I am using PHP/JavaScript/MySQL on XAMPP to develop the prototype.
I need to use session that in-turn makes use of cookies. Here is the question,
how do I know whether or not the user's browser supports cookies or not.
For detecting javascript, I use <noscript></noscript>. Please correct me if I am wrong.
Thank you
You have to set a cookie and test it to see if they're enabled:
<script type = "text/javascript" language = "JavaScript">
var tmpcookie = new Date();
chkcookie = (tmpcookie.getTime() + '');
document.cookie = "chkcookie=" + chkcookie + "; path=/";
if (document.cookie.indexOf(chkcookie,0) < 0) {
window.location = 'nocookies.html';
}
else {
window.location = 'cookies.html';
}
</script>
Here is the question, how do I know whether or not
the user's browser supports cookies or not.
If a cookie isn't set, set a cookie and redirect to a page that checks if the cookie is set. If it is, redirect back, otherwise redirect to a "Sorry, we really need cookies" page.
Only do this if you do really need cookies.
For detecting javascript, I use <noscript></noscript>. Please correct me if I am wrong.
Better to build on things that work.
I will choose different style of detecting.
To detect whether javascript is enabled/disabled, i will write some little elements (perhaps div) and i will execute some javascript to remove such elements. Hence, when the javascript is disabled/doesn't exist, those elements will still be there saying that "Please activate your Javascript". On the other hand, those element(s) will be gone since javascript is already remove them. After all, it comes back to your website concept. Some website can't do anything when javascript is not exist/disabled and further they choose to redirect the request into another page (through tag). Some websites still can function but certain feature will not be available, and this concept leads to "warning" technique.
To detect whether cookie is enabled/disabled, just set a cookie using Javascript. In next request, you can check whether such cookie is set or not. If it's set, then both Javascript and Cookie is enabled. If it's not set, then Javascript or Cookie or both is disabled.
Good luck
Related
I want to find out whether the user have javascript enabled or not and I don't want to use the no script tag in HTML because I don't want the user to download extra scripts of both the JavaScript and the no script tag..
Anyone got an idea?
You can use AJAX to request a php page where you can set a cookie which will be used as flag for JS activation. In js script you can check for existance of cookie if it is set it means user has JS enabled
Unfortunately, this is not something you can do. PHP code typically fully executes before the browser renders any code at all.
The disabling of Javascript in the browser is not reported to PHP in the initial header request. The closest you can do is to use Javascript to make an AJAX call to PHP to detect for the presence of Javascript. If the callback fails, then you can assume it is disabled.
Similar question: Can php detect if javascript is on or not?
test.php
<script>
//// query string
if(/[?&]js=1/g.test(window.location.href) == false)
window.location.href += (window.location.href.indexOf("?") == -1 ? "?" : "&") + "js=1";
//// OR session cookie
if(document.cookie.search(/(^|;)js=1/) == -1) {
document.cookie = "js=1; path=/";
document.location.reload();
}
</script>
<?php
$_GET["js"];
////
$_COOKIE["js"];
?>
There's tons of ways to do this. Set a cookie on the client side with JavaScript, then reload the page, or do the above and add a query string to the URL. PHP can check the cookie or query string and set a session variable saying this user has JS enabled.
i've got a slight problem with JS enabled detection.
not too big, because i know i'm on the right track.
but here's my deal:
when i try to set a cookie in JS (jQuery) using this code
$(window).load(function(){
$.cookies.set('c_jsEnabled', 'true');
});
or just in plain JS using this code
function setCookie()
{
document.cookie='c_jsEnabled=true';
}
<body onload="setCookie();">
and then try to detect it in PHP using this code
if($_COOKIE['c_jsEnabled'] == 'true')
{
if(file_exists('./main.php'))
{
require_once ('./main.php');
}
echo getIndex();
}
else
{
if(file_exists('./noJS.php'))
{
require_once ('./noJS.php');
}
echo getIndex();
}
setcookie('c_jsEnabled', '');
it takes 2 page refreshes to actually get the right value into PHP.
my guess is that this bascially means that the PHP script is executed before the JS function is fired.
could this be because all codes shown above are in the same script (index.php)?
This is kind of a problem for me, because i want to prevent people from using my website when they have JS disabled.
is there a way to set the cookie before php tries to get the cookie variable?
PHP is always "fired" before JavaScript because PHP is processed on the server and then sends out the HTML and JavaScript for the browser to process and render. You can never expect JavaScript to execute before PHP for this reason.
In your case, use JavaScript to set the cookie and then do a redirect to refresh the page so PHP can get the cookie value and act accordingly.
You should be setting the cookie directly from the PHP file. That way, you know that it exists, and more importantly, you have control of the cookie. You can set it from the client, but that will always execute after the HTML has been sent to the browser, so the PHP file won't get it until the next request.
