At present I have a working DropzoneJS implementation where a user can select multiple images and upload them. There is a parameter parallelUploads which seems in practice to determine how many images can be uploaded at once, for example when the Select Files dialog is opened if the user selects 10 files, but parallelUploads:5 then only the first 5 images will upload successfully and the remaining 5 will be ignored, and those 5 images are sent via a single HTTP POST request.
What I would like to be able to do is configure it so that there is no limit to how many images are uploaded, but that they are uploaded in batches. For example, if a user selects 30 images, I would like them to all be uploaded successfully, either with 1 image per HTTP POST request or with a defined number per HTTP POST such as 5. If I set parallelUploads:30 then the server requires a vast amount of memory to try and do server-side processing on 30 images in one go and this doesn't seem to be a great solution.
How can I configure it to launch a separate HTTP POST request per image or for just a defined number of images at once without capping the number of images being uploaded in one action by the user?
<link rel="stylesheet" type="text/css" href="dropzone.css" media="all" />
<script type="text/javascript" src="dropzone.min.js"></script>
<div id="pnlPhotoThumbnails"></div>
<div class="clearfix">
<form id="frmUpload" method="post" enctype="multipart/form-data"
action="photo-upload.json" class="dropzone">
<input type="file" name="photo" id="photo" />
</form>
</div>
<style type="text/css">
#frmUpload input[type=file]{display:block;height:0;width:0;}
</style>
<script type="text/javascript">
function RefreshPhotos(){ $('pnlPhotoThumbnails').load('photo-thumbnails.php'); }
$(function(){
$('frmUpload').dropzone({
acceptedFiles: '.jpg',
parallelUploads: 5,
init:function(){
var hDropzone = this;
this.on('success', function(){ RefreshPhotos(); hDropzone.removeAllFiles(); });
}
});
});
</script>
Note: Above is an example code similar to the implementation I have, though I've edited it somewhat to make the question general rather than specific to my project, and hopefully with sufficient code to give an idea of how it works so bear in mind its not complete and functional from just this snippet! photo-upload.json would be a server-side script to process the file upload and return a JSON succcess/error response, photo-thumbnails.php would return HTML with <img/> tags for each of the photo thumbnails.
It turns out the following configuration will solve this, when in this specific case it will allow up to 100 files to be uploaded in one user action, but with an individual HTTP POST request for each image upload.
As of DropzoneJS version 4.0, it does not appear possible (correct me if I'm wrong) to set the number of files allowed to be uploaded in one go to unlimited, or to define a number of images to batch together, they are either all uploaded together or all uploaded separately:
parallelUploads: 100,
uploadMultiple: false
Related
I am from electronics background so don't have good knowledge in designing webpages. I am doing an ethernet project and for that I need to make a webpage but before that webpage I also need to make a login authentication webpage. I somehow managed to do it using HTML JAVASCRIPT but the problem is anyone can see the username password by viewing the page source.
I am having hard time making authentication. I have basic knowledge of HTML and JAVASCRIPT but ready to learn. All I can find on google is login templates but I don't even know how to use them.
Can anyone give me an example or point me to some good links.
HTML and Javascript are interpreted on the client side. For login purposes, it is the server side code that is commonly used to verify the credentials - simply because that fact that you are already aware of - with a simple client side implementation, you can see the credentials in source code, server side is also easier to work with, once you understand it, it is more flexible for further development, it is more secure, and it is really used everywhere for this task.
It is a good idea to use PHP, ASP, Ruby (or any other server side language) for this. If you do not want that, you need to make it hard for the user to read the credentials from the source code.
In order to do that, you can use various methods like cryptography or obfuscation. Cryptography is highly recommended over obfuscating as it provably adds more security to your application. Obfuscating basically means that you change the source code in a way that it is hard to read - you add functions that encode strings, so that your "password" can not be spotted on the first sight. However, obfuscation can always be bypassed, and usually quite easily with a good debugging tools.
So, let's go with cryptography. What you are looking for here is using one way hash functions. You have plenty to choose from - MD5, SHA1, SHA256, ... each provides different level of security. SHA256 implementation in Javascript is an example you can use. There are many other libraries and examples for this, so just use Google and find the one that you like.
Now, what to do with it? Say you have sha256() function that accepts a string and returns its hash as a string. For each user and password you have, you precount SHA256 hash of string "user + password".
Say, you want your username to be "Pedro" and password for this account is "MyPassword".
You precount the hash of "PedroMyPassword" - e.g. with with online hashing tool. You can see the its SHA256 hash is
40be6e939eedf018b2b846e027067dcb006585a2155ce324f1f2a6a71d418b21
This hash is what you put into your Javascript code.
