0

I have a javascript that automatically creates form elements on the fly using createElement. One of the elements is a simple input form box that is disabled by default. Below I have code that will run through items (which is a counter that counts the number of rows of form elements I have created (I create 4 form elements, QTY, DESCRIPTION, PRICE, DISCOUNT) per row). 

function enablediscount(){    
  for (x = 1 ; x <= items; x++){
    var discount = document.getElementById("discount"+x)
    discount.disabled=false;
  }
}

Now, I want to run the above code upon a check against users and passwords in a mysql table. (Basically a manager)

Basically, I want maybe a small popup window that will ask for a username and password of a manager to enable the discount field so the user (in this case, a cashier) can input the discount

Any ideas?

Improve this question

1 Answer 1

Reset to default
3

A sophisticated hacker would be able to look at your source code and simply enter the value of discount manually, for example, by typing javascript:document.getElementById("discount1").value = 500; in their address bar.

What you need to do is have them already logged in by the time they reach this page, or have them log in and then apply any discounts that they have available on a step 2.

The current way you have suggested is easily bypassed. Any authentication and authorization needs to be done on the server side.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

actually this isn't going on the internet, just on a local network, so security is a low priority right now and the users are very unsophisticated

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.