I know this has been discussed a number of times, but the problem I'm having at the moment is finding a solution that is easy to work with and does not require much hacking around.
I want to be able to upload a file, and report on its progress. I've been playing with SWFUpload, and it seems like a bit to much messing around for my liking. Integrating it with code igniter just seems like it's going to cause headaches.
I want a visual progress indicator of some sort to show the user their upload hasn't stagnated. Even if it was just a spinner saying "Uploading. Do not close this window until upload is complete." that would be enough for me.
Security is the most important. Using something like SWFUpload is going to require passing variables to the upload form such as the user ID and other information I'd rather not give snooping noses the opportunity to sniff.
Any possible solutions. Help is much appreciated.
You should take a look at HTML5 FormData and XMLHttpRequest 2 which allow you watch the progress directly in javascript.
You must customize the tool to meet your requirement , especially when its open source .
Security is the most important. Using something like SWFUpload is
going to require passing variables to the upload form such as the user
ID and other information I'd rather not give snooping noses the
opportunity to sniff.
Why you need to pass user ID ? i think its HTTP matter not SWFUpload,so you can make it secure .
Look here : http://demo.swfupload.org/Documentation/
I'm actually on the hunt for the same thing. A few of the options I have encountered so far are:
http://www.uploadify.com
http://valums.com/ajax-upload/ (Which is now headed off by Ben Colon here - github dot com / bencolon / file-uploader )
I haven't used any of those solutions because I'm not quite sure how to customize them for my application. But it looks like so far in my research, those are links that keep popping up.
Related
I've been struggling with this for a while and eventually gave up on inpementing any sort of savegame option client side with my cocos2d javascript game (structure based on this tutorial http://www.raywenderlich.com/33028/how-to-make-a-cross-platform-game-with-cocos2d-javascript-tutorial-the-platforms .. thx Ray .. )
Now i'm trying to find a way to save xml files to a webserver while running my game, firstly in a browser (because that seems the most straightforward way to get this going) and then hopefully later as an app that can access that same webserver.
I have a fair idea how to generate the xml from my array objects and I realise php is my friend when it comes to writing that xml file to disk on the server side. I've even heard of his pal AJAX that seems to have his contact details : )
My biggest problem at the moment is that the AJAX exampes I have found all use jquery. I realise this might be to simplify the cross browser compatibility issues but I can't fiure out how to add JQuery functionality to the JS in my game (probably stupidly basic or impossible as it will mess up all the bindings, I don't know). Most examples assume were doing all this straight form a browser script so any help with that would be great.
If jquery is a no go , does anyone have and example of how to send xml data in any format to php?
I'm sure there are enough tutorials out there on how to hande things from there...
If there is a simpler or better way to save savegames locally or on a server using the cocos2d javascript idea i'd be happy to hear it.
Thx..
Edit
I have managed to figure out that the simple answer to the jquery option (at least when deploying to web) is to include jquery at the top of the cocos2d.js file where all the other js files are loaded... might not be a sound option when it comes to porting it all to iphone though.
sys.localstorage is the way to save data.
Is there any way to disable or encrypt "View Source" for my site so that I can secure my code?
Fero,
Your question doesn't make much sense. The "View Source" is showing the HTML source—if you encrypt that, the user (and the browser) won't be able to read your content anymore.
If you want to protect your PHP source, then there are tools like Zend Guard. It would encrypt your source code and make it hard to reverse engineer.
If you want to protect your JavaScript, you can minify it with, for example, YUI Compressor. It won't prevent the user from using your code since, like the user, the browser needs to be able to read the code somehow, but at least it would make the task more difficult.
If you are more worried about user privacy, you should use SSL to make sure the sensitive information is encrypted when on the wire.
Finally, it is technically possible to encrypt the content of a page and use JavaScript to decrypt it, but since this relies on JavaScript, an experienced user could defeat this in a couple of minutes. Plus all these problems would appear:
Search engines won't be able to index your pages...
Users with JavaScript disabled would see the encrypted page
It could perform really poorly depending the amount of content you have
So I don't advise you to use this solution.
You can't really disable that because eventually the browser will still need to read and parse the source in order to output.
If there is something SO important in your source code, I recommend you hide it on server side.
Even if you encrypt or obfuscate your HTML source, eventually we still can eval and view it. Using Firebug for instance, we can see source code no matter what.
If you are selling PHP software, you can consider Software as a Service (SaaS).
So you want to encrypt your HTML source. You can encrypt it using some javascript tool, but beware that if the user is smart enough, he will always be able to decrypt it doing the same thing that the browser should do: run the javascript and see the generated HTML.
