SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Addict
    Join Date
    Feb 2006
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    xmlhttprequest open username password

    Hi,

    I am using the following code in relation to xmlhttprequest:
    open("post","URL",true)
    but i have seen you can add a username and password e.g.:
    open("method","URL",async,"uname","pswd")
    Can some please let me know or provide a link to a good resource to inform me how to use the username and password and how it should be used. I have read its something to do with when a server requires authentication but am not to sure if this is correct - if correct do i just have to place my http authentication username and pswd?

    Best Regards
    p_h_p

  2. #2
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's for www-authentication. It's part of the HTTP protocol.
    Assuming, you're using PHP, have a look at: http://docs.php.net/manual/en/features.http-auth.php

  3. #3
    SitePoint Addict
    Join Date
    Feb 2006
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for that link - im not using http auth but at least i know a bit more about the technology.

  4. #4
    Google Engineer polvero's Avatar
    Join Date
    Oct 2003
    Location
    Mountain View
    Posts
    567
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    At the least get yourself a decent abstraction for xmlHTTPRequest.

    Code:
    var asyncRequest = function() {
      function handleReadyState(o, callback) {
        if (o && o.readyState == 4 && o.status == 200) {
          if (callback) {
            callback(o);
          }
        }
      }
      var getXHR = function() {
        var http;
        try {
          http = new XMLHttpRequest;
            getXHR = function() {
              return new XMLHttpRequest;
            };
        }
        catch(e) {
          var msxml = [
            ‘MSXML2.XMLHTTP.3.0′,
            ‘MSXML2.XMLHTTP’,
            ‘Microsoft.XMLHTTP’
          ];
          for (var i=0, len = msxml.length; i < len; ++i) {
            try {
              http = new ActiveXObject(msxml[i]);
              getXHR = function() {
                return new ActiveXObject(msxml[i]);
              };
              break;
            }
            catch(e) {}
          }
        }
        return http;
      };
      return function(method, uri, callback, postData) {
        var http = getXHR();
        http.open(method, uri, true);
        handleReadyState(http, callback);
        http.send(postData || null);
        return http;
      };
    }();
    Usage:
    Code:
    asyncRequest('POST', 'aut.php?user=hello&pass=12345', function(o) {
      alert(o.responseText);
    });

  5. #5
    SitePoint Addict
    Join Date
    Feb 2006
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for that - my code is similar - I have tried to make it as secure as possible as xss is not possible due to the nature of the page plus all inputs are validated and ssl is being used plus all returned values should not contain confidential/security risk info. - Is there any other security features i could consider - no db names, tables, or fields are contained in the page code.

    regards
    p_h_p

  6. #6
    Google Engineer polvero's Avatar
    Join Date
    Oct 2003
    Location
    Mountain View
    Posts
    567
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    - no db names, tables, or fields are contained in the page code.
    Yep. You got it. That should all be abstracted to your backend. Just make sure you're also escaping input, and cleaning your strings before making queries.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •