When users request a password reset, they get an email with a link to generate a password reset code. This link is valid for 24 hours and can be re-used within the 24 hours to generate a new code if the first is lost or forgotten. When users double click the link, two codes are getting generated, leading to user confusion about which to use (the second code invalidates the first code with the way it has been developed).
Since the link in the email is just an html a tag, I'm not sure how I can keep users from double clicking the link.
This sounds like you're facing the XY problem. Your actual issue is that users get confused by visits in a quick succession causing a code that was just generated to be invalid, rather than the fact that the link can be clicked twice.
From a security point of view, these kind of links should really be single-use, and the user should request a new e-mail if they want to perform the action again. Assuming this is something you're forced to do, I believe the best compromise would be to limit code generation to a time frame, so visits within, let's say, 5-10 seconds would result in the same code being shown to the user, based on the server's time.
Implementing any CSS based solution for this that'd work across every e-mail client out there is challenging enough (if at all possible), and I doubt any self-respecting e-mail client is going to let you run any sort of JavaScript to intercept the event.
The following works in a modern browser on an actual web page, but this is not just a bad idea, it's also probably not going to work if you try to use it in an e-mail. I'm providing it here just for the sake of completeness, showing that it's somewhat possible, but please do not rely on this to fix the underlying issue.
<style>a:focus { pointer-events: none }</style>
<p>This is some text, here's a link you can't double click by the way.</p>
Related
As far as I understand, GET has to be idempotent - it cannot change anything in the system and repeating it should always return the same unless something else changed the state of the application.
Problem is, on my website, there should be a lot of little changes based on whether some content has been already seen before by the user. I mean, like notifications, new message alerts, content sorting based on whether user saw it or not, how many users saw the content counters... For example when user clicks on notification, the notification should disappear from his notification panel and never be seen there again, so it changes something - state of the notification, but I can press F5 as many times as I want and it always returns the same page with same info, same buttons etc.
Can I ignore this kind of side-effect as too small and I can use GET or do I have to make most links and buttons on the website use POST like I do with links and buttons which lead to more "serious" changes? I do that by making forms around each of them with those links as form actions and original buttons as submit buttons of the form which seems a little messy to me and I don't want it almost everywhere (or is there a better way?).
This can be tackled from several points of view, I'll illuminate it from this angle:
The end result here is always the same, hence the request is idempotent.
The user visits the URL, the end result is that the notifications are cleared. They can visit the page again and again, the end result is that the notifications are cleared. They're not going to get an error message because the notifications have been previously cleared (that would not be idempotent). Yes, they will see different content each time they visit the page, but nothing says that the page content must be identical each time the resource is requested (that would put half the web in a bind).
Contrast that with a POST request to /questions (which creates a new question, for example): each time you repeat that POST request, a completely new resource is being created. You POST once, and /questions/12345 is being created. You repeat the same request, /questions/12346 is being created. That is not idempotent.
No, you do not need to make all those requests into POST requests.
I have made some .html signatures for one of our clients, and there are two things they want I can't figure out how to achieve.
One of them, the client wants the text inside the signature to not be editable by the user, that is to prevent them from accidentally changing something in the signature when sending an e-mail. Is this somehow posible?
The second issue, they said they can resize the images in the signature using the mouse. I also need to prevent this so that they cannot accidentally deform the logo or enlarge or diminish it. How can I do it? I tried setting width and height attributes to the images, but that doesn't prevent them form resizing it at will.
Any help or orientation will be really much appreciated.
Thanks
maybe you can create an image with the entire signature, so it won't be editable.
EDIT
Take a look at this link, maybe you will be able to add the signature after the send button is click.
