-1

I made a form in html (joomla article). The user input is posted to a server where I can not change the return url.

What I want is: User fills out form and click submit. End of story (maybe a thank you page). It does that now, but the page is loading for ever (maybe 10-20 sec) before it then returns a xml code with the status of the posted request - AND the server url, which I want to keep secret to the user.

So how do I allow the user to move on after the click, with out the waiting time - or how do I hide the status url in the browser, if the user must wait for the server xml response ?

I need to mention that I do not have full control over the html code in the joomla article. Joomla inserts the html header forexample.

This is what I have so far:

    <form action="http://serverUrl" method="post">
    <input type="hidden" name="login" value="mylogin" /> 
    <input type="hidden" name="pass" value="mypass />
    Textbox to send:<br /> 
    <textarea style="width: 209px; height: 86px;" name="text" rows="4" cols="40">Insert text. </textarea><br /> 
    <input type="hidden" name="from" value="myfrom" /> <br />
    Text 3:<br /> 
    <textarea style="width: 209px; height: 30px;" name="text3" rows="4" cols="40">your text 3</textarea>
    <br /><br /> 
    <input type="submit" value="SEND" /> 
    <input type="reset" value="CLEAR" />
    </form>

I have found some related posts on stackoverflow, among other sites. But the suggestions does not work - and I am not that much of a super shark in coding.

Pomfrit
  • 12
  • 1
  • I'm slightly worried that you appear to be sending usernames and passwords in plain text over `POST`. – Benedict Lewis Oct 05 '13 at 18:34
  • @Benedict: no choice. Speaking chinese to an african gets me nowhere. If the user pass is encrypted the server would need a key. I cant put a key on the server. Besides Post should be safe to use for operations like this - where GET is not. – Pomfrit Oct 05 '13 at 19:05
  • No. POST is not safe to ever send passwords, as it can easily be intercepted. You need to look into using `SHA` to hash your passwords before they are sent, some information on that is available [here](https://crackstation.net/hashing-security.htm). **Passwords should NEVER be sent in plain text, no matter how.** – Benedict Lewis Oct 06 '13 at 03:08
  • I will maybe take a look at it when above problem has been solved. – Pomfrit Oct 06 '13 at 06:26
  • Benedict: As I already explained: I do not have access to the server the username and password are sent to - so I can not salt or hash, nor both. Your comment is strictly noise. – Pomfrit Nov 11 '13 at 10:11

1 Answers1

-1

Well - "BUMP".

I made a work around - it turned out that I could use java script in the html code.

I now have followning: Open the joomla page in a new window. and inserted this in the submit line:

    <input onclick="javascript: setTimeout(window.close, 400);" type="submit" value="SEND" /> <input type="reset" value="CLEAR" />

It lets the page timeout after 400 milisec, then it closes. Hope it works in all browsers - only checked it in firefox so far.

It is now 100% what I wanted, but it does the job more or less. No waiting time for the users after posting and the form is posted - some secrecy is maintained due to the relatively fast closure of the window/popup.

Pomfrit
  • 12
  • 1