I am building an examination app, in which i need users to stay on the app and answer some questions. I need to monitor when they fail to do so, like opening a new tab or browser to search for answers. Also when they minimize the app window etc. So is there any way to do this in jquery. Please don't down vote this question as I have searched for similar question on this site for answers.
Something like when mouse does not hover over body element of the document.?
For what it's worth, and I'm not going to check this cross browser..leave it to you, but some of the window events may be of help.
Try these out. Using Firefox they will trigger on change of browser tab and minimize of window if mouse has been active in document to give window focus. You could dig deep into other window events available and see if you can come up with enough to make it work for you, or at least you will have expanded your due diligence
$(window).blur(function(){
console.log('blur')
}).focus(function(){
console.log('focus')
});
Update your code findings... is a bit interesting
This is by design not possible - it would be a massive security problem if JavaScript could to stuff like this outside its sandbox.
You will need full control over the client machine to enforce something like this, using a client-side application that can occupy the full screen, lock task switching, etc.... it's a lot of programming work, would probably have to be done specifically for every OS, and will never be 100% reliable. Plus even a 100% solution is trivial to circumvent by having a second computer nearby.
The best you can do in a web site context is implement some safeguards, like time limits, monitoring keyboard activity inside the page and making sure it's constant, and such. What is appropriate here is dictated by your real-world situation, consider adding more information about it.
Shot answer:
No, there is not way to do so!
Long answer:
You can't consider that user has minimized the browser for searching answers. It could be another thing popping up in his computer that made him do so.
Having such control to user's computer can make user's life hell. Developers are trying to make users life easier and not uncomfortable.
And as you the know the answer again is, you can't do so :-)
I dont think so with jQuery alone as you dont have enough control over the Browser with JS.
What you can do though is use some software/browser designed to run in Kiosks as they have alot of the same requirements but might not have been immediately obvious to you.
Related
Again, to re-iterate: This is not a request to program anything for me. I am looking for more experienced web developers to tell me if my idea is really doable, as it involves some pretty tough issues (at least, I think so). Please, if this post is to be closed, could I at least get a little advice on where I should be posting instead first?
Imagine: You visit a website (say malonssite.com). You sign in, you get a double-paned window. Left side is chat list(think FB buddy list). Right side is a "browser".
The chat list is populated by other people who have signed into malonssite.com AND are visiting the same page as as you using the "embedded" browser.
Each user has the ability to "allow followers", at which point whatever site they visit, all their followers "follow".
Image sketch:
My abilities:
PHP
MySQL
Javascript (node.js included, but that's more serverish I guess)
I've done long polling and ajax, but this gets complicated. I am thinking something like this might be best done in flash? Or maybe an oldschool Java applet? I am just not sure.
I am pretty confident I can make this thing on my own, I am just not sure what technology to use. I usually hit stumbling blocks in each area, normally along the lines of the same origin policy. I know that JSONP can get around the SOP, however is it powerful enough to do what I want? I am not familiar enough with it.
Sockets in general (websockets, flash sockets, etc) and node.js are pretty new to me, and I think they somehow hold the answer, I am just looking for some verification.
Thanks!
As I see it, you'll just need an iframe with a JScript asking its src and sending it to the server. So basically the user will stay on your own domain, browsing other web sites in the iframe and you will have no cross-origin-request issues.
You could use ape engine for the server side, which is exactly meant for this sort of things.
It is very possible.
Simple? no. But possible.
HTML/CSS/JS will easily take care of the front end layout,that should be elementary.
Node.js is a good option, and would be best suited if you know that traffic will be heavy.
If traffic won't be heavy, i guess php is OK.
And you will also need a backend database...again, depends on how many users you think you'll have. nosql ones would suit well, although oracle just claimed they 'exponentially' improved mySQL performance.