When the user enters their user and password, you call your sha256 function on "username + password" and you compare it to your precounted hash.
Note that you have to select really strong password, otherwise certain attacks (such as dictionary attack) would be easy to use to break your hash.
The problem is now, that you did not specify, what you want to do next. For example, you might want to redirect authenticated users to next page, but here you have the same problem again - if you have redirection in Javascript to "secondpage.html" in your code, someone could just skip the authentication and navigate to this second page directly.
What you can do in this case is that you name your second page as
40be6e939eedf018b2b846e027067dcb006585a2155ce324f1f2a6a71d418b21.html
i.e. the hash of your user+pass string. In this variant you do not put the hash in the code at all. The web server will just return error 404 for all users that fail to authenticate. For example, if someone attempts to use "Pedro" with "123456" as password, the SHA256 would be
3bac31720fdd4619ebe2e8865ccc0dc87eb744f3f05f08c628bb9217a77e4517
and if you redirect them to
3bac31720fdd4619ebe2e8865ccc0dc87eb744f3f05f08c628bb9217a77e4517.html
it won't exist, because your second page file is called
40be6e939eedf018b2b846e027067dcb006585a2155ce324f1f2a6a71d418b21.html
You would need to create these second pages for each user/pass combination. You could then put a simple redirection code to the real second page.
But make sure you are using HTTPS protocol, otherwise, the second pages would go through the wire unencrypted ...
This all will work, but still, I highly suggest, you consider the server side way.
In my previous answer I was using client side technologies thats why the username and password was not safe and hidden if we check the page-source.
Now,we will use server side technology, for this you need web-server package such as WAMP,XAMPP etc
Download and install one of these packages.(if you have one of these two, then its well and good)
I am using XAMPP so I will explain with XAMPP.
If you have successfully downloaded XAMPP,
then look for the htdocs folder in XAMPP folder. Mine is "C:\xampp\htdocs"
copy the below code and create new php fileand Save this file as login.php in htdocs directory.
Here is php code.
<?php
$usr="root";
$pwd="root";
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']) ){
$username=$_POST['username'];
$password=$_POST['password'];
if(($username==$usr) && ($password==$pwd) ){
echo '<br>login successfull';
}else{
echo '<br>login unsuccessfull';
}
}else{
echo "<br>Connot be left empty!";
}
?>
ok!! Now Create a simple HTML page containing login form and save this as login.html
Here is the HTML code
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="login.php" method="POST" align="center">
<br>
Username:<input type="text" name="username"><br><br><br>
Password :<input type="text" name="password"><br><br>
<input type="Submit" value="Submit">
</form>
</body>
</html>
Now, Goto browser->Type http://localhost/login.html and run
Insert Username and password as root.
I am assuming you have basic knowledge of php, if not go through it, its is very easy and also read about HTTP requests
GET
POST
<html>
<head>
<title>Login paget</title>
</head>
<script type="text/javascript">
function display(form){
if (form.username.value=="root") {
if (form.password.value=="root") {
location="page2.html"
} else {
alert("Invalid Password")
}
} else { alert("Invalid Username")
}
}
</script>
<body >
<form >
<input type="text" name="username" /><br><br>
<input type="password" name="password"/><br><br>
<input type="button" value="Login" onClick="display(this.form)"/>
</form>
</body>
</html>
Hello I have created a login page for you using html and Javascript. The Username and password are root.
You see if you input correct username and password then the page directs to page2.html and this will show you
This webpage is not found
ERR_FILE_NOT_FOUND
so what you have to do is replace page2.html with your next page name.
You can't really have a secure authentication system using JavaScript and HTML alone.
I would suggest Basic HTTP authentication on your server instead, as it is much more secure (not perfect by any means, but at least employs a standard server-side method of access control).
If you must implement something in JavaScript, you could do a password only scheme based on the name of a hidden directory. Something like the following (note this is untested so will need some tweaks):
(Code borrowed and adapted from this question)
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
<script>
$(function() {
var url = "some_url";
$.ajax(url,
{
if (statusCode == 200) {
document.location.href = url;
}
else {
alert('Incorrect password')
}
}
});
});
</script>
<input type="password" />Login
The code should be finished so that the function is called when the button is clicked. So if the password is foo, you set a directory on your website called foo, and if the JQuery JavaScript detects that the entered password matches a directory name (e.g. /foo/), then the user is redirected there. Therefore you'd create a /foo/index.html in order to take care of the user's logged in session.
Note that this is the most secure thing you can do with JavaScript and HTML alone and it suffers from the following vulnerabilities.
It requires that the URL be kept secret, although this can be leaked by the referer header, by browser history and server/proxy logs.