EDIT: See this HTML scrambler as an example on how to encrypt it:
http://www.voormedia.com/en/tools/html-obfuscate-scrambler.php
EDIT2: And .. see this one for how to decrypt it :)
http://www.gooby.ca/decrypt/
Short answer is not, html is an open text format what ever you do if the page renders people will be able to see your source code. You can use javascript to disable the right click which will work on some browsers but any one wanting to use your code will know how to avoid this. You can also have javascrpit emit the html after storing this encoded, this will have bad impacts on development, accessibility, and speed of load. After all that any one with firebug installed will still be able to see you html code.
There is also very really a lot of value in your html, your real ip is in your server code which stays safe and sound on your server.
This is fundamentally impossible. As (almost) everybody has said, the web browser of your user needs to be able to read your html and Javascript, and browsers exist to serve their users -- not you.
What this means is that no matter what you do there is eventually going to be something on a user's machine that looks like:
<html>
<body>
<div id="my secret page layout trick"> ...
</div>
</body>
</html>
because otherwise there is nothing to show the user. If that exists on the client-side, then you have lost control of it. Even if you managed to convince every browser-maker on the planet to not make that available through a "view source" option -- which is, you know, unlikely -- the text will still exist on that user's machine, and somebody will figure out how to get to it. And that will never happen, browsers will always exist to serve their users before all others. (Hopefully)
The same thing is true for all of your Javascript. Let me say it again: nothing that you send to a user is secure or secret from that user. The encryption via Javascript hack is stupid and cannot work in any meaningful sense.
(Well, actually, Flash and Silverlight ship binaries, but I don't think that they're encrypted. So they are at the least irritating to get data out of.)
As others have said, the only way to keep something secret from your users is to not give it to them: put the logic in your server and make sure that it is never sent. For example, all of the code that you write in PHP (or Python/Ruby/Perl/Java/C...) should never be seen by your users. This is e.g. why Google still has a business. What they give you is fundamentally uninteresting compared to what they never send to you. And, because they realize this, they try to make most things that they send you as open as useful as possible. Because it's the infrastructure -- the Terrabyte-huge maps database and pathfinding software, as opposed to the snazzy map that you can click and drag -- that you are trading your privacy for.
Another example: I'm not sure if you remember how many tricks people employed in the early days of the web to try and keep people from saving images to disk. When was the last time you ran across one of those? Know why? Because once data is on your user's machine, she controls it. Not you.
So, in short: if you want to keep something secret from your user, don't give it to her.
You cant. The browser needs the source to render the page. If the user user wishes the user may have the browser show the source. Firefox can also show you the DOM of the page. You can obfuscate the source but not encrypt or lock the user out.
Also why would you want this, it seem like a lame ass thing to do :P
I don't think there is a way to do this. Because if you encrypt how the browser will understand the HTML?
No. The browsers offer no ability for the HTML/javascript to disable that feature (thankfully). Plus even if you could the HTML is still transmitted in plain text ready for a HTTP sniffer to read.
Best you could do would be to somehow obscure the HTML/javascript to make it hard to read. But then debuggers like Firebug and IE 8's debugger will reconstruct it from the DOM making it easy to read,
You can, in fact, disable the right click function. It is useless to do so, however, as most browsers now have built in inspector tools which show the source anyway. Not to mention that other workarounds (such as saving the page, then opening the source, or simply using hotkeys) exist for viewing the html source. Tutorials for disabling the right click function abound across the web, so a quick google search will point you in the right direction if you fell an overwhelming urge to waste your time.
There is no full proof way.
But You can fool many people using simple Hack using below methods:
"window.history.pushState()" and
adding oncontextmenu="return false" in body tag as attribute
Detail here - http://freelancer.usercv.com/blog/28/hide-website-source-code-in-view-source-using-stupid-one-line-chinese-hack-code
You can also use “javascript obfuscation” to further complicate things, but it won’t hide it completely.
“Inspect Element” can reveal everything beyond view-source.
Yes, you can have your whole website being rendered dynamically via javascript which would be encrypted/packed/obfuscated like there is no tomorrow.
I was wondering, I want to plant a JS tracking code (analytics) in a few websites to track their traffic. But I don't want that when viewing the site's source code people will be able to see that I've embedded the JS tracking code there.
Is it possible? Maybe by using an Apache/PHP trick?
Thanks,
Roy.
Nope it's not possible, for the browser to execute any code at least some of it must be initially visible, even if that code is to then retrieve the tracking code itself.
In addition all the modern web developer tools provide access to any code that is loaded so anyone can use those to see anything you've attempted to load discretely.
The more important question is why you want to hide that you're tracking people?
It's not absolutely possible with Javascript. Javascript always runs in the context of the user's browser, so it always means that the user will have access to see the script. You can obfuscate it, or try some tricks similar to anti-hotlinking on the JS code, but it will still be relatively easy for someone to figure out what the code does with a simple tool like Firebug.
