Detecting browser file compatibility - php

I am looking for a way to detect what files a users web browser can display (natively or via plugin), either server side in PHP or client side in JavaScript. Basically, I want to have a box in which a file is displayed (audio in an <embed>, documents in a <frame>, etc), however if the browser is simply incapable of displaying the file, I want to show the user an error and give them a link to download it.
Thanks for any help.

Your best bet is going to be to determine what browsers are supported and which ones aren't and then use browser detection to determine what response to send to the client.
Quirksmode has a great script for this purpose as well as a demo on this page:
http://www.quirksmode.org/js/detect.html

what happen if user turn off javascript ?
PHP $_SERVER['HTTP_USER_AGENT'] can be faked, even a newbie can do this with User Agent Switcher (a firefox addon)
i think there isn't a absolute solution for this.

Related

Bring the browser to the front of all window/application in php or javascript

I am developing a page in php and javascript and I need to be able to notify the user if they didn't submit the page within 10 minutes, for this to work I need to bring the browser in front of all other applications running on the machine.
Is there any possibility that this can be done?
Luckily you usually cannot do that. :)
PHP is a server-side language so it cannot do something like this for obvious reasons.
All you can do is call window.focus(); in JavaScript and hope it's not disabled in the user's browser - in Firefox it is disabled by default for example.
ok, without html5 and that too user confirming the security popup, its impossible to bring the window on to front, atleast on IE it used to show a blink when there is a popup, but in chrome each runs on a seperate process and you wont even notice a blink too.
and well its not a mobile though, where you can use push notifications from the server to bring your app back
If you're users are willing to install a script you could try growl. You could then use the javascript api to create some notification.

PHP: creating php browser alike

Lately i have been working on php-Browser-alike program. The goal of this program is to use this php-browser platform to browse only 'safe' web sites. the capabilities will be to track an adult site and not displaying it.
unfortunately , there are two major problems:
Cookies - user can't log-in their users in different sites while using this platform.
Security redirecting - some sites check the url either in PHP or JS and then redirect to their page.
So , simply i though about plain B:
i was thinking about using iFrame and build the whole program in JavaScript and Ajax! but unfortunately , iFrame is super secured and i can't touch anything in it!
- and there is gone plain B.
My question is: is there anything you can think of / advices that can help building PHP/javascript+ajax browser alike program?
For the PHP side you'll need to use curl. You'd probably want to change the html on the server side. Take a look at this Is there a PHP HTML tag library?.
For checking if the site is adult. You should just pass the domain through a database of adult sites.
For javascript I don't know of any pre-made browsers. You'll probably have to block it in yourself, it shouldn't be to hard.
Update
basic structure:
js client makes ajax request to php server using GET or POSt (ex "url=site.com/page/foo.html")
Php gets url using GET or POST
php uses curl to get page contents
php parses through html and changes urls or js prevent link press and send href="" to server via ajax (back to top) : Is it possible to stop redirection to another link page?
php echos out the page
javascript places it in display
I know my ans is too late, posting for so that anyone get help. There is a simple solution for creating complete php browser. Here is the link: http://sourceforge.net/projects/snoopy/

Get Browser Tab Index/Id

So in most current browsers there is the feature of Tabs, is there a way to get the Tab index?
so Tab 1 has www.google.com opened in it and Tab 2 has www.google.com opened in it, is there a way to identify what the Tab index is?
Pseudo Code:
if($tab == 2) {
alert "Tab 2 is active\n";
}
if($tab == 1) {
alert "Please use Tab 2 as this is Tab 1\n";
}
Funny as everything I search for about tabs is related to the tab index of the webpage itself, sigh...
Strictly speaking. TABS are on the end user's machine. PHP works on the server. PHP can't see what the end user's machine is doing, it can only serve the end user PHP'ed pages.
Google does this with JavaScript and Cookies. For every instance of the page opened, increment a cookie counter. If the counter > 1, use AJAX to display an error message. Also, prohibit the page from functioning if cookies or JavaScript is disabled.
Look into jQuery.
As far as determining the absolute tab index, I know of no way to do it with Javascript. You can identify windows by their names, but not anything else.
In your example of two tabs containing the same web page, you should be able to uniquely identify them by making them aware of each other. You'd need to use cookies for this. Essentially, when a page is loaded, it would check for a cookie that tells it about other instances of the page that are currently loaded, and make decisions accordingly.
In this scenario, your onload handler would check the cookies, and register the loading page. You'd also need an onunload handler to unset the cookie pertaining to the page being unloaded.
See Javascript communication between browser tabs/windows for more information on how to use cookies to communicate between windows with Javascript.
in php: definitely not - it's executed on your server without access to the cleints browser.
maybe there's a solution using javascript (but i've never heard of that, and i'm pretty sure this isn't possible too - at least not as a cross-browser solution).
i think the best chance you'll have (if there even is one) is using other client-side languages like flash, silverlight or a java-plugin as this ones can do a lot more than javascript - but i'm sorry i don't know any of these good enough to give more information or hints.
Don't waste anymore time on this mate. It isn't possible, mainly because any webpage inside browser will not be able to get this kind of information due to security restrictions.
Try looking for an laternative approach as some of the other guys have suggested in their comments.
I am sure there is not a global variable for support that information. But maybe clever browsers such as Firefox or Google Chrome might support something on it. I have made a quick search on net and I came with these.
First, check Mozilla Tab Helper can be work with Mozilla. But be remember, this will never be a cross browser solution. Also, I am thinking there is not a cross browser solution.
Second one is, if you want to use this for your own use then it might bu useful, I don't test it. This is a addon. Here is the Open Tab Count Mozilla Addon
Open Tab Preview

