Let's say I have a PHP file disguised as an image. Anyways, I want to log all of the clicks from it and where it was clicked it.
Right now, I'm using http://www.webcheatsheet.com/PHP/get_current_page_url.php but does not help. All I get is where the image is HOSTED on. I want where the image is clicked from... like where on the web was that image found, you know?
As esqew commented, you need to check the referrer with $_SERVER['HTTP_REFERRER']. The reason that the current page URL doesn't get what you want, is because the current page would be that image script of yours.
You should note though that the client doesn't have to submit a referrer. In most cases it will, but it is not required to. Furthermore, there may not even be a referrer if the image is accessed directly.
Finally, do not rely on that referrer for any sort of security, as it can be easily changed by the client.
Related
I want to show some dynamic info on my image, but it needs to grab the HTML of the page that loaded my image.
There might me some security risks by that, but there should be another way since I've seen an image that does that on some forum.
The image that I'm rendering will be used on a site that I do not own, but can only add to the page, like make a post which will contain the image. The example I was pointing at was this where it shows 'Welcome to my profile, (user)'
Here's how it looks like on my pc,
Depending on client configuration it should be available in the Referer HTTP header
In PHP you can get at this with $_SERVER['HTTP_REFERER'];
Nvm it was much simpler than I thought. It looks like all he did was just simply connect to the referrer url, read the input stream, then go to that url again, read previous users, grab the latest one and just write that name onto the image.
I was coding from some ideas collected over the web a "solution" to redirect all pdf, for example, downloads on a server to a reCAPTCHA form and, after passed, download the requested file. It is cms agnostic and works but I have one situation that downloads an incorrect file.
The code is at: https://github.com/Siot/docafi (request.php file)
I explain the process:
All .pdf requests where redirected to request.php through .htaccess:
RewriteRule ^(.+.pdf)$ request.php?file=$1 [NC,L]
If it's the first time ($_SESSION var) request.php will show you a reCAPTCHA form.
If reCAPTCHA passed -> download starts.
If error -> error message.
If reCAPTCHA was passed previously on the same session, download starts automatically.
The special case is when is the first time in the session but starts download using right-click over the link.
It downloads an incorrect file content because I can't show the reCAPTCHA form. Can I know if a user had right-clicked over the link without javascript? I want a transparent solution over the different cms/html files on the server.
Can I solve this on another way?
No, selecting 'Save as...' in the popup menu works exactly as it should - it saves whatever is fetched by the link to local disk instead of trying to show it in the browser. It's thus completely correct that it's downloading the HTML file with the reCAPTCHA instead, and there's no way to detect it, not even with Javascript - to the server it's all the same, since the browser issues the same request, it just processes the result differently. You could set a flag on onContextMenu event, but it'd just have the wrong setting anyway if you then opened the link by leftclicking it or pasting the address in the address bar by hand.
It should be possible with javascript however PHP i'm fairly confident there will be no way this can be done considering it is server side.
Look through some previous stack overflow questions like:
how to get right click event javascript
I suspect that this is impossible, but I'm trying to be optimistic...
I'm running a site that uses jquery & php. Via ajax, I'm dynamically loading images to a page. The problem is that the paths to the images are visible when you view the source of the page. I'm trying to figure out if it's possible to prevent the path from displaying? I just don't want anyone seeing those paths or being able to access them. So, I don't know if there's some sort of magical programming solution or something to do with htaccess, but if anyone knows how to accomplish this, I'd appreciate pointers / links / or brilliance...
As the browser needs to know where to fetch the data from, it cannot be hidden easily.
But you can it make the "attacker" a little bit harder. E.g., you can give URLs with a script behind loading the given images. The script does so only if called with the correct Referer: header.
Are Data URIs an option for you?
If not, preventing hotlinking (via Referer) would be the way I would do it, possibly with some obfuscation (depending on your user base).
