dongmo6937 2019-08-03 04:21
浏览 98

客户端授权

I'm wanting to move away from *.php extensions for my markup pages to essentially break my code down to having the front-end handle just the markup and some javascript stuff and having the back-end handle just my database transactions.

Traditionally all of my markup pages would have a *.php extension and then the authorization would occur at the top of the file in a php tag.

Because I am fine with requiring the user have Javascript enabled, the idea that I had was to create an HTML page that has a noscript that redirects to a "the website requires Javascript" page and alternatively a script that submits an AJAX request for authentication and redirects if there is valid authentication. Demonstrated with the following markup: 

<html lang="en">
<head>
    <title>Authentication Demo</title>
</head>

<body>
    <noscript>
        <meta http-equiv="refresh" content="0;url=noscript.html">
        <p>Javascript is required for Authentication. If you are not automatically redirect, please go to this page: <a href="noscript.html">noscript.html</a></p>
    </noscript>
    <script>
        function getParameterByName(name, url) {
            if (!url) url = window.location.href;
            name = name.replace(/[\[\]]/g, '\\$&');
            var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'),
                results = regex.exec(url);
            if (!results) return null;
            if (!results[2]) return '';
            return decodeURIComponent(results[2].replace(/\+/g, ' '));
        }

        function authenticateUser() {
            var xmlhttp = new XMLHttpRequest();

            xmlhttp.onreadystatechange = function() {
                if (xmlhttp.readyState == XMLHttpRequest.DONE) {
                    if (xmlhttp.status == 200) {
                        return xmlhttp.responseText;
                    }
                    else {
                        return null;
                    }
                }
            };

            xmlhttp.open("POST", "authenticate.php", true);
            xmlhttp.send();
        }

        var redirect = getParameterByName('redirect');

        if (this.authenticateUser === true) {
            window.location = redirect;
        }
    </script>
</body>
</html>

This would require that I setup my navigation anchors to be formatted as such authenticate.html?redirect=going-to-webpage.html

My question is two-fold:

  1. What are the security implications of this?
  2. Aside from requiring Javascript (as mentioned I'm cool with this) what are some other downsides associated with this approach?
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 安装svn网络有问题怎么办
    • ¥15 Python爬取指定微博话题下的内容,保存为txt
    • ¥15 vue2登录调用后端接口如何实现
    • ¥65 永磁型步进电机PID算法
    • ¥15 sqlite 附加(attach database)加密数据库时,返回26是什么原因呢?
    • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
    • ¥15 如何处理复杂数据表格的除法运算
    • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)
    • ¥15 有兄弟姐妹会用word插图功能制作类似citespace的图片吗?
    • ¥15 latex怎么处理论文引理引用参考文献