1

I have a hopefully simple problem to solve. We're trying to protect a link inside a secured part of our site with a simple password. Basically, inside our traditionally secured site, we have a dynamically driven table of records with a little padlock icon that toggles back and forth between locked and unlocked. This section of the site is already traditionally secured and accessible only to authorized users. We would therefore just like to implement this less secure static PHP password authentication system that allows users to lock and unlock records in this table. Essentially once they create a record in the table, they have the option to click the lock icon (which obviously locks the record), but only those with a simple hard coded pin can unlock a record once its locked (ie all users can lock, but not all users can unlock). I therefore tried to write a simple PHP + AJAX pin system. My other admin insisted on a server side solution. He refuses to use just basic javascript for this and I agree. It still needs a reasonable amount of security. Here is what I have so far, but I am very new (minutes) to AJAX and apparently something is not working. This is a single file named pin.php (so basically the page submits to itself)

The UNLOCK link simulates the lock icon which the user clicks to unlock the record.

<html>
<script src="js/jquery.js" type="text/javascript"></script>
<?php
    $static_password = "1234";
    if(isset($_POST['data'])){
        $submit_password = $_POST['data'];
        if($submit_password == $static_password){
            echo "Do the unlock stuff";
        }
        else{
            echo "Sorry try again";
        }
    }
?>
<body>
<h2>Simple AJAX PHP Example</h2>
<a href="javascript:Unlock();">UNLOCK</a>
<script>
function Unlock() {
    var pin=prompt("You must enter pin to unlock");
    $.ajax(
    {
        url: 'pin.php',
        type: 'POST',
        dataType: 'text',
        data: {data : pin},
        success: function(response)
        { 
            console.log(response);
        }
    });
}
</script>
</body>
</html>

Any help is greatly appreciated. Thanks

Improve this question
9
  • inb4 the pin gets shared because "it's annoying" and you might as well have added a button saying "are you sure you want to unlock this record". Commented Nov 18, 2016 at 19:56
  • Sorry, can you say again please? inb4? Commented Nov 18, 2016 at 19:57
  • Just something I have a feeling about that will happen once you implement above. Commented Nov 18, 2016 at 19:58
  • So do you have a suggestion on how to fix this? Commented Nov 18, 2016 at 19:59
  • 1
    You're using $ but I'm not seeing a <script> including jQuery. Plus I believe you need to move the PHP code up to the top, otherwise all the HTML up to it is also included in the AJAX response. Commented Nov 18, 2016 at 20:00

1 Answer 1

Reset to default
3

This works for me as expected:

<?php
    $static_password = "1234";
    if(isset($_POST['data'])){
        $submit_password = $_POST['data'];
        if($submit_password == $static_password){
            die("Do the unlock stuff");
        }
        else{
            die("Sorry try again");
        }
    }
?><!DOCTYPE html><html>
<head>
    <script src="jquery-3.1.0.min.js" type="text/javascript"></script>
</head>
<body>
<h2>Simple AJAX PHP Example</h2>
<a href="javascript:Unlock();">UNLOCK</a>
<script>
function Unlock() {
    var pin=prompt("You must enter pin to unlock");
    $.ajax(
    {
        url: 'pin.php',
        type: 'POST',
        dataType: 'text',
        data: {data : pin},
        success: function(response)
        { 
            console.log(response);
        }
    });
}
</script>
</body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Hmm strange. Can you give a temporary public link? Maybe it's just my server?
Hmm maybe I am just missing something or it has been working the whole time. I dont see anything happening on your page either (same as mine). Can you modify the PHP to echo simple "Success" or "Failure" outputs?
Yeah something weird is still going on. I'm guessing the die commands will output their content too on quitting. I'm not seeing any of that on either of our servers. Still nothing is happening. I have tried two computers and multiple browsers.
Thank you by the way for your help with this!
Actually never used the browser console. Looking into it now. Standby
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.