate().then(template => {
elem.html(template);
$compile(elem.contents())(scope);
});
}
}
});
Please make sure to sanitise your data properly. It could be fairly dangerous injecting and compiling template created by the user.
I hope this points you in the right direction.
Edit
You might not event need the $compile step. It depends on what kind of template you have in mind. If it is just a simple element without any connection to angular, simply skip the $compile line.
Edit 2 - Display the template on click
Please note the following is just a very simplified version, but it should point you in the right direction.
In your parent controller
$scope.state = {
displayTemplate: false
};
In your template
<my-template-directive ng-if="state.displayTemplate"></my-template-directive>
<button ng-click="state.displayTemplate = true">Show Template</button>

Google App : More than one HTML or script file in the same App Project? [duplicate]

This question already has answers here:
Linking to another HTML page in Google Apps Script
(3 answers)
Closed 4 years ago.
I'm a fairly seasoned web developer, so the Google Web framework with Google App Scripts looks just right for me. Unfortunately, I don't get very far before I hit a wall. Here is the largest one (right now).
Scenario: Develop a simple app to solve some a few of the programming problems I always use when I approach a new language. Put each problem on a separate page. Put the css and javascript in separate files.
This works fine initially. The first problem is a statistical mean of means problem. I found their starter template for reading data from a spreadsheet, modified the template to show the data, and went from there. CSS was simple and included in the file. It only required the initial index.html and code.gs.
But now, I want to modify index.html to add links to call OTHER HTML files, which the App project cheerfully helps me to add. I can add more .gs files as well. Great, I think. But HOW do I call them? A link requires a URL, but the only one I have is to the project. As far as I can tell, there is no way to reference a file included in the same project. I can call a function in some other library but not on another page of this one. The .gs scripts look to be serverside code. What do I do with and access client side javascript files. Or CSS files?
I found this on your site but I don't have a clue how to actually use it.
Use project Javascript and CSS files in a Google Apps Script web app?.
I've searched and searched for answers to these questions and have found very little with a real working project example.
Thanks for any help you can give me.
I think you are trying to do a similar thing to me. Basically I need a system that allows you to login then provide additional data once you have logged in. So I started out with a basic form and then hit the wall that you are talking about, where it seems to be impossible to load HTML pages.
I then noticed that you CAN send back strings, therefore you can put that string into a div(see loadPage()), therefore show different pages. Below is a simple example, including handling failures. You can then keep writing pages as you would expect. So you can pass values to the next form and the next to produce an application.
To use this, you can enter in any username and it will fail, showing up a thrown error message. If you type in fuzzyjulz as the username it with show the next page including additional information from the login process.
Code.gs
function doGet() {
return HtmlService.createTemplateFromFile('Main')
.evaluate()
.setSandboxMode(HtmlService.SandboxMode.NATIVE);
}
function onLogin(form) {
if (form.username == "fuzzyjulz") {
var template = HtmlService.createTemplateFromFile('Response');
//Setup any variables that should be used in the page
template.firstName = "Fuzzy";
template.username = form.username;
return template.evaluate()
.setSandboxMode(HtmlService.SandboxMode.NATIVE)
.getContent();
} else {
throw "You could not be found in the database please try again.";
}
}
function include(filename) {
return HtmlService.createTemplateFromFile(filename)
.evaluate()
.setSandboxMode(HtmlService.SandboxMode.IFRAME)
.getContent();
}
Main.html
<?!= include('CSS'); ?>
<script>
function loadPage(htmlOut) {
var div = document.getElementById('content');
div.innerHTML = htmlOut;
document.getElementById('errors').innerHTML = "";
}
function onFailure(error) {
var errors = document.getElementById('errors');
errors.innerHTML = error.message;
}
</script>
<div id="errors"></div>
<div id="content">
<?!= include('Login'); ?>
</div>
CSS.html
<style>
p b {
width: 100px;
display: inline-block;
}
</style>
Login.html
<script>
function onLoginFailure(error) {
var loginBtn = document.getElementById('loginBtn');
loginBtn.disabled = false;
loginBtn.value = 'Login';
onFailure(error);
}
</script>
<div class="loginPanel">
<form>
<p>
<b>Username: </b>
<input type="text" name="username"/>
</p>
<input type="button" id="loginBtn" value="Login" onclick="this.disabled = true; this.value = 'Loading...';google.script.run
.withSuccessHandler(loadPage)
.withFailureHandler(onLoginFailure)
.onLogin(this.parentNode)"/>
</form>
</div>
Response.html
<div class="text">
Hi <?= firstName ?>,<br/>
Thanks for logging in as <?= username ?>
</div>