javascript - Should I put a Google sign in button on every page? -

-

i have built quite simple site users sign in google sign in button on index page. after verifying token etc, php session created, carrying google user id page page in order identify user.

i wrote bit of code (with intention of including in pages) display google sign-in button, verify token again , exit index.php if google-generated user id doesn't match 1 being carried php session. i'm not sure if necessary, thought might improve security little in case possible spoof session user id.

<div class="g-signin2" data-onsuccess="onsignin"></div> <script> function onsignin(googleuser) {   var profile = googleuser.getbasicprofile();   console.log('id: ' + profile.getid()); // not send backend! use id token instead.    var id_token = googleuser.getauthresponse().id_token;   var userid = <? echo $userid; ?>;    $.get("https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=" + id_token, function( data ) {                if (data.sub != userid)         {             window.location = 'index.php'; // if google log-in doesn't match $userid, redirects index         }     }, "json" );                                                                  }  </script>

is necessary, or should have sign-in button on front page , rely on session user id on?

i suppose have issue if user bookmarks page, in case maybe better off having sort of check if session has been created , redirecting if not?

use $_session['loggedin'] or similiar.

loggedincheck.php:

<?php  session_start();   if($_session['loggedin']==false){      session_destroy();      header("location: /login.php");      die;  }   else{}

Comments

Post a Comment

Popular posts from this blog

yii2 - Yii 2 Running a Cron in the basic template -

-
i have seen instructions on running cron in advanced template, cant figure out how on basic template. have following controller in basic controllers folder. <?php namespace app\controllers; use yii\console\controller; /** * cron controller */ class croncontroller extends controller { public function actionindex() { echo "cron service runnning"; } public function actionmail($to) { echo "sending mail " . $to; } } i have navigated root of application , tried these comands yii cron php yii cron im getting unknown comand "cron" i know old question failed find actual answer this. if @ code yii exec file you'll notice requires /common/config/aliases.php file console/config/main.php. can naturally change these or copy on these advanced template. hope solves problem wanting same thing.
Read more

asp.net - 'System.Web.HttpContext' does not contain a definition for 'GetOwinContext' Mystery -

-
i realize question might seem trivial some, it's these types of things find myself fighting quite bit , want make sense of despite seeming losing battle in .net (for me anyway). so, if following: using system.web; ... applicationuser user = system.web.httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); that produces error in title , red getowincontext() , error cannot resolve symbol 'getowincontext()' however, if following (remove system.web in front of httpcontext ), works expected (or @ least no errors): using system.web; ... applicationuser user = httpcontext.getowincontext().getusermanager<applicationusermanager>().findbyid(system.web.httpcontext.user.identity.getuserid()); however, if (same line that's working using system.web commented out): //using system.web; ... applicationuser user = httpcontext.getowincontext().getusermana...
Read more

mercurial graft feature, can it copy? -

-
there new feature in mercurial 3, called 'graft' (graft local). job of moving change-set different branch. is there way "copy" change-set branch? i interested in in moving stuff qa branch production branch, still need code reside in qa. want copy. found , have tried few things, maybe it'll become clear more tinkering , reading... does have better way of 'cherry picking' change-sets move cross branch (or trunk)??? graft copies changesets, doesn't move them. hg graft (emphasis mine): this command uses mercurial's merge logic copy individual changes other branches without merging branches in history graph. known 'backporting' or 'cherry-picking' . default, graft copy user, date, , description source changesets.
Read more