For a mobile phone application, would it be better to have a login form (I'm thinking would be the main form), which when you pass authentification would take you to the "MainPage" form, or a login dialog which opens before the main form and only allows the main form to open if it passes authentification?
My thoughts would be as a mobile app, if you log out, you don't necessarily want the entire app to close therefore having the login form as the main form, would be there (keeping the application alive) until you want to fully close it. And vice versa, with the login dialogue, since the main form is once you've logged in, when you log out you'd close that form as you don't have access to it, and therefore close the app.
it is better to make the main form with a TPageControl with some pages, the first will occupe the password and others the app things.
when you verify the password, you can pass to other tabs.
Related
I know how to implement a spring security login form the "classical" way, but I'm having a hard time figuring out how to implement a login form that opens in a modal and always behaves "properly".
It is not as trivial as it sounds.
Here are my specifications:
when an unauthenticated user requests a protected page, a modal login form should appear; when the login is successful, the requested page should appear and the address bar should display the requested url as in a non-modal approach
when this is triggered from outside the site, the modal should open on the site home page
when this is triggered from inside the site, the modal should open on the current page
when a user clicks on a "login" button on the site header (from any unprotected page) a modal login form should appear without changing page; when the login is successful, the location should not change but the page should be reloaded in order to be updated (e.g. showing the user name in the header)
if the modal is closed before submission, the original page should not have changed
if there are login errors, they should appear in the modal without redrawing the whole page
if the login form is submitted after session expiration, the login process should handle expired CSRF tokens gracefully (but I might consider removing them altogether for the login form, where I don't think are needed anyway)
every ajax request on the site (that originates from a protected page), should handle login requests gracefully
brute-force attacks should be hampered by temporarily suspending a username after some failed attempts
Java-only Spring configuration (no XML) and JQuery
the logout link should not trigger an authorization error when the session is expired
Is there an example login page via a pop-up window?
Also, if the user performs some operation on the site that requires authentication, then show the login screen (if user not authorized).
You should just create you Login view, as you would implement it usually. And then apply fancybox (http://fancybox.net/) or bootstrap-modal(http://twitter.github.com/bootstrap/javascript.html) to make it work as modal.
Regarding re-direction: as soon as you use [Authorize] attribute as controller attribute and not-authorized user tries to hit its action, he will be redirected automatically;
you may use modal box plugins for jquery to create pop-up and place your log-in form in the pop-up.
Check out this modal window plugin which support html markup in the popup.
http://www.zurb.com/playground/reveal-modal-plugin
I am new to AS 3.0. Please clear my doubts. I am preparing the game, which will initially display login page. After username validation, it enters into the game.
I have 2 separate pages for login and a game. To load all these files, I have main file which loads the login page and game file. When the preloaded completes, the login page opens. Using application domain, I will access the login button.
When the login button is pressed, the user name and password entered will be sent to the server for validation. If authenticated, the user enters the game.
Now the problem is, I want to show game screen based on the username validation response. I am not sure how to do this.
super() from constructors
super.functionYouAreInheriting() from inherited methods
remember to pass the appropiate arguments as well
http://ntt.cc/2009/07/26/beginning-actionscript-3-super-this-setter-getter.html
We send out a confirmation email on completed registration. User need to click a link to confirm the registration, this link opens up a new window. Bog standard procedure...
How can I get the new window to open up in the existing window (or close the old window)?
[Update, not sure if I was clear enough.]
When I click on the confirmation link I want it to open or replace the window I still have open from the registration process.
You can't control the user's email client (and this is a good thing), so you cannot direct how it opens links.
You could use a script on the "old" page (the one used to enter email address, profile details, etc.) to poll your server and do something once registration is confirmed. If the user closes this page before that happens, e.g. opens another link on the site, this works well by not moving them where they don't expect.
The user would still have the registration page open, so simply put instructions on that along the lines of "email address confirmed, would you like to now 1) do this, 2) that, or 3) something else" (all links).
Use the target="_top" attribute, i.e.
linktext
That will solve your problem
I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:
TweetMeme has a Re-tweet twitter widget that publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet.
This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user.
The pop-up window looks like this:
http://twitpic.com/1kepcr
I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?
I think that the process is something like this (I assume that they have used php on server-side):
First it opens a jQuery-like popup, but it's not strictly related to twitter sign in functions.
The real sign-in process begin when you confirm that popup, so it open new popup, with some php inside, that # hold a session.
Those scripts ask to twitter the request tokens, using site's application params, and save them into $_SESSION array.
If it's all-right, twitter send you to twitter authenticate page (https://twitter.com/oauth/authenticate), and after you have inserted your login params, twitter send you to the callback page defiend by that site. Here there is another php page that request access tokens, and save them into $_SESSION array. If it's all-right now the site has params that he needs for querying your profile, so last scripts inside popup refresh opener window (main site) and close himself.
Now main window has all the interesting params inside $_SESSION array.
Check this useful library for all the server-side work.
All they're doing is opening a page http://api.tweetmeme.com/share?url=someURL&source=tweetmeme in a new window (using target _blank), then starting the process from there.
EDIT: I was looking at the wrong retweet button. For your specific example, clicking the retweet button first opens Tweetmeme page http://tweetmeme.com/ajax/partial?... in a new window. Clicking yes then initiates the OAuth process by sending you (still in that window) to https://twitter.com/oauth/authenticate (with appropriate parameters).