I dont think it's possible directly, so I considered using javascript to access the anchors and pass that to PHP, but I don't know how.
Using jQuery:
$.post('getHash.php', {hash: window.location.hash});
Than in your getHash.php file
<?php
$hash = $_POST['hash'];
/* ... */
?>
Still, your question does not provide enough information for us to answer it corectly.
If you mean the hash portion of URLs (i.e. everything after #), that’s not sent to the server by web browsers. So you can’t access it from PHP.
Sounds like you’ve got the right approach for informing the server about hashes, i.e. using JavaScript. You can access the hash in browsers with window.location.hash. To send that to the server, you could use the XMLHTTPRequest object to POST it to the server.
Related
please i've been searching for a week now and i'm stuck .
I have a web app that send using xmlhttprequest in javascript to send value to be passed like a parametres in url like this :
xmlhttp.open("GET","http://127.0.0.1/filename/name.php?q="+value,true);
xmlhttp.send();
but if any one who get to know the url can change that value with any thing he want, I've allready implement the sql injection in the php files using : real_escape_string
but i need to crypt the value in the url , how can i do it ? i want to use ssl , but i didn't find aything on google , please dont give me a bad marks i really need answers
You can use POST.
Look here how to do that:
http://www.openjs.com/articles/ajax_xmlhttp_using_post.php
If the data is sensitive and shouldn't be accessible to the user, you shouldn't be using JavaScript to handle it. JavaScript runs on the client and so is at its mercy.
There's nothing you can do to stop people requesting a URL, so the only thing you can do is not display the content when people inevitably do. Put some logic in name.php that figures out whether the person requesting the file has access to download it. If they don't, simply display an error.
I know that $_GET["whatever"] gets ?whatever=*
Is there a way to get the # variable out of the url:
www.*.com#imsomething
? Can't find any results on google.
The part after # is a client-side part of the URL, it refers to an anchor within the HTML. Therefore, you can only retrieve everything before that.
Clients are not supposed to send URI-fragments to servers when they retrieve a document, and without help from a local application fragments do not participate in HTTP redirections.
~ Wikipedia: http://en.wikipedia.org/wiki/Fragment_identifier
You can use this Javascript code to get it's content client-side:
var hash = window.location.hash;
After grabbing it, you can of course send it to your server side code using jQuery's $.ajax or something similar.
No, there is not, since that is never sent to server side. That is something that is only visible on the browser.
You can read it with javascript and then submit to server side if you really want to, but normally it doesn't get sent. With javascript, you can read window.location.hash to get the value.
No, that is not possible with a server side language... You need JavaScript to read that.
I have a JavaScript which can be called externally using <script type="text/javascript" src="http://mydomain.com/myscript.js"></script> the script is created dynamically using php but I need to know where the script is being called from (which domain) the only way i can think off is using $ SERVER["HTTP REFERER"] but not all browsers support this and it is insecure as it can be changed.
Dose anyone know a better way I could do it?
First of all anything the browser provides cannot be trusted, this includes the HTTP Referer header.
However I don't agree with this being insecure, what exactly are you doing with this information? All the server can do is trust what the browser supplies it, so if you are attempting to restrict this javascript you are going to have to authenticate the user first (so you can plant a cookie).
So what exactly are your intentions?
Here is my idea.
Use a PHP file to render the JS file contents and it will only serve the javascript when session id matches. Hide your real js file too
I am unable to get a lot of referral URLS using document.referrer. I'm not sure what is going on. I would appreciate it if anyone had any info on its limitations (like which browser does not support what) etc.
Is there something else i could use (in a different language perhaps) that covers more browsers etc?
I wouldn't put any faith in document.referrer in your Javascript code. The value is sent in client side request headers (Referer) and as such it can be spoofed and manipulated.
For more info see my answer to this question about the server side HTTP_REFERER server variable:
How reliable is HTTP_REFERER
Which browser are you looking in? If the referring website is sending the traffic via window.open('some link') instead of a regular <a> tag, then IE will not see a referrer. It thinks it's a new request at that point, similar to you simply going to a URL directly (in which case there is no referrer). Firefox and Chrome do not have the same issue.
This is NOT just a javascript limitation, HTTP_REFERRER will NOT work either in this specific scenario.
Just to make sure you're on the same page, you do know that if someone types a URL directly in their web browser, the document.referrer property is empty, right? That being said, you might be interested in a JavScript method to get all HTTP headers. If you prefer PHP (since you're using that tag), the standard $_SERVER variable will provide what information is available. Note that the information is only as reliable as the reporting web browser and server, as noted by Kev.
The document.referrer will be an empty string if:
You access the site directly, by entering the URL;
You access the site by clicking on a bookmark;
The source link contains rel="noreferrer";
The source is a local file;
Check out https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer
I have seen that some web sites have a PHP script to redirect the user to another web page if they try to access JavaScript files directly. How is that done?
Unfortunately, as the previous answers have stated, you can't prevent one from seeing the contents of a JS file; if you could do that, how is the browser supposed to parse it?
The next best thing to do is to "Obfuscate" it using something like http://www.javascriptobfuscator.com/default.aspx
This will convert your human-readable code into a bunch of character codes and obscure function names. The Obfuscator I linked to generates a unique ID and bases its encryption on that ID, making it harder to decrypt.
However, this isn't fool-proof, and someone who really wants to get at your JS, for whatever reason, will do it. Anything you really don't want users to have access too should be done server-side. ;)
No, that's not possible.
There are plenty of ways how to get JS files. Nothing helps in protection.
Javascript is meant to be client side. That means it always gets executed on the browser which is local and thus can not be hidden.