How to modify email before sending
There are a few options:
1.) If you use an exchange server, you can set a Group Policy to add a signature server level and then another to remove permissions for signature access to all users. This will give you 100% control on all Outgoing messages. This is supposed to be used for disclaimers, so in a long email chain, the signatures may wind up at the bottom of the chain, not the message. See for more info: http://www.howto-outlook.com/howto/corporatesignatures.htm
2.) Another option is to run a script. This option steers away from using Group Policy, but I believe it would require action done on user level for each person, which may be an issue in a larger company. See here for more info: http://www.edugeek.net/blogs/thescarfedone/1016-centrally-managing-signatures-outlook-owa-free-way.html
3.) Last option I know of is to make signatures folder read only and insert the signature file directly on each person's computer. This is a very manual process and time consuming and certainly not scalable. See here for more details: https://support.office.com/en-us/article/Copy-email-signatures-to-another-computer-4e03286f-2246-4d7d-ae95-a4cc1992595a?CorrelationId=0db01a3d-f8b9-4bfb-af86-37cd4dcf6ef9&ui=en-US&rs=en-US&ad=US
Okay so here is my problem. I have developed a framework which does the following:
If, for example, you have four webpages... but you only want to allow users to reach the "4th" webpage after progressing through pages 1-3 sequentially - I have built this functionality (basically I set an encrypted cookie keeping track of what the user has completed thus allowing to know what they should be able to access). There are two parts of it:
1) If a page does NOT have a quiz, the user must only visit the webpages sequentially to be allowed to view the 4th page in the "progression".
2) However, if a page has a quiz on it, the user must successfully pass the quiz to go on to the next sequential page.
Now... Here is the real biggie... The last page will often be a web form which, obviously, I only want an individual to fill out and submit if they have reached the form by sequentially getting to that last page in the progression... BUT I found a flaw in the system. If someone were to go completely through the progression and fill the form out... they could delete their browser's "form data" and go "back" to the form and allow a friend to fill the form out. That would be detrimental to the system, and the users who will be navigating this progression are GOING to look for ways to get around going through it.
Some of the suggestions I will probably get will not be possible given the larger framework I am in, but rather than list all of the impossibilities I would like to see what you guys thought would be a way of getting around this issue?
P.S. This functionality is built in HTML and ColdFusion.
Thank you for any feedback, it is a great help!
EDIT:
Keep in mind the user must be able to back track any previous page they already completed.
I have an Access table that has a hyperlink field, with the records being a website link, to look up the UPS Worldship shipment tracking#. My problem is that even though the text has blue colored font, the link doesn’t launch and open the web browser when I click on the field.
originally the hyperlink did work, when I created the table and changed the field properties from “text” to “hyperlink”, but once I ran a delete query and an append query (in order to refresh the data), the link no longer functioned, even though the field has hyperlink properties.
Here is an example of my hyperlink record that I want the browser to launch: http://wwwapps.ups.com/WebTracking/processInputRequest?sort_by=status&tracknums_displayed=1&TypeOfInquiryNumber=T&loc=en_us&InquiryNumber1=1Z1467826772975386&track.x=0&track.y=0
Please advise what I need to do in order to make the hyperlink work, so the user doesn’t have to manually copy and paste the link into a web browser.
Thank you very much in advance
Nathaniel, Access 2003
I don't understand what you mean. I need to create an Access app that would be used throughout the day in order to track UPS packages. Ideally the table would provide a link, so that the user doesnt have to manually copy and paste the tracking number into the UPS website. Please advise if this is feasible without VBA.
I do not like hyperlink fields, they are difficult to edit and somewhat confusing for the user. I prefer to use a click event with FollowHyperlink. However, if you must use hyperlink fields, they have to have this format to work:
Descriptive text#link#
So
Stackoverflow#http://stackoverflow.com#
http://stackoverflow.com#http://stackoverflow.com#
Email#mailto:mail#example.com#
I imagine you have lost the link - that is, the bit between the hash signs.
Try going back to the table with the record and change the data type to short text. Close and reopen the table and switch the data type back to hyperlink. If the text is a valid webpage link it should work without any extra coding.
Good luck!