Once a user is logged in, they are always logged in (they could bookmark the logged in pages)
There is no easy way to revoke a password.
There is only one password.
Anyone with access to view files on the server could view the directory structure and learn the password.
The URL may be leaked by analytics tools.
Assumes directory browsing on your server is disabled (or that there's a default page in the private page's parent directory).
In any case, always protect your server with TLS/SSL. My recommendation is to properly create a user authentication system using the advice from OWASP. The above shows only what's achievable in basic HTML (not much). However, it is better than exposing the password within client-side files.
just try out this code
-
function validate(){
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
if ( username == "username1" && password == "password1"){
alert ("Login successfully");
}
else{
alert("Invalid username or password");
}
return false;
}
<html>
<head>
<title>Javascript Login Form Validation</title>
<!-- Include JS File Here -->
<script src="js/login.js"></script>
</head>
<body>
<div class="container">
<form id="form_id" method="post" name="myform">
<label>User Name :</label>
<input type="text" name="username" id="username"/>
<label>Password :</label>
<input type="password" name="password" id="password"/>
<input type="button" value="Login" id="submit" onclick="validate()"/>
</form>
</div>
</body>
</html>
Google Plus is pretty good at pulling images specified by Open Graph meta tags when standard URLs are shared like:
http://stackoverflow.com/questions/22342854/what-is-the-optimal-algorithm-for-the-game-2048
See:
But things start to get screwy when you start appending query strings, such as is done in this URL:
http://stackoverflow.com/questions/22342854/what-is-the-optimal-algorithm-for-the-game-2048?utm_source=google-plus&utm_medium=social&utm_campaign=stackoverflow-general-promotion
And for certain URLs + query strings the default image seems to make no sense at all:
http://skeptics.stackexchange.com/questions/4508/can-every-grain-of-sand-be-addressed-in-ipv6?xyz_12312313
The image featured in the above screengrab is the user pic of the guy who last left an answer to the shared question.
Is there any way to force Google Plus to fall back on images defined by og:image tags even when query strings are appended?
No, there is no way to fallback with Google+.
This behaviour is possible with Facebook scraper because it supports checking for og:url which Google+ does not support (Why???). These are the items Google+ supports
<meta property="og:title" content="..." />
<meta property="og:image" content="..." />
<meta property="og:description" content="..." />
Normally when query parameters are added if og:url is defined
Their recommended format is Schema as described at https://developers.google.com/+/web/snippet/
The order in which Google+ checks
Schema
Open Graph
Title and meta description tags
Guess???
Seeing that multiple Schema are defined on the pages you linked, according to the https://developers.google.com/+/web/snippet/ documentation, it should take the information from the itemscope defined nearest to the top
<body class="question-page new-topbar" itemscope itemtype="http://schema.org/QAPage">
which is a little funny/weird since their tool doesn't pick this up http://www.google.com/webmasters/tools/richsnippets?q=stackoverflow.com%2Fquestions%2F22342854%2Fwhat-is-the-optimal-algorithm-for-the-game-2048%3Futm_source%3Dgoogle-plus%26utm_medium%3Dsocial%26utm_campaign%3Dstackoverflow-general-promotion
So, then this brings us back to looking at your second image
The title is different as well, so og:title isn't being detected either. <title> is being scraped instead
What does this all mean?
Google plus sucks with markup for sharing.
You will need to adjust your top most Schema.org microdata and hope Google+ makes sense of it when adding params to the canonical url.
<body itemscope itemtype="http://schema.org/QAPage">
<h1 itemprop="name">Shiny Trinket</h1>
<img itemprop="image" src="{image-url}" />
<p itemprop="description">Shiny trinkets are shiny.</p>
</body>
Read this in the FAQ section for OpenGraph in Google+ :
Why isn't my +Snippet image appearing?
Images that are too small or not square enough are not included in the +Snippet, even if the images are explicitly referenced by schema.org microdata or Open Graph markup. Specifically, the height must be at least 120px, and if the width is less than 100px, then the aspect ratio must be no greater than 3.0.
I have searched Google Tag Manager (GTM) documentation and did not find anything addressing this issue. I'm working with an affiliate network who wants their tracking pixel to be loaded synchronously to ensure that it fires before the content of the page loads. This only applies to our order confirmation page. We've implemented GTM so we can launch and fix tags in 5 minutes versus 2 weeks.
GTM is installed at the top of our order confirmation page and loads tags asynchronously so I know that the affiliate networks' tags are loading very quickly but the networks are still concerned that some data may be lost. GTM doesn't have any options or documentation that would indicate that it is possible to load the script synchronously but I notice the j.async=true name-value pair in their code.
