i use PHP Simple HTML DOM Parser to get some data from another website. It is a online summary generator tool. Big problem is while my server IP send a hundred requests in a second to source website and get blocked
So, how i can use users own IP address while parsing a website?
I know about using a proxy with simple php html dom parser but it's another big problem to me.
Please give me ideas. Thanks
**you may found a duplicate post on phpfreaks forum.
You cannot with server-side coding like PHP. The request needs your IP address, otherwise your server would not get a response!
To send something with the user's IP, it has to be sent from the user's network. That means running in the user's browser. Javascript is the easiest way to do this, although Java, Flash and similar plugins can all do it.
Of course you need the answer on your server, so you need to write code that requests the data from your user's computer and code to send it from the user's computer to your server.
Related
I want to make it so that I can email a url and a php script or something at that url will take the contents I emailed such as message body and write them into a DB. I know how to write something into a DB but I dont know what to do in order to EMAIL to a url or person and have it pull out the message.
The reason I am thinking of emailing to a url if possible is because this saves me the massive blob of trouble of setting up IMAP and using all that mess. I know this can easily be done with php I just have no idea how.
You cannot send email to a URL, you must use a valid email address.
If you want to read your email from within php to import into a DB, you'll need to communicate to your IMAP/SMTP/POP3 server via a socket connection with the fsockopen() function.
I suggest you download any open source web based mail client such as RoundCube, Squirrel Mail, etc... and examine the source code.
There are quite a lot of options when it comes to receiving email. You'll still need to use an email address to send to but you can forward that email on via an HTTP POST using a couple of options such as cURL scripts or using a third party like CloudMailin.
I wrote a blog post about this in Rails (although the principles apply directly to PHP too without much modification. This is a dup of a couple of other questions but it was asked in a fairly different way hence the answer.
OK,
I'm not entirely clear how to ask this question, so please feel free to edit it.
Here's the idea.
I have a database that I think may be useful to webmasters.
I would like to offer, as a paid service, the inclusion of some interface with the database.
I want my database to dynamically populate drop-down option menus.
I understand how to do it when the database, requesting html/javascript and the processing php are all on the same server.
I'm not so sure whether this can be done if the requesting html html/javascript are on the webmaster's server, and the processing phps and the database are on my server.
I'm also not sure how to make sure that only authorized users can hook up to my database.
At this point, I am looking for a macro-level solution, not the code implementation.
Thanks!
Instead of directly connecting to remote database server, I suggest you to create a simple web service (such as a PHP page grabbing information from database, based on the request stated in query string you specified ) to generate XML / JSON for your web page.
Your web page, containing your drop down box, can make an AJAX request to fetch the XML & parse for data. With this mechanism, security problem caused by exposing the database can be avoided.
My approach to this would be to write a web service (whether SOAP, XMLRPC or REST) that requires the users to submit an API key with each request. The service would validate the key, talk to the database, and return results to the user in some standard format. The API key would (obviously) be unique for each user/subscription.
You could return the results of the request to the php script in JSONP format (json with padding). That allows the javascript to execute a callback method on the original webpage even though the service is on another domain.
You'd probably need some way of tracking state in your php code to determine if they're authenticated. One way would be to have the author of the 3rd-party webpage send an authentication token during their body onload to your php script. You could then mark the IP address of the client as "authenticated" and then all other requests from that same IP would return a valid result. Requests from a non-authenticated IP could return an error message.
IPs are obviously not unique in our world of NAT (network address translation). If you want it to be more fool-proof, you could generate your own token inside the PHP & send it back from the request to authenticate. The 3rd-party site would store that token in memory (or a cookie) & send it back to you on every request. You'd use that token as the proof of authentication on future requests, rather than the IP. This is basically how most servers do Sessions, PHP probably has something built in for that.
I'm looking to set up a whistleblowing/anonymous tip website, but I've run into some problems. The basic idea is that you navigate to a splash page, fill in a few fields (name and location optionally, and then the message), then fire it off. At that point the message gets sent to a specific email inbox so that our team can look at it.
I've done a bit of research and PHP seems like my best bet, but I would also like to be able to log IP addresses for every message (or, more ideally, append them to the email before it is sent) so that I can be sure I'm not getting trolled or spammed. Can anyone point me in the right direction with this? I'm kind of a PHP noob, but willing to learn.
Thanks!
The remote IP address will be available within your php script using the super global $_SERVER['REMOTE_ADDR']. You can append that to your mail.
Just to mention: If you log the ip address of the sender, you kind of miss something important if you want the sender to be ANONYMOUS. Because if you log the ip, then this is not really the case anymore.
Problem
Spambots most of the times have a network of computers(hacked!) so blocking IP addresses most of the times does not work. Also I would like to point out the probably some legimate user who is not aware of the malware on his PC can't use your service because you are blocking his IP address. Otherwise CAPTCHA's were NOT necessary at all and Google, Yahoo! would not be using them at all because as you most likely know these images are hard to read sometimes.
Solution
You should just have a good spam filter(GMail's works very good) in place and use Akismet to detect spam-messages instead. They have very decent libraries in place so that you don't have to do any coding at all and it is going to work a lot better, then what you were about to implement.
I have an RSS feed, users will be using it to rip content to display on there site. However I need todo a check that the site doing so has access.
Its just occurred to me that I have no idea in PHP how to detect if the script is being read by a server and what the URL is of the fetch.
Is it possible?
The best approaches for this are...
Give each rss reader it's own key (or maybe even login, password). You'll be sure that nobody can read your RSS without key.
You can allow reading rss only from ips from allowed list.
Checking referer, but it's not a good idea, because referer could be faked as well as any HTTP header.
Strictly speaking it is not, unless the server/client goes to lengths to identify themselves (HTTP authentication, custom header, data provided in a POST request, etc.).
It is possible to tell the IP address of the fetching server using $_SERVER["REMOTE_ADDR"]. Whether anything else is possible to tell depends on the methods your users use to "rip" the feed.
$_SERVER["REMOTE_ADDR"] gives you the IP of the requesting server. By checking this you could implement a basic access control check.
I'm currently building an app that renders RSS and ATOM Feeds on the client side. I can't directly send an ajax request to "https://stackoverflow.com/feeds/tag/php", but I can send a request to my server that just echos the XML File like:
<?php
echo file_get_contents('https://stackoverflow.com/feeds/tag/php');
?>
What are the security implications(if any) on doing this?
StackOverflow is now allowed to hack the data your clients get and replace it with something malicious or annoying. (To be fair, they could even if you were able to use the URL directly.)
Your clients are now allowed to cause your server to make a lot of requests to StackOverflow, who may block you for DOSing the site or something like that. (I do hope you apply a modicum of caching.)
You may be able to use the Filter functions to sanitize the data before the echo. In general, unless the host you're getting the data from is controlled by you and doesn't allow general users to upload or add data that will be echo'ed then I wouldn't trust it. You just don't ever know what someone might be able to get through.
I would write a script which would run on cron and fetch the data and write your own database/filesystem/cache (your choice) and give them to users asychrously.
You never know how slow the other server responds and if it really responds slow, it also slows your site.
You have to send
header('application/xml');
Then the client will handle it as XML, and no XSS can occur as far as I can tell.