Everything that's visible to the browser is visible to the clever user in one way or the other
You can hide them from lamers, but not from programmers
Anti-lamer techniques can include:
1) setting data-mangled-src attribute to something like ROT13(real-src), then doing
$('img').each(function () { $(this).attr('src', ROT13($(this).data('mangled-src')))})
2) setting some data-id attr, then AJAX-requesting the src from the server
But anyway, the URL goes to the browser, then it's visible to the user
3) And, of course, you can load your images into flash 'viewer', which is probably the most advanced way of hiding them
So... If you make the load path an internal link in php Requested through Ajax that should hide the path in network inspector... By this I mean maybe query a db that generates a temp path to the image that expires...
Then with the loaded image you could save it a canvas element... Thus no src
There are a few ways you can go about hiding image URLs.
Use a plugin: you can use flash, a java applet, etc to load the images
Use a traffic cop: you can set the source of all the images to a single PHP script, with some kind of parameter to specify which image you want. That script can check sessions variables / referer / whatever you want; if everything checks out, you can do a file_get_contents() to load the actual url of the image, then echo that out to the browser.
I've created a website to help you hide the image src of your precious photos and images.
My website will hide the source path of your image, and it also allows you to 'Lock' your photo to a specific domain eg. example.com so that the photo will only display example.com and not on facebook.com or wherever the link to the photo is reposted.
http://hideimgsrc.com
It's easier and faster than a java script based solution.
I´m building a webpage that has a sort of catalog in it, which shows the current item and its description, and thumbnails for other items below it, if I click on a thumbnail of a different item, I have some script to change the description and the big image to the desired item. The problem is that I want this to reflect in the URL so the user could send the URL as a link to other to show the desired item. But I havent found a way to change the URL without having to reload the page, and for aesthethics, I dont want to reload the page.
Any ideas how to do this?
The solution is to use location.hash. Also, to implement it correctly, you might want to read this article from Google: Making AJAX Applications Crawlable
There is no reliable (cross browser) way to change the URL in the address bar without reloading the page - the very act of changing window.location.href (which I imagine is what your trying to do) tells the browser to reload the page (even window.location.href = window.location.href; will do it in some browsers).
I think you would have to put a [link to this page] element on the page and change that instead - you can easily populate it with the current URL either at the server side or using a window.onload function and manipulate it in the same way as you have been doing using element.value or element.innerHTML (depending on what type of element you choose to contain the link).
You can do it with hashes (see the window.location.hash property) but this can be messy programmatically.
The usual, currently-broadly-compatible way is to use a hash, e.g.:
http://myniftystore.com/catalog#11321R-red-shirt
then
http://myniftystore.com/catalog#11321B-blue-shirt
then
http://myniftystore.com/catalog#95748B-blue-slacks
...as you navigate items. You can change the hash on the page by assigning to the location.hash property, without reloading. This requires that you use some client-side script in the first place to figure out what to show when the user first goes to the URL (by examining the location.hash).
Google has a proposal out for how to make these things crawlable. Personally, I think they've really messed it up by requiring that weird hashtag (#!xyz rather than just #xyz), but if it's me or Google, I think I know who'll win. :-)
Coming down the pike there's the whole history API, but support isn't very thick on the ground yet (particularly not — cough — from certain vendors).
I am trying to grab a file .pdf from a server. There is a hyperlink at the page, by clicking that link it goes to a page, it checks for some privileges, then it redirects to another page which shows the content of the .pdf within an Iframe.
lets say beginning url is http://site.com/docs/1.pdf
on click it goes to another page, then another one and it comes whth the last page
http://site.com/viewer/pdfs/1.pdf
the last page shows the pdf content within an Iframe.
I realized that the software IDM (Internet download manager) can follow the redirections and download the file by clicking the first link.
I was wondering if there is an algorithm or library or class or hint that I can figure out how to do that in PHP scripting.
by the way, once I wrote a code to read the header of the page and I could redirect to the second page, but I want to know if there is a general algorithm for this or not.
If you are doing the HTTP stuff manually, check for 30x statuscodes and the Location header.
However, you could simply use CURL and set CURLOPT_FOLLOWLOCATION.
Yes, just like ThiefMaster said, you could look for the Location header.
Have a look here, maybe this can be a help to you:
http://codesnippets.joyent.com/posts/show/1214 This function retrieves file size of a remote file, why don't you try to change it slightly so that it gets the final URL?