how does facebook/digg get all of the iamges for a webpage?

DO they use a php page to analyze the link, and return all of the images as josn?
Is there a way to do this with just javascript, so you dont have to go to the server to analyze the page?
I don't now how they do it. I'd implement a small service for that purpose. Given an URL return some relevant image (or generate a screenshot). This service could also cache results for better performance. But still, the page needs to be accessed in order to grab the <img src=... or to take the photograph.
Facebook calls back to the server. If you use Firebug (or, as I did, the Web Inspector in Safari), you can inspect the ajax calls. Facebook calls back to a script at /ajax/composer/attachment.php - in there is some JavaScript which contains HTML that gets inserted into the page. Here is what it looks if I point the Facebook attach link dialogue to the BBC News homepage in Safari Web Inspector:
Facebook JavaScript response when you attach a link in Safari Web Inspector http://tommorris.org/files/Facebook-20100529-181745.jpg
I put up the full JavaScript response on Gist (it is all one-line and minified originally, so I just flung it through TextMate to wrap it).
I'm not sure if you could do it on the client-side - because of browser protections on cross-site scripting - and even if you could, you probably ought not to because of this potential security problem: imagine if someone puts in a URL that points to a page which only they have access to. You don't necessarily want to put what's on someone else's customised or private page up on your Facebook/Digg type site. Imagine if it was something like Flickr and there were private pics - or worse, a porno site. No, better to proxy it back to your server and then grab the images. Plus, it'll probably be faster. No need to tax your end user's potentially slow connection downloading a page when your server will probably be able to do it quicker...

is it possible to tamper post data when using frames

I have a site that is using frames. Is it still possible from the browser for someone to craft post data for one of the frames using the address bar? 2 of the frames are static and the other frame has php pages that communicate using post. And it doesn't appear to be possible but I wanted to be sure.
No, it is not possible to POST data from the address bar. You can only initiate GET requests from there by adding params to the URL. The POST Body cannot be attached this way.
Regardless of this, it is very much possible to send POST requests to your webserver for the pages in a frame. HTTP is just the protocol with which your browser and webserver talk to each other. HTTP knows nothing about frames or HTML. The page in the frame has a URI, just like any other page. When you click a link, your browser asks the server if it has something for that URI. The server will check if it has something for that URI and respond accordingly. It does not know what it will return though.
With tools like TamperData for Firefox or Fiddler for IE anyone can tinker with HTTP Requests send to your server easily.
Any data in the $_REQUEST array should be considered equally armed and dangerous regardless of the source and/or environment. This includes $_GET, $_POST, and $_COOKIE.
POST data can not be added in the address bar.
You should always check & sanitize all data you get in your PHP code, because anyone could post data to all of your pages.
Don't trust data from outside of your page. Clean it & check it.
Maybe not from the browser, but they can still catch the request (tinker with it) and forward it to the provided destination, with a tool like burp proxy.
To answer your question: No, it is not possible to send post data using the addressbar.
BUT it is possible to send post data to any url in a snap. For example using cURL, or a Firefox extension. So be sure to verify and sanitize all the data you receive no matter if POST or GET or UPDATE or whatever.
This is not iFrame or php specific, so it should be considered in every webapplication. Never ever rely on data send by anyone being correct, valid or secure - especially when send by users.
Yes, they absolutely can, with tools like Firebug, and apparently more specialized tools like the ones listed by Gordon. Additionally, even if they couldn't do it in the browser from your site, they could always create their own form, or submit the post data through scripting or commandline tools.
You absolutely cannot rely on the client for security.

Categories