But think about this idea carefully. The concept of allowing users to communicate if they're on the same page is neat - but they'd have to browse a site within your site....furthermore, you have to account when the user presses next/back button in the browser.
perhaps you could make a fork of firefox and implement this as a software
did you mean something like talkita
or any other solution on google search "chat with others on same page"?
some of them also allow followors (subscribers) etc..
have a look, maybe youll get an idea.
please forget about flash and java applets...
i think this is a great idea and i hope you can get it to work.
I would really use NodeJS + (Socket.IO | SockJS) for the server-side and realtime communication, all your SOP problems will be gone.
As for the client side, just take care of cross browsing the javascript and css
For data persistence, some kind of nosql implementation: mongoDB or couchDB for example
PHP - Apache with Codeigniter
JS - typical with jQuery and in house lib
The Problem: Determining (without forcing a download) a user's PC ability &/or virus issue
The Why: We put out a software that is mostly used in clinics, but can be used from home, however, we need to know, before they go to our mainsite, if their pc can handle the enormities of our web-based, browser-served software.
Progress: So far, we've come up with a decent way to test dl speed, but that's about it.
What we've done: In php we create about a 2.5Gb array of data to send to the user in a view, from there the view calculates the time it took to get the data and then subtracts the php benchmark from this time in order to get a point of reference of upload/download time. This is not enough.
Some of our (local) users have been found to have "crappy" pc's or are virus infected and this can lead to 2 problems. (1)They crash in the middle of preforming task in our program, or (2) their virus' could be trying to inject into our js thus creating a bad experience that may make us look bad to the average (uneducated on how this stuff works) user, thus hurting "our" integrity.
I've done some googling around, but most plug-ins or advice forums/blogs i've found simply give ways to benchmark the speed of your JS and that is simply not enough. I need a simple bit of code (no visual interface included, another problem i found with one nice piece of js lib that did this, but would take days to remove all of the authors personal visual code) that will allow me to test the following 3 things:
The user's data transfer rate (i think we have this covered, but if better method presented i won't rule it out)
The user's processing speed, how fast is the computer in general
possible test for infection via malware, adware, whatever maybe harmful to the user's experience
What we are not looking to do: repair their pc! We don't care if they have problems, we just don't want to lead them into our site if they have too many problems. If they can't do it from home, then they will be recommended to go to their nearest local office to use this software "in house" so to speak.
Further Explanation
We know your can't test the user-side stuff with PHP, we're not that stupid, PHP is mentioned because it can still be useful in either determining connection speed or in delivering a script that may do what we want. Also, this is not a software for just anyone on the net to go sign up and use, if you find it online, unless you are affiliated with a specific clinic and have a login name and what not, your not ment to use the sight, and if you get in otherwise, it's illegal. I can't really reveal a whole lot of information yet as the sight is not live yet. What I can say, is it mostly used by clinics/offices for customers to preform a certain task. If they don't have time/transport/or otherwise and need to do it from home, then the option is available. However, if their home PC is not "up to snuff" it will be nothing but a problem for them and make the 2 hours task they are meant to preform become a 4-6hour nightmare. Thus the reason, i'm at one of my fav quest sights asking if anyone may have had experience with this before and may know a good way to test the user's PC so they can have the best possible resolution, either do it from home (as their PC is suitable) or be told they need to go to their local office. Hopefully this clears things up enough we can refrain from the "sillier" answers. I need a REAL viable solution and/or suggestions, please.
PHP has (virtually) no access to information about the client's computer. Data transfer can just as easily be limited by network speed as computer speed. Though if you don't care which is the limiter, it might work.
JavaScript can reliably check how quickly a set of operations are run, and send them back to the server... but that's about it. It has no access to the file system, for security reasons.
EDIT: Okay, with that revision, I think I can offer a real suggestion - basically, compromise. You are not going to be able to gather enough information to absolutely guarantee one way or another that the user's computer and connection are adequate, but you can get a general idea.
