I have a question but I just give an example to make it clear
I want to load any URL page, like the facebook login page, and fill the textboxes (user name and password) with data.
I want to do that from PHP or Javascript.
That mean - every time my php / javascript page will be loaded, the facebook login page will show and the textboxes automatically filled with data
can i do that? i know the browser (CHROME or EXPLORER) do that
but maybe it's possible only with browser and not with PHP / JS ?
Javascript is out of the question as you cannot load your Javascript when the Facebook page loads. And if you're thinking iframe the browser will prevent the Javascript in one frame from working in another frame, if it is not from the same domain.
If it is for Facebook, you should really look into their API. Many sites (like this one) now allow users to login using their Facebook login, so the API may be the easiest route. Also for major sites, like Facebook, there maybe some third party libraries that could help.
Now if Facebook is just an example and you need it for some other sites, it might be possible with PHP using cURL or maybe SOAP, but it could be very tricky. You need to realize that hackers will use similar techniques for brute force attacks, to find usernames and passwords. So sites like Facebook have done several things to limit the possibility of auto filling a login form (or any form). Also, for major sites like Facebook, using these techniques might be a violation of the terms of service, so you should check into that first.
If this is for yourself, you can write javascript:code in your bookmart and execute it everytime you open Facebook (or other page) for example
Related
I'm terrible at keeping track of my bills, so I wanted to create something automated. I also wanted the challenge of making it myself.
My questions:
Is it possible to have a webpage connect to another domain (any utility website i.e. timewarnercable.com) with the proper login credentials and retrieve the dollar amount I owe, then send me an email or even just display it on the webpage?
I've already got a webpage setup that has all my account info stored in it (don't worry it's only a local site!) and I can click a button and the info I have stored sends a POST request to the utility login site. This logs me in to my account page and then I can view the bill. But don't want it to open another page..I'd rather load the content of that page in the background, scan for the code where its says my $ owed, then capture that somehow, then return the dollar amount onto the webpage.
If so, is this possible to design this with Ruby (Rails) or php, with Javascript / AJAX.
Thanks!
What you're basically asking about is "page scraping", but your scenario is more complicated. You would have to fake the login post, capture and store any cookie/session info returned to you in the response and use that in subsequent requests to the site. You may also have to deal with redirects, depending on the site.
I have found nodejs actually quite useful for scraping pages since it has plugins that provide dom selectors (there is a jquery plugin) - you're using javascript for server-side programming.
Check if the site has API and if the site provides that, will make your life a ton easier.
Some banks like BankOfAmerica have applications that already do this - they aggregate your accounts and bills from other sites, see if your bank can do this.
There several threads on SO regarding this, but I just need to know how to READ a cookie from siteb.com on sitea.com that opens siteb.com on a iframe, IF this is really the recommended way to go.
Based on this post the author says:
Cookies can be read in an iframe if they were set outside of the
iframe
But I have no idea how to achieve this. Let me explain a bit more about what im trying to design so maybe you can point me in the right direction.
siteb.com is my website, where users login and signup, each time they do, a cookie is set like many normal authentication systems.
sitea.com is a generic site, where I can insert html and javascript code, from sitea I need -if exists- to read the login cookie of siteb. I think an iframe on sitea loading siteb will do the trick, but again, i have no idea how to access that cookies inside the iframe. Is there an easy way to do this?
Another approach i was thinking is to use cross domain iframe communication techniques, but they are not elegant, way complex and some of them fails in certain browsers, the most robust ones uses jquery but I don't want to insert jquery on sitea.
Here's what you need: http://easyxdm.net/ - load this library on both sitea.com and the siteb.com iframe. It makes cross-domain parent-iframe communication "just work" in every browser, using the fastest method avaliable in each browser. (Also, the author, https://stackoverflow.com/users/128035/sean-kinsey does a fantastic job of helping anyone who has trouble with the library - just check the mailing list archives)
Then add a tiny bit of JavaScript to your siteb.com iframe to read cookies and pass them to easyxdm and then add a bit of JavaScript to sitea.com to set up easyxdm (including creating the iframe, I think) and receive the cookie value from it. There's lots of examples on the website to help you get started.
After having completed an online registration process, I want to check if the user is using an iPhone, and in that case give the option of opening App Store to download the app. Here's what I've coded so far:
In PHP, check $_SERVER['HTTP_USER_AGENT'] for the presence of the substring "iPhone".
If so, output JavaScript code that, before redirecting to the welcome page, offers the possibility of going to App Store using a confirm box.
Redirect to itms-apps://itunes.apple.com/url-to-my-app using window.location = ... in JavaScript.
This works. However, when the user once again opens Safari, the page which I redirected from is still open. This doesn't make any sense in my case. I want to redirect to the welcome page regardless of whether the user chooses to open the App Store. If I try to write another window.location line below the first one to perform a second redirect, Safari simply skips the link to the App Store.
I've considered redirecting from a hidden iframe, placing some kind of timer on the second redirect, experimenting with different combinations of JavaScript and HTTP header redirects and so on. None of the solutions I've thought of so far seems really solid, though. How do I do this if I want it to work gracefully across browsers and versions?
The only way to do this is to use the welcome page itself to do the iTunes redirect.
