GPS Security

[emozley]

Hi,

I am trying to add some security to a web app I am writing which will mean if you try and run it more than 100m from a certain location it will redirect to a page gpsfail.asp otherwise it will go to loginform.asp

If you are not logged in it redirects to a page that has this code:

<body onload="distanceToOffice();">

In my .js file I have the following:

function distanceToOffice()
{
navigator.geolocation.getCurrentPosition(handle_geolocation_query);  
}

function handle_geolocation_query(position)
{  
            //alert('Lat: ' + position.coords.latitude + ' ' +  
            //      'Lon: ' + position.coords.longitude);  
				  
	xmlhttpDistanceToOffice=GetXmlHttpObject();
	
	if (xmlhttpDistanceToOffice==null)
	{
	  alert ("Your browser does not support XMLHTTP!");
	  return;
	}
	
	url="/admin/distancetooffice.asp?lat1="+position.coords.latitude+"&lon1="+position.coords.longitude;
	url=url+"&sid="+Math.random();
	xmlhttpDistanceToOffice.onreadystatechange=function(){if (xmlhttpDistanceToOffice.readyState==4){var aspResponse = xmlhttpDistanceToOffice.responseText;document.getElementById('distanceToOfficeDiv').innerHTML = aspResponse;}}
	xmlhttpDistanceToOffice.open("GET",url,true);
	xmlhttpDistanceToOffice.send(null);
}

In my distancetooffice.asp I have loads of code that has various functions for calculating distances between points etc. but the main thing is I can make the response text be a number.

I want to have as much of my logic hidden from the user as possible - so should I make the response text be the page I want to go to and then on my client side code have something like

window.location=aspResponse;

Thanks very much

Ed