I have a question, I am passing a variable through $codigo
the controller, which is a code that is sent to the email to restore it, after it is sent it is redirected to the page where it must be entered to do the validation, and I was going to do it with js as below
<body class="container">
<div class="row mt-5">
<div class="col"></div>
<div class="col card shadow p-5">
<br>
<h1 class="text-center">Codigo de Restablecimiento</h1>
<br>
<label class="text-center">Se ha enviado un codigo a su correo para poder restablecer la contraseña</label>
<br>
<div class="alert-danger" id="errores"></div>
<form action="/Jomar/users_control/controller/AdminController.php?action=nueva" onsubmit="return validarCampos()" class="form-group" method="post" name="formCod">
<input type="hidden" name="id_admin" id="id_admin" value="<?php echo $admin["id_admin"] ?>">
<input type="hidden" name="codigo" id="codigo" value="<?php echo $codigo ?>">
<input class="form-control text-center" type="text" name="codInser" id="codInser">
<br>
<button class="btn btn-block btn-primary" type="submit">Enviar</button>
</form>
</div>
<div class="col"></div>
</div>
<script type="text/javascript">
function validarCampos(){
var codigo = document.forms["formCod"]["codigo"].value;
var codInser = document.forms["formCod"]["codInser"].value;
var formOk = true;
var msg = "<ul>";
console.log("codigo " + codigo + " insertado " + codInser);
if(codInser == ""){
msg += "<li> Debe insertar el codigo </li>";
formOk = false;
}else if(codigo != codInser){
msg += "<li> El codigo no es el correcto </li>";
formOk = false;
}
msg += "</ul>";
if(!formOk){
document.getElementById("errores").innerHTML = msg;
}
return formOk;
}
It works for me, but when I inspect the page, it shows the code when I pass it to the form, so if you could help me with a better option, I would appreciate it, thanks in advance.
You could disable it via
javascript
the inspect element option.The ways that exist to inspect element are the following:
In order to disable these options, do the following:
In your
html
to remove the context menu when pressing the right click:In your
javascript
you can implement this code to disable keyboard shortcuts:I hope it can serve you!
The best option is that you use ajax and code validation is done on the server side with PHP.
But if you don't want to change much, another way is that you encrypt that code with md5 only under this scenario you could do the validation on the client side, but I don't recommend you because a hacker can easily modify the javascript and skip that validation.
To validate in javascript you will need the following library: https://github.com/blueimp/JavaScript-MD5 After importing the library, you will need to change this section of your code:
By:
and in the value of your input add:
<?php echo md5($codigo);?>
UPDATE:
The functionality to not expose the code or the validation would be the following:
I hope you can help me with this, good luck!
I was able to solve it, sending the data entered by ajax to the same php method where the code is generated and comparing it.
JS Ajax
And in php I do the validation
Since it is the same method that redirects to the page and validates if the user exists, then I have to see through conditions if he
$_POST["codInser"]
arrives so that he can do the validation, and I use$_SESSION["codigo"]
so that the value is not lost every time I try enter the method again and do not generate it again (I don't know if it is the best way to do it, but it was the only one that occurred to me) Thanks for the help to all