I want to show some dynamic info on my image, but it needs to grab the HTML of the page that loaded my image.
There might me some security risks by that, but there should be another way since I've seen an image that does that on some forum.
The image that I'm rendering will be used on a site that I do not own, but can only add to the page, like make a post which will contain the image. The example I was pointing at was this where it shows 'Welcome to my profile, (user)'
Here's how it looks like on my pc,
Depending on client configuration it should be available in the Referer HTTP header
In PHP you can get at this with $_SERVER['HTTP_REFERER'];
Nvm it was much simpler than I thought. It looks like all he did was just simply connect to the referrer url, read the input stream, then go to that url again, read previous users, grab the latest one and just write that name onto the image.
Related
As some of you may know, Google is now crawling AJAX. The implementation is by far something elegant, but at least it still applies to Yahoo and Bing AFAIK.
Context: My site is driven by Wordpress & HTML5. An Custom Post Type has tree types of content, and the contents of these are driven by AJAX. The solution I came for not using hashbangs (#!) until fully understand how to implement them is rather "risqué". Every link as HREF linking to *site.com/article-one/?tab=first_tab*, that shows only the contents of the selected tab (<div>Content...</div>). Like this:
This First Tab
As you may note, data-tab is the value that JavaScript sends with AJAX Get, that gets the related content and renders inside a container. At the other side, the server gets the variable and does a <?php get_template_part('tab-first-tab'); ?> to deliver the content.
About the risqué, well, I can see that Google and other search engines will fetch *http://site.com/article-one/?tab=first_tab* instead of http://site.com/article-one/, making users come to that URL instead of showing the home page with the tab content selected automatically.
The problem now is the implementation to avoid that.
Hashbang: From what I learned, I should do this.
HREF should become site.com/article-one/#!first-tab
JS should extract the "first-tab" of the href and pass it out to $_GET (just for the sake of not using "data-tab").
JS should change the URL to site.com/article-one/#!first-tab
JS should detect if the URL has #!first-tab, and show the selected tab instead of the default one.
Now, for the server-side implementation, here is where I'm kind lost in the woods.
How Wordpress will handle site.com/article-one/?_escaped_fragment_=first-tab?
Do I have to change something in .htaccess?
What should have the HTML snapshot? My guess is all the site, but with the requested tab showing, instead of showing only the content.
I think that I can separate what Wordpress will handle when it detects the _escaped_fragment_. If is requested, like by Google, it will show all the content plus the selected content, and if not, it's because AJAX is requesting it and will show only the content. That should be right?
I'm gonna talk third person.
Since this has no responses, I have a good one why you should not do this. Yes, the same reason why Twitter banged them:
http://danwebb.net/2011/5/28/it-is-about-the-hashbangs
Instead of doing hashbangs, you should make normal URIs. For example, an article with summary tab on should be "site.com/article/summary", and if it is the default one that pops out (or is it already requested) it also should change to that URI using pushState().
If the user selects the tab "exercises", the URL should change to "site.com/article/exercises" using pushState() while the site loads the content throught AJAX, and while you still maintain the original href to "site.com/article/exercises". Without JavaScript the user should still see the content - not only the content, the whole page with the tab selected.
For that to work, some editing to the .htaccess to handle the /[tab] in the URL should be done.
I'm sorry for my English, it isn't so good...
I need help with a simple PHP program: if the page's URL contain a specific word, the content is showed. If there isn't it, the entire page redirects. I would use this to prevent me from frames that other webmasters make to "steal" my website contents.
For this is ok.. But a friend of mine need to make a black list of specific words, not a white list. So if the URL contain a word, the entire page redirects. I tried using *$_SERVER['HTTP_REFERER']* but if the "thief" put the frame on an external website that is not in the black list and after he make a frame of the frame, the content is showed and the page doesn't redirect..
So I think it's like that: *$_SERVER['HTTP_REFERER']* could read just 1st level frame and not the main page (top frame).
I really need help with this, I can't make it with Javascript because we want to keep the code not visible.
If it is not possible, is there a method to pass a JS variable value to a PHP variable for my case?
Thank you in advance!
This is only possible by javascript if and only if the top level domain is the same as yours. If that is the case, you could make an ajax call to the server, passing along the url and then the server could determine whether or not to redirect.
Instead of showing what the code would look like, I'm much more inclined to persuade you against this approach. If you have content that you don't want people to steal, you should make your site non-public (i.e. users must login). If that is not possible, the content that you are worried about sounds like it shouldn't be on the internet.
I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. So, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer: header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
Use a plugin: you can use flash, a java applet, etc to load the images
Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.
Let's say I have a PHP file disguised as an image. Anyways, I want to log all of the clicks from it and where it was clicked it.
Right now, I'm using http://www.webcheatsheet.com/PHP/get_current_page_url.php but does not help. All I get is where the image is HOSTED on. I want where the image is clicked from... like where on the web was that image found, you know?
As esqew commented, you need to check the referrer with $_SERVER['HTTP_REFERRER']. The reason that the current page URL doesn't get what you want, is because the current page would be that image script of yours.
You should note though that the client doesn't have to submit a referrer. In most cases it will, but it is not required to. Furthermore, there may not even be a referrer if the image is accessed directly.
Finally, do not rely on that referrer for any sort of security, as it can be easily changed by the client.
I am trying to grab a file .pdf from a server. There is a hyperlink at the page, by clicking that link it goes to a page, it checks for some privileges, then it redirects to another page which shows the content of the .pdf within an Iframe.
lets say beginning url is http://site.com/docs/1.pdf
on click it goes to another page, then another one and it comes whth the last page
http://site.com/viewer/pdfs/1.pdf
the last page shows the pdf content within an Iframe.
I realized that the software IDM (Internet download manager) can follow the redirections and download the file by clicking the first link.
I was wondering if there is an algorithm or library or class or hint that I can figure out how to do that in PHP scripting.
by the way, once I wrote a code to read the header of the page and I could redirect to the second page, but I want to know if there is a general algorithm for this or not.
If you are doing the HTTP stuff manually, check for 30x statuscodes and the Location header.
However, you could simply use CURL and set CURLOPT_FOLLOWLOCATION.
Yes, just like ThiefMaster said, you could look for the Location header.
Have a look here, maybe this can be a help to you:
http://codesnippets.joyent.com/posts/show/1214 This function retrieves file size of a remote file, why don't you try to change it slightly so that it gets the final URL?