As someone suggested, use a 10MB-20MB file and several smaller ones to test actual transfer rate; this will give you a reasonable estimate. Then, use JavaScript to test their system speed. But don't just stick with one test, because that can be heavily dependent on browser. Do the research on what tests will best give an accurate representation of capability across browsers; things like looping over arrays, manipulating (invisible) elements, and complex math. If there is a significant discrepancy between browsers, then use different thresholds; PHP does know what browser they're using, so you can give the system different "good enough" ratings depending on that. Limiting by version (like, completely rejecting IE6) may help in that.
Finally... inform the user. Gently. First let them know, "Hey, this is going to run a test to see if your network connection and computer are fast enough to use our system." And if it fails, tell them which part, and give them a warning. "Hey, this really isn't as fast as we recommend. You really ought to go down to the local clinic to perform this task; if you choose to proceed, it may take a lot longer than intended." Hopefully, at that point, the user will realize that any issues are on them, not on you.
What you've heard is correct, there's no way to effectively benchmark a machine based on Javascript - especially because the javascript engine mostly depends on the actual browser the user is using, amongst numerous other variables - no file system permissions etc. A computer is hardly going to let a browsers sub-process stress itself anyway, the browser would simply crash first. PHP is obviously out as it's server-side.
Sites like System Requirements Lab have the user download a java applet to run in it's own scope.
I've been asked to create a custom 'tracker' in PHP, to know where users are coming from and where they are going on the site.
I'm thinking of writing a simple script, which connects to a database, writes the ip, browser, and time of the visit, then closes the db link.
Is this the right way to do it ?
I've found a few similar questions on stackoverflow, but none mentioned performance.
Is there a reason you can't use a solution such as Google Analytics - its free and has some nice features such as heat maps which show traffic flow
The main disadvantage is that it requires you to embed some javascript on all the pages - which means that its client side
I suppose it's another question of the kind "I want superior performance, however I have no certain reason for that".
in fact, any solution will be fast enough as writing logs is not too heavy operation.
the only thing one have to keep in mind is not to use any indexes in case SQL database used.
that's all.
So, lets put aside that performance stuff.
The only complete solution would be analyzing web-server logs.
Any other method will not give you complete picture. Say, if there is some image hotlinked on other sites and makes heavy load because of that, you'd never notice that if you log only requests to php scripts.
So, you can run crontab-based script running every night parsing access logs and getting comprehensive information of all users and bots activity.
Check Piwik or New Relic, if you need more customization, you should take a look at Webalyzer and Visitors
N.B: You can customize Piwik by creating plugins http://geekmonkey.org/articles/34-how-to-write-a-piwik-plugin
Perhaps you need some special software like Webalyzer? (it's free and quite powerful)
Performance is easy to say but much harder to define. It depends on zillion circumstances and while i'm say: this is the best performance i can get - you might say: hey, what's this?
Personally i recommend Google Analytics. It does almost everything if you need (almost things you didn't need). Maybe you can get a small 'performance' boost if you storing it's source locally but there's a chance it's cached in users' browser yet.
Or, if you prefer open source solutions, give a shot for Piwik.
Piwik does just that, and it does it very well. There is also a Tracking API that you can use to track a lot of things about your visitors, using PHP or any other language (REST API). See more information on http://piwik.org/docs/tracking-api/
Also it is very modular & fast, don't reinvent the wheel :)
My client has a friend who is doing 'security testing,' and he's telling them that the PHP Zend Framework app I built for them needs to do these things on the browser side:
hide location bar, toolbar, bookmarks, menu, and the back / forward button
disable right-clicking
This is obviously a monumentally bad idea. I have pointed out that it hides the fact the site is SSL-secured, that it is optional for browsers to honour these requests, and that real crackers will find a way around it anyway, since it is a client-side hack.
In addition to the badness of the idea, is it even possible? The basic tests I've done show this is only possible in ie before version 7, and not at all in Firefox, Safari, Chrome. The guy insists it is possible in these browsers, I'm still waiting for a proof of concept.
Is it possible? Either in a pop-up or in the same window.
