Results 1 to 7 of 7

Thread: What does action=/logn and value=^U mean in the following code?

  1. #1
    Join Date
    Aug 2010
    Location
    Jacksonville, FL
    Posts
    77
    Thanks
    29
    Thanked 0 Times in 0 Posts

    Default What does action=/logn and value=^U mean in the following code?

    Hello,

    I was given the following code to post:
    Code:
    <form action=/login method=post>
    <input type=hidden value=^U name=url>
    <strong>Library Card Number:</strong>
    <input name=user><br /><br />
    <span style=margin-left:112px"><strong>PIN:</strong></span>
    <input type=password name=pass><br /><br />
    <input type=submit value=Login>
    </form>
    I have never used the <form> code without quotatons marks around areas such as action="/login"
    Also, I have never seen the slash used as it is action=/login
    I think the value=^U is some type of validation; but I'm not sure.

    When this code is used, a popup occurs asking if I would like to view secure Yes or No. If you answer yes, nothing appears on the screen. If you answer no, you see the Library Card Number: and PIN:

    I appreciate any help. Thank you, Elbee

  2. #2
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    29,030
    Thanks
    44
    Thanked 3,211 Times in 3,173 Posts
    Blog Entries
    12

    Default

    Not using quotes is non-standard. If the value of the attribute has no spaces in it though, the browser doesn't mind.

    The action attribute of a form is like the href attribute of an <a href="whatever.htm"> tag. Using a preceding slash tells the browser to begin looking from the root of the domain if the page is live, or the root of the current drive if the page is local. So that form will look in the login folder located in the root of the domain. Presumably there's a file there called index.php or some other default filename that will get loaded automatically once the login folder is looked at.

    So - say your domain is, mydomain.com

    The file that would be looked for would be:

    mydomain.com/login/index.php

    The value of the value attribute as ^U might be an artifact. It might be meant to be ctrl+U, but from what you're saying, apparently this form 'works', at least does something. So I guess it's a literal ^U. And you're right, the value of a hidden input is often some sort of validation. When the form is submitted, something checks to see if that hidden value is as expected. The name of the input tends to indicate that a URL is expected though. If this is a server side page, the ^ might be a token telling the server to resolve ^U as a previously defined URL.

    As far as what happens when you submit, that's controlled a bit by the browser, the rest probably by the page in the login folder and perhaps also by javascript. That is unless this form is under control of javascript that you haven't shown us.

    If you want more help, please include a link to the page on your site that contains the problematic code so we can check it out.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  3. The Following User Says Thank You to jscheuer1 For This Useful Post:

    Elbee (05-17-2013)

  4. #3
    Join Date
    Aug 2010
    Location
    Jacksonville, FL
    Posts
    77
    Thanks
    29
    Thanked 0 Times in 0 Posts

    Default

    You're the best John!

    We have a link to the OverDrive website on our website. http://jpl.lib.overdrive.com/B09224A...en/Default.htm

    After clicking on the link, the customer must Sign In (See top right corner). When they click on Sign In, they get a security warning (Do you want to view only the webpage content that was delivered securely?) The web page I created and gave to ITD to load in the libproxy will only display correctly if they answer NO.

    If they answer Yes, the style sheet is obviously not working and the page looks bad. We would love for that warning to not appear. We don't know if the warning is generated by some code ITD uses since we do not have code on our web page that would cause this (unless of course it has to do with the <form> code I sent you which they gave me).

    God help me!

  5. #4
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    29,030
    Thanks
    44
    Thanked 3,211 Times in 3,173 Posts
    Blog Entries
    12

    Default

    When I look at the source code I see:

    Code:
    <form action=/login method=post>
    <input type=hidden value=https://libproxy.coj.net/overdrive/jacksonville?URL=Default.htm name=url>
    <strong>Library Card Number:</strong>
     <input name=user><br /><br />
     <span style="margin-left:112px"><strong>PIN:</strong></span>
     <input type=password name=pass><br /><br /><input type=submit value=Login> 
    </form>
    So that hidden field is getting filled in by a URL. And it is to an SSL (https) page. Presumably that's where you go after a successful login. The page with the form on it is itself /login on that server. So it's submitting to itself. That's pretty common. As I say, if the login is successful, it probably goes to that page in the hidden field. If not, you are back on the /login page, presumably now with an error message like "Card number and PIN do not match".

    So that's why there's that message. The page it is going to is secure. In order to avoid that message, all content on that page must also be secure. If you have an SSL, a part of your site that's https, then host your css file there and that should take care of it as long as there aren't other insecure things like scripts or images, flash, etc.

    Oh, and just hosting those files on an SSL might not be enough, the path to them on your pages may have to include the https prefix and full path.

    Do you own the libproxy.coj.net server? Or are you just contracting out login services to it? Or is there a more extensive relationship?
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  6. The Following User Says Thank You to jscheuer1 For This Useful Post:

    Elbee (05-17-2013)

  7. #5
    Join Date
    Aug 2010
    Location
    Jacksonville, FL
    Posts
    77
    Thanks
    29
    Thanked 0 Times in 0 Posts

    Default

    Even though we are all city of Jacksonville, FL workers, ITD is very uncooperative with the library. They are in control of that libproxy and that's why I don't know anything about it. They just asked me to create that little login page and they gave me the <form> code to put in it and they do everything else.

    I guess we'll just have to talk to them about not wanting that security warning. It's really bad that you have to answer NO to see the login page correctly.

    Thanks for all your help, Linda

  8. #6
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    29,030
    Thanks
    44
    Thanked 3,211 Times in 3,173 Posts
    Blog Entries
    12

    Default

    Well, you will probably need an SSL or somewhere that's SSL to host your files. Otherwise, the whole idea of logging on is pointless. SSL's are generally not cheap. The cheapest ones are shared SSL's. The libproxy.coj.net server obviously is an SSL, perhaps they would let you host your files, the ones that need to be secure, on their server.

    Once someone logs in, what can they do that they couldn't do before logging in?
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  9. The Following User Says Thank You to jscheuer1 For This Useful Post:

    Elbee (05-17-2013)

  10. #7
    Join Date
    Aug 2010
    Location
    Jacksonville, FL
    Posts
    77
    Thanks
    29
    Thanked 0 Times in 0 Posts

    Default

    Nobody is better than you John! Thanks. Elbee

Similar Threads

  1. Where to Open the Action URL
    By Rain Lover in forum HTML
    Replies: 1
    Last Post: 10-10-2010, 10:20 PM
  2. I want a mouse over action
    By mahivik in forum Dynamic Drive scripts help
    Replies: 0
    Last Post: 04-16-2010, 10:25 AM
  3. Can you help me in the action page?
    By wesal in forum CSS
    Replies: 1
    Last Post: 06-09-2008, 07:13 PM
  4. Replies: 15
    Last Post: 10-28-2007, 12:07 AM
  5. Code to check date then do action
    By mikkiburns in forum JavaScript
    Replies: 2
    Last Post: 10-30-2005, 09:19 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •