Reputation: 1
Using credentials from a mysql table to run javascript scripts
I have a javascript that automatically creates form elements on the fly using createElement. One of the elements is a simple input form box that is disabled by default. Below I have code that will run through items (which is a counter that counts the number of rows of form elements I have created (I create 4 form elements, QTY, DESCRIPTION, PRICE, DISCOUNT) per row).
function enablediscount(){
for (x = 1 ; x <= items; x++){
var discount = document.getElementById("discount"+x)
discount.disabled=false;
}
}
Now, I want to run the above code upon a check against users and passwords in a mysql table. (Basically a manager)
Basically, I want maybe a small popup window that will ask for a username and password of a manager to enable the discount field so the user (in this case, a cashier) can input the discount
Any ideas?
Upvotes: 0
Views: 49
Answers (1)
Reputation: 32542
A sophisticated hacker would be able to look at your source code and simply enter the value of discount manually, for example, by typing javascript:document.getElementById("discount1").value = 500; in their address bar.
What you need to do is have them already logged in by the time they reach this page, or have them log in and then apply any discounts that they have available on a step 2.
The current way you have suggested is easily bypassed. Any authentication and authorization needs to be done on the server side.
Upvotes: 3
Related Questions
- How do I connect javascript and MySQL via PHP?
- mysql password() in js
- Connect to mySQL server from PHP and JQuery
- Use JS to execute MySQL queries and the security issues it involves
- JavaScript + PHP for accessing a MySQL DB in Wordpress
- Connect to PHP MySQL with Javascript from external server
- PHP with Javascript to access database
- calling a PHP script from Javascript to insert data to a mysql database
- login (php) with javascript
- Accessing MySQL through Javascript via PHP