Any leads for usability studies that reject this approach?
Is there any support anywhere for this idea that is less than 5 years old?
Better, though: any really good demolishing of this idea, especially from any source that is a security authority?
My client trusts this guy so I have to find some non-emotive counter-arguments.
Thanks
Point out that
Even if the back/forward buttons are gone, almost every GUI browser under the sun still has keyboard shortcuts that can't be removed, e.g. alt-leftarrow/alt-rightarrow for navigation, ctrl-d for bookmarking, etc...
Most browsers have a "ignore disable right click" option in their settings.
2a. With the right click menu still available, it's trivial to get the url of the current page, and just copy/paste that into a normal non-gimped window and proceed as usual anyways.
Trying to achieve security by ramming "disabled" windows down peoples' throats is bad design. A good site wouldn't care if you had a file or bookmarks menu, nor would it care if back/forward were available. Removing them simply covers up for bad design decisions.
All he's doing is removing a hammer from the users' tookits, but the users still have lots of rocks lying around.
Not sure how much help this will provide, and I am assuming you have some sort of contract of what work will be provided. Simply refuse to do it. Walk away if you have to. If your client has a friend that is so set on performing such moronic tasks, let the client's friend do it and move on.
Sounds to me like you have come to a situation where you need to walk, or possibly fire your client.
Personally, I would even entertain the idea.
Good Luck!
I agree that it's a monumentally bad idea, mostly from a user interface perspective. By doing that, you're breaking an implicit user/application contract, which says the application should not interfere with the user's normal interface more than is necessary. In short, it will piss people off.
It should be quite easy to demolish the idea that this somehow adds security, simply by coming up with a few demonstrations of how you would circumvent it (see Marc B's answer).
Another point is that if it were a "best practice", you'd see a lot of people out there doing it. You don't, though, because it's not. Take some examples of institutions which have a solid security reputation (banks, DOD website, etc), and show that they don't need such things in order to be secure.
In Chrome it is possible, but only from a command line switch, not through javascript.
For example, say Chrome is installed to c:/chrome/chrome.exe, then you can launch your site using
c:/chrome/chrome.exe --app=http://mysite.com
This is useful for Internal Web App type applications, but not for general Web browsing.
As for practical convincing, also ask them to showcase their banks online accounting site. Then compare your security approach (https) to the one used by online banking systems (https). Should their bank use some form of address or status bar removal, then you can still adopt that approach. (There's only window.open and that's quite restricted in current browser configurations.)
Windows users perceive security visually. Offer your advise, implement customer wishes as long as they are not detrimental, then walk away. Don't try to educate unconvincable cients.
Perhaps you can point out what Jakob Nielsen (P.H.d. in human computer interaction)
has said about this in terms of usability:
Designers open new browser windows on the theory that it keeps users on their site. But even disregarding the user-hostile message implied in taking over the user's machine, the strategy is self-defeating since it disables the Back button which is the normal way users return to previous sites. Users often don't notice that a new window has opened, especially if they are using a small monitor where the windows are maximized to fill up the screen. So a user who tries to return to the origin will be confused by a grayed out Back button.
From: #9 in Top 10 Mistakes in Web Design
While the question may seem fairly basic I seem to be at a loss to actually find anything that fits my needs, which are:
Skinnable (although not 100% required)
Controllable through javascript (start, stop, change track)
Event triggers for custom functions (on track finish mainly)
Actual documentation - rather that 'it can do this, but we wont tell you how'
I've tried many of the free and quite a few demo's of the pay for ones. Wimpy Wasp seemed to be the closest to what I need but there is an obsession there with using a custom Windows app to set it up which is impossible as the files are provided dynamically by the sites users and it doesn't look like they want you to be able to create the code yourself.
I have no problem with a pay-for solution if it addresses my needs, but free would be nice.
Thanks in advance!
JW Flash Player, to the best of my knowledge, fits that description.
As per this question I recommend http://opentape.fm/.