I'm currently building a website which fetches youtube videos and flickr images and lets users comment on them on the website. While having it's own commenting system, the website also has an option to login with youtube/flickr to comment on youtube or flickr with their usernames.
I'm doing this by opening a popup window (real popup, not a jquery kind of popup), closing the popup after they login and storing their tokens in a PHP $_SESSION. Question is, I have quite a lot of stuff going on with jQuery and I'd like to let them switch between commenting as a visitor to the site to commenting on Flickr/YouTube after they login without refresh.
Basically, I'd need a way to detect when the pop-up closes so I could then make a request to a PHP file which would tell me if the user has a token saved in the $_SESSION or not and hide the name and email boxes from the comment form as they would only need the input box.
Another way would be to trigger a setInterval() when they open the popup and check for the $_SESSION every 2/3 seconds for example, but I don't think that's the best way to go. Ideally I'd want something that works as soon as the user closes the popup.
More details:
I'm using http://swip.codylindley.com/popupWindowDemo.html to display the pop-ups
The callback script for both functions does a self.close() after storing the token in a $_SESSION
Users can be logged in with both Flickr and Youtube (but I don't think this matters anymore).
Difference between commenting as a visitor and Flickr/Youtube user is that you have three fields (name, email, message) as a visitor and just one otherwise (message)
I do a check when page loads, so if the user refreshes the page at this point, everything is ok, but I would like it if he didn't have to do that, or if at least it would refresh automatically.
Lastly, I'm good to go with other options, as long as the user doesn't have to leave the page, refresh himself to swap between visitor and logged in user. Using jQuery in the page so if it's a jQuery based solution, even better.
Sorry for the long post, couldn't find a way to make it shorter.
Thank you for the help guys!
EDIT
setInterval() with a function that calls a PHP script to check for the $_SESSION variable worked like a charm, not at all as bad on performance or user experience as I expected. Still, if anyone can think of a better solution I'm ready to accept it.
Thanks!
You could place in the pop-window HTML code:
<body onunload="window.opener.location.href = 'http://check.session.com/path/to/file.php'">
I have come across Evernote's bookmarklet and was wondering how this worked.
You can just drag it to your bookmark and go to any webpage, click that bookmarklet and it will first ask you to login in. All this I have done already and know how it works.
The bit that I don't understand is that when you log in they authenticate you and allow you to submit stuff (in this case, a site url etc). When you are done the bookmarklet which placed a small overlay on the page you are viewing disappears.
When you go to a new tab and use the
bookmarklet again you are still logged
in! How?
I can see they are using an iFrame when their bookmarklet loads the overlay onto the page - but do they set cookies or something? If so, is this secure? Anyone can change the values? Or are they using some sort of private/public key system
Btw, I would like to replicate this Bookmarklet using PHP/Javascript(JQuery maybe). I would appreciate if anyone can help me understand how they do this or point me to relevant tutorials.
Thanks all for any help.
For starters, here's the code the bookmarklet executes:
(function(){
EN_CLIP_HOST = 'http://www.evernote.com';
try{
var x = document.createElement('SCRIPT');
x.type='text/javascript';
x.src = EN_CLIP_HOST + '/public/bookmarkClipper.js?' + (new Date().getTime()/100000);
document.getElementsByTagName('head')[0].appendChild(x);
} catch(e) {
location.href = EN_CLIP_HOST + '/clip.action?url=' + encodeURIComponent(location.href) + '&title=' + encodeURIComponent(document.title);
}
})();
What it does is relatively simple. It tries to grab a script from the Evernote site and adds a timestamp to the request so that it always pulls a fresh copy. If that succeeds, a bunch of JavaScript is added to the page which builds an iframe from which all of the Evernote functionality is exposed and the iframe can then used standard cookies, etc. to make sure you're logged in and then process your request.
The catch block is just in case the dynamic script loading fails, in which cause you're redirected to the Evernote site so (I'm guessing) that it can clip the content from there.
To answer the specific question of how you are still logged in, you're still logged in because your browser now has the session cookies for the Evernote site (www.evernote.com), so when the iframe opens up on the second site, those cookies go with it and Evernote recognizes that you're logged in. Using cookies is pretty much the standard for sessions on the web, so they're not doing anything special here and I'm sure you can search SO for the security issues surrounding cookie based sessions.
The main point is the iframe is essentially like having a separate window open, except that it allows some limited data to be passed by the base page to the iframe so it know what website you're on.
Hope that helps.
They are probably using cookies. They most likely open up an iframe, with JavaScript, to a php page on their site, then the site looks for a login cookie, if it is there, the site pulls the user info, and does its thing.
Just be careful, you need a way to verify that the cookie wasn't created by the user to trick the site. I would store a random string in a cookie, and also in the database (in the user table). Create the random string whenever the user logs in. When the user tries to use the bookmarklet, compare the two strings, and only allow access if they are equal, if they aren't, delete the cookies, and ask the user to login.. This makes sure an attacker can't just make a cookie with the user's ID and take over their account (the attacker would need the random string, generated each login, which would be hard to obtain)..
Also, set the cookies to delete when the browser session is ended..
Hoped that helped,
Max