You can, however, track your traffic without JavaScript. Analytics uses JavaScript for portability, and because some of the data it accesses can only be accessed with JavaScript. However, there are more passive ways of tracking your traffic which don't require JavaScript, such as any log analyzer like AWstats. You just don't get some of the cool features of Analytics.
It's not possible, but you could just name your script file something innocent like "mouseover.js".
It's not possible: JS code has to be run by the web browser, which means that -- which ever way you try put it -- it has to be readable by the browser and thus by anyone that inspects the page.
You could try obfuscating the JS, but that won't stop anyone that is determined to see what's happening.
You could ask yourself what the odds are that more than a few people will check whether you're tracking them -- I wouldn't expect it.
You can't technically hide the code... But you can scramble it so it's not readable to anybody. I used http://hivelogic.com/enkoder/form by Dan Benjamin to scrable some JS on my page (in this case I scrambled my email address). It scrambles it so the browser can execute it, but it's not humanly readable...
Then you can just call it as a function like I did in from this script http://www.jamischarles.com/css_js/email_encoder.js. Give it a try.
Anyone know a good tutorial of how to make the status bar found in the new facebook? the one on the bottom. looks really cool
i was thinking it was written in either ajax or jquery. but not sure.
Here are some useful links/plugins that might help you:
Positioning the footer
Enable drag/drop of things (like applications)
Tooltip (when hover)
And for the interaction with the server (for new events etc.) you might use the AJAX functionality in jQuery:
In order to have it always be in the bottom, that is more of CSS than javascript.
I think you would get better answers if you were more specific. For example, I would want the answer to revolve around as to how the chatroom works on facebook. Is the javascript request being sent every second to check for new messages? or is there another protocol being used in order to have instant messages?
It's not clear what your are looking for: bar's design or it's functionality. If your are speaking about design you should look into css positioning (absolute). If it's about functionality i suppose that there is some kind of ajax javascript which checks every x seconds if there is change of state, and if there is go deeper and find out what to load.
Why not just download the Facebook source code and take a look at how they do it? They open sourced a lot of the stuff they use/created/enhanced.
Soh Tanaka just put out a great step-by-step tutorial on how to re-create the Facebook Status Bar:
Here's another good starting point: http://www.ben-griffiths.com/project/jquery-position-footer/. If I remember correctly it works in FF & IE & Safari
I looked through the jQuery plugins, and Googled the topic for you. All I could find was this which isn't exactly what you want, but it is a good place to start. With some style changes, and a little tweaking it could easily look exactly like the Facebook bar.
Not sure that this is the type of answer you were looking for, but i've been looking for the same thing and this code seems to at least show how it's done.
I'm working on a new project, a web application, where I need to focus the user on a particular task. Therefore I want to eliminate all other "System Generated Noise", like Browser Menus, Buttons, Address Bar, OS Task Bar and so forth. I have seen implementations like Lightbox, but this modal approach is limited to the size of the browser window.
What I want to do is have the same effect but stretched out beyond de browser so it covers the WHOLE screen. Well, at least that is the effect I'm aiming for.
The application is already on its way, it is being developed with PHP5, XHTML and Javascript/AJAX.
Please, if someone can point me in the right direction I'd greatly appreciate it.
this may help you:
http://www.programmersheaven.com/2/FAQ-JavaScript-Maximize-Browser-Window-To-Screen
Don't know if it is possible in the way you are describing without using something like flash or silverlight.
With good reason, there are certain things that remote javascript can't, and just shouldn't be able to do.
Another thing to consider are what happens when people have more than one screen, are you going to obscure whats on them too?
Please don't... drives me (and many other people) nuts when a web site tries to resize the browser window, let alone try to run outside of the browser chrome and cover up my task bar.
Let us know what browser you make that work in, and I'll be sure to either cripple the functionality or uninstall it if I can't.
Silverlight has a full screen mode that you can set after the first page is rendered in the browser.
http://weblogs.asp.net/scottgu/archive/2007/05/17/tip-trick-supporting-full-screen-mode-with-silverlight.aspx
Don't know if that helps with your current stack:
PHP5, XHTML and Javascript/AJAX
Keith
OK, so I've been looking around for other options, or alternate ways I can do this. One solution I found, only works with Firefox 2.0+ or IE6+, is to toggle the browsers Full Screen mode. Maybe even do a little pro Open Source and support only Firefox and urge the user to get that browser...but hell, if I'm telling the user to get stuff why not tell it to go and grab Flash o Silverlight, right??
I think it's a thin line between what is possible, what is wanted, and what is right for the user. I've yet to find what is needed to do this. But I think it's a lot more viable option.
Let us know what browser you make that work in, and I'll be sure to either cripple the functionality or uninstall it if I can't.
Mmm WTF!? Gonna go ahead and asume that was a nice comment gone bad. Not very constructive though.