Skip to content

National History Day Web page, https://www.galileo.usg.edu/national_history_day

National History Day

The National History Day Web page, https://www.galileo.usg.edu/national_history_day, is a GALILEO resource with code nhda.

It is a special resource in that it is hosted and maintained by GALILEO for a specific set of (mostly K12) institutions. And it is special in other ways, too:

  1. The link is https://www.galileo.usg.edu/national_history_day, not https://www.galileo.usg.edu/express?link=nhda (our standard link for most resources)
  2. The web page has javacript to restrict access to only that specific set of (mostly K12) institutions (no other GALILEO page works this way)
  3. The link script has a special-case login message to give K12 users extra hints (all other resources have the mostly the same message)

Case 1: Not an express link

Lucy and GSS decided they did not want to advertise the GALILEO National History Day page with a URL like https://www.galileo.usg.edu/express?link=nhda.

But they did want to restrict access to a specific set of (mostly K12) institutions. For that reason, the Web page at https://www.galileo.usg.edu/national_history_day makes a mostly correct attempt to restrict access. Even if a user turns off javascript (for example) and does access the page, all the links on that page are express links, so they'd be challenged regardless.

Case 2: Javascript

Below is an excerpt from the head tag of the Web page

    <title>GALILEO National History Day</title>
    <link rel="stylesheet" href="assets/css/app.css">
    <script type="text/javascript" src="/javascript/cookies.js"></script>
    <script type="text/javascript" src="/javascript/set_cookies.js"></script>
    <script type="text/javascript">set_cookies();</script>
    <script type="text/javascript" src="/javascript/go_nhd.js"></script>
    <script type="text/javascript">goNHD();</script>

The goNDH() function call is what restricts access. The content of go_hnd.js is (at this writing):

var loc;
function redirect(loc) { window.location.replace( loc ); }

var link;
function goNHD() {
    var inst = getCookie("inst");
    if( !inst.match(
        /^(dem4|lag1|1new|adad|ecav|ejen|etal|ewhe|gpsc|hatl|hcen|hcht|hcoo|hdod|heas|helb|hgab|hgor|hgro|hhab|hhar|hhaw|hlai|hlow|hman|hrab|htay|htif|htoo|htur|htwn|hwar|hwas|k12d|k12t|kdjj|kdoe|kdpe|kgsg|mech|mmon|mwhi|sapp|satk|satl|sbaa|sbac|sbak|sbal|sban|sbar|sben|sber|sbib|sble|sbre|sbrn|sbro|sbry|sbuf|sbul|sbur|sbut|scab|scac|scae|scal|scam|scan|scar|scat|scha|schb|sche|schi|scla|sclb|scli|scly|scoa|scob|scof|scol|scom|scow|scra|scri|sdal|sdaw|sdea|sdec|sdek|sdoa|sdob|sdoo|sdub|sear|seff|sema|seva|sfan|sfay|sfoa|sfoc|sfor|sfra|sful|sgai|sgeo|sgil|sgla|sgly|sgra|sgre|sgri|sgvh|sgwi|shaa|shab|shal|shan|shea|shen|shou|sirw|sjac|sjas|sjea|sjef|sjff|sjoh|sjon|slam|slee|slib|slin|slon|slum|smaa|smac|smad|smar|smcd|smci|smil|smit|smon|smor|smur|smus|snew|soco|sogl|spaa|spau|spea|spel|spic|spie|spik|spol|sput|squi|sran|sric|sroc|srom|ssch|sscr|ssem|ssoc|ssta|sste|ssum|stae|stat|ster|stha|sthb|stho|stre|stri|stro|stwi|suni|sval|svid|swaa|swal|swar|sway|sweb|swhi|swia|swib|swil|swor|psac|psao|psap|psat|psbe|psbf|psbh|psbr|pscc|psco|psda|psdw|psea|psfa|psfc|psfp|psgs|psgw|psha|pshc|pshe|pshs|pshw|psla|psmd|psmp|psms|psmv|psom|pspc|pspd|psrg|pssc|pssg|pssj|pssm|pssr|pssv|pssw|pstf|pstr|psts|psvs|pswa|pswb|pswf|pswl|psyy|tcha|tcsr|tfir|thea|tpio|psbk|pset|psco|psed)/ ) ) {
        redirect( "http://www.galileo.usg.edu/express?link=nhda" );
    }
}

Some background: When a user logs in to GALILEO, we set an inst cookie (among others) that has the format code.public_code, e.g., psat.atlantagirlsschool. So the above inst.match should be true for psat.atlantagirlsschool. If the inst.match is not true, the user is redirected to http://www.galileo.usg.edu/express?link=nhda. And because it's nhda, there's a special login message (see below).

The most glaring problem with this javascript code is that the list of institution codes is manually hard-coded there. We should fix that.

Case 3 Special Login Message

For every resource except nhda, the login message looks something like this: image

This login message appears if the user is clicking an express link for a resource that the user's institution does not have access to.

For the nhda resource, the login message looks something like this: image