I am writing a Google Chrome Extension and trying to make the transition to coding in HTML, CSS and Javascript from the kind of coding I did 40 years ago. It's a big learning curve but a little bit of console logging would help a lot. (Who remembers the green phosphor displays on the old iron-core memory Sperry Univacs? Now there was a console that could tell you what was going on - mount a tape, change a diskpack or put more paper in the printer.) But I digress.
Just a few days ago, I was able to send messages to the Google Chrome DOM Inspector console log from my content script or background page like this:
console.log="RECEIVED REQUEST FROM CONTENT SCRIPT PEEK.JS";
Later if I inspected the page where that code was injected, I would see that exact same message on the console. If that line executed four times, I would see four instances of that messages in sequence on the console. It was simple but beautiful.
Now, nothing appears on the console unless I type in "console.log" and in this case I see only the last instance of the message. What's the problem here? Did I toggle something off in the debugger? Am I writing the code wrong? Should it be: "console.log("Message Here");" - (this always returns an error) ?
I have spent literally hours trying to find the answer to this question and I can only surmise that the question is so simple that even a well-educated child could answer it. The alternative is to spend more hours trying to find my bugs thru implication or from alert messages. Better to spend my hours learning how to effectively use the inspector for debugging.
For example, yesterday after restructuring what was once working code so that it would pass an array to background from content instead of background requesting each item successively from content, the extension broke, as might be expected. The console displays one error message: "Error during tabs executeScript: Unknown error." with a link that says "chrome/ExtensionProcessBindings:95" on the far right of that same line. Obviously the error message is almost useless. Clicking on the link brings me to the resources panel which displays a blank frame to the right with the words "background.html" This appears to be useless as well.
How is this information at all helpful? It took me another six hours to figure out that I had moved a variable definition to another place in the code so that it was not defined at the time the executeScript line was executed. Had the error message said that a parameter was undefined in executeScript, I could have found it in about ten minutes.
So back to the original question - I WANT A SIMPLE ANSWER - don't tell me to write a function. I saw the console displaying what I wanted two days ago without writing any functions.
Here is your SIMPLE ANSWER: Instead of
console.log="RECEIVED REQUEST FROM CONTENT SCRIPT PEEK.JS";
You should use
console.log("RECEIVED REQUEST FROM CONTENT SCRIPT PEEK.JS");
For console.log():
https://developer.mozilla.org/en-US/docs/Web/API/console.log
I would recommend searching the Mozilla Developer Network for documentation on JavaScript and many browser technologies.
My general suggestion to help with mistyped or out of scoped variables is to use strict javascript:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions_and_function_scope/Strict_mode
This makes certain JavaScript idioms into errors which are detected earlier, and which give more helpful diagnostics. (The quick version is to put the single line "use strict"; at the top of your js files, or if that causes to many problems you can put it as the first line inside any function to do function-by-function migration.)
The reason why console.log = blah would show blah on the console in some situations is that in JS, <left side> = <right side expression> is an expression which evaluates to the same value as just <right side expression>, but it has the side affect of also assigning to <left side>. (This is similar to C assignment expressions.)
Then, in the context you were in, the console will display the result of any expression evaluation. This is different from explicitly calling console.log() which will display the arguments as the intended side effect of that function.
So in that case you were overwriting the standard console.log function with a string, and the entire expression evaluates to that string value, and the console's builtin behavior (not the console.log() function!) would display the result of your evaluation.
In JS most things are mutable, and you can overwrite all kinds of fields and variables, so be aware of this potential gotcha!
Also, a general recommendation for seeking help on the web:
For sites like StackOverflow is to limit your post to a very specific single question. This is because people with similar problems will come here based on web searches or other links, and they need to figure out if this page helps them with their particular problem quickly. If they have to read through paragraphs with multiple questions or anecdotes, this really slows them down. I would guess that's why this question has been downvoted.
If you have multiple questions, make separate posts. StackOverflow isn't a good site for anecdotes about your experience in the past. FWIW- I personally found your background as a programmer on 70's era machines interesting, but many readers may get lost in the details. Those kinds of anecdotes could make a good blog post.