2

I have a website, with a section that allows a user to log in. Once the user has entered their details and clicked "log in", how would I get that information from the server request to process? I am aware of the "get" method, however, whenever I use this, all of the values from the form are displayed in the URL (including the password).

Here is the function from the server file that deals with the request

function handle(request, response) {
  var url = request.url;
  url = removeQuery(url);
  url = lower(url);
  url = addIndex(url);

  var querystring = require('querystring');
  var params = querystring.parse(require('url').parse(request.url).query);

  if (! valid(url)) return fail(response, NotFound, "Invalid URL");
  if (! safe(url)) return fail(response, NotFound, "Unsafe URL");
  if (! open(url)) return fail(response, NotFound, "URL has been banned");

  var type = findType(url);
  if (type == null) return fail(response, BadType, "File type unsupported");
  if (type == "text/html") type = negotiate(request.headers.accept);
  reply(response, url, type);
}

Basically, how can I get the information out of a form without it being visible in the URL?

liamw9
  • 527
  • 2
  • 6
  • 19

1 Answers1

2

First stop: change <form action="..." ... to <form method="POST" action="..." ... so the browser will send the form data in a POST.

Next up, request.body has the information you're looking for, though it's not a string, it's a stream, so it's a bit hard to look at. Look at express as a higher-level tool that'll parse these things for you.

robrich
  • 13,017
  • 7
  • 36
  • 63
  • Thanks. I will look into express. I had seen the "post" method mentioned, however I didn't fully understand how I could extract the information I was after – liamw9 May 24 '16 at 00:31
  • 1
    Take a look at the F12 developer tools (e.g. push F12 in your browser) to see the request / response your browser sends. If you're on Windows, Fiddler is a great tool to see it too. – robrich May 24 '16 at 00:33