If I change that part of the code to j.async=false, will the code load synchronously or will I just break it?
Here's the full code for reference.
<!-- Google Tag Manager -->
<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-XXXX"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','myNewName','GTM-XXXX');</script>
<!-- End Google Tag Manager -->
The article on Cardinal Path is great for learning how to setup synchronous tags.
However, as for the concern about ensuring there is no lost data, I would like to highlight Mickael's comment at the bottom of that article. Since the dataLayer.push might not be complete before the gtm.dom event occurs, you should include a custom event in the dataLayer.push so you are not relying on gtm.dom to fire your tags.
Here is an example tag with a custom event specific to page load.
Tag Name: pageLoad
Tag Type: Custom HTML Tag
HTML:
<script type="text/javascript">
var tid = setInterval( function () {
if ( document.readyState !== 'complete' ) return;
clearInterval( tid );
dataLayer.push({ "event": "pageLoaded" });
}, 100 );
</script>
Add the following Firing Rule.
Rule Name: All pages
Condition: {{url}} matches RegEx .*
Then, on the affiliate tags you want fired, all you have to do is include this custom event (i.e. pageLoaded) as a condition on the firing rule. In this example, the condition would be: {{event}} equals pageLoaded
We had a similar requirement with regards to defining a page type and then operating a rule/macro based on that input.
The suggestion I found was to have a rule in GTM to determine pageload/rule load etc.
I found it in this article, http://www.cardinalpath.com/controlling-tag-firing-order-with-google-tag-manager/
Hopefully that will help solve it - in theory you should be able to, have something that will trigger the GTM code before the page load.
I would like to POST data from my Windows Phone to a webpage that I created myself. The webpage will process the data and display any results.
After I POST the data, how I am able to navigate to the webpage with the posted data? (Example to www.test.com/#name=joe in the case it was GET)
A possible approach is to dynamically create an HTML page that performs the POST request and load it into the web browser control. The resulting web page will then nicely be displayed in the control.
The HTML page could look like this:
<html>
<head>
<title>Faceless</title>
<script type="text/javascript">
function submitForm() {
document.forms[0].submit();
}
</script>
</head>
<body onload="submitForm();">
<form method="POST" action="http://www.server.com/service.php">
<input type="hidden" name="name" value="Robert">
<input type="hidden" name="score" value="200">
</form>
</body>
</html>
You can load it into a web browser control with NavigateToString method.
Don't forget to enable JavaScript:
<phone:WebBrowser Name="webBrowser1" IsScriptEnabled="True" />
Have you tried looking up .net Web Requests and the .net web client class?
If your site is coded using PHP, you can send a http post request to the page (try avoid using a GET request for security reasons), and then do the necessary processing you need to do with the data.
Maybe this similar question will be of use to you:
Post with WebRequest
You could do 2 things
1. Send a Http Web Request of type POST. With this you have more control over the other approaches.
1. Once you get the response, load the dynamic html page in a webview(The dynamic page will be generated at the server side).
I have listing pages that take a page argument on the url like the following:
http://www.domain.com/foo/bar/?page=7
Should I just include the URL without params or should I list all pages in my sitemap.xml?
EDIT
Paginated content are listings, like an index. Therefore their content is also (in more detail) found in detail pages. But these paginated ones are the only way to reach detail pages.
I really wanted to find you a reliable source for this one, but I couldn't. Which means you'll have to make do with my intuition:
If the articles exist only in their paginated form, and you want them to be indexed as separate pages, list them all. They'll all have distinct content on them, so you won't be penalised for duplication.
I found details of one exception; including page 1 twice. Basically you need to choose whether the first page will be /foo/bar/?page=1 or just /foo/bar/, then do a 301 redirect from the version you don't want to use.
Hope this helps (even just a little).
Tom
NO!: You should add Meta-Tags to you paginated sites. This helps google to understand your pagination system.
Example:
On page 1 you would add into <head>:
<link rel="next" href="http://www.example.com/article?story=abc&page=2" />
On page 2 you would add:
<link rel="prev" href="http://www.example.com/article?story=abc&page=1" />
<link rel="next" href="http://www.example.com/article?story=abc&page=3" />
On page 3 you would add:
<link rel="prev" href="http://www.example.com/article?story=abc&page=2" />
<link rel="next" href="http://www.example.com/article?story=abc&page=4" />
And on page 4 you would add:
<link rel="prev" href="http://www.example.com/article?story=abc&page=3" />
See this document: Pagination with rel=“next” and rel=“prev”
In this case the ?page=7 probably relates to the content management systems page. In you site map file you can add this. In the site map if you want each of these pages to be displayed in what ever uses this file yes you should add them.