PHP only sends the cookie header when content is sent to the browser. Javascript then executes after that, so you would need a second load of the page to detect the cookie.
This can trigger infinite redirection loops (especially if the user has cookies disabled), so be careful.
To disable the site to users without Javascript, consider the following.
<div id="noscript" style="width:100%; height:100%; z-index:999; position:absoloute; top:0px; left:0px; background-color:#CC9900; display:block">
Please Enable Javascript!</div>
<script type="text/javascript">
document.getElementById('noscript').style.display = 'none';
</script>
I find the <noscript> tag is unreliable (there was a bug in iOS causing it to only show when there was Javascript, if I remember correctly).
A second option:
You can have the PHP check for a cookie. If it isn't set, have it redirect (header("Location: aaa.html");) to a page with the Javascript to set the cookie and redirect back. (Alternatively, have the PHP output Javascript to set the cookie reload the page.) You then only have to worry about users who "spoof" the cookie, although you will also lock out users who have cookies disabled.
Nope - PHP will always be called before client-side JavaScript, so with this method you'll always have to refresh the page at least once. You're better to develop your site so that non-JS users have a worse-but-still-acceptable experience, or at worst use the <noscript> HTML tag to serve alternative content to those users.
You can't get a cookie in PHP that's being set by JavaScript before the page renders/executes.
You could set the cookie using PHP, however. That will ensure it's set and available regardless of JavaScript or multiple page refreshes.
How could I input php in this so when it has a correct password it stores the information as a cookie and then allow the deletion to it too.
<SCRIPT language="JavaScript">
<!--hide
var password;
var pass1="password";
password=prompt('Please enter your password to view this page!',' ');
if (password==pass1){
alert('Password Correct! Click OK to enter!');}
else
{
window.location="//Some Location//";
}
//-->
</SCRIPT>
If its simple enough (As per the title)
var varname = '<?php echo $_SESSION["variable_name"]; ?>';
But you have to seriously consider your logic. You are checking for authentication on javascript, which is going to be dumbest move in a web application.
The password is totally exposed, and any one can view them or turn off the javascript as a whole, then your whole site becomes vulnerable.
My suggestion is an AJAX request to a PHP page which separately checks and verifies the password and then returns message to the Javascript.
This is completely wrong:
You will have password displayed in the source code of the page and in the history of the browser for anybody to see. So even if they don't have the password, they can just check the source-code to get it.
You need to protect the current page server-side as anybody that disables javascript can open it now. An easy way to do that, would be to handle the login server-side and set a certain session variable for a successfully logged-in user. You can then check at the top of your page if that session variable is set.
I am developing w php web site. Here I have set a php cookie
setcookie('hotelId',$resHotel);
I want to check whether it’s set or not using jquery or javascript. I have used the following code
if($.cookie('hotelId')) {
alert("yes");
};
But it's not working
Is there is any way to find PHP cookie is exist or not in jquery
Thanks
That should work if these two conditions are met:
you have installed the extra library that you need to use $.cookie()
you have called setcookie() before outputting any part of your html
Are you sure that you have the right libraries loaded into the page? I don't think cookie behavior is included with jQuery by default.
You can view cookies manually easily. The method varies a little from browser to browser, but (in Firefox, for example) if you go to Preferences > Privacy > remove individual cookies, you can browse through them and see their contents. This can help you debug whether your php code is setting the cookie as desired.
First get the specified cookie as follows
var cookie=$.cookie("set");
if(!cookie)
{
$.cookie("set","foo"); //if there is no cookie set it
}
I'm trying to create a splash page effect on a site I'm working on (I know splash pages are bad etc but I have my reasons), and basically I want to call the script that runs the splash image overlay only if the visitor is coming to the index from an external website. That way if a visitor clicks "home" from an internal page the splash won't launch. I've been searching about and it seems like I can do this with php using $_SERVER['HTTP_REFERER'], but I'm brand new to php and after playing with it all afternoon can't seem to make it work.
The following code loads the script but it doesn't seem to care if the referring URL contains "mysite" and an error message appears at the top of the page reading:
"A PHP Error was encountered
Severity: Notice
Message: Undefined index: HTTP_REFERER
Filename:..."
<?php
$referrer=$_SERVER['HTTP_REFERER'];
if(stristr($referrer, "mysite") == FALSE) {
echo '
<script type="text/javascript">
$(document).ready(function() {
$("#wrapper").hide();
$("#imgContainer").npFullBgImg("/imgs/splash_image.jpg", {fadeInSpeed: 2000, center: true});
$("#logoContainer").fullLogoImg("/imgs/splash_logo.png", {fadeInSpeed: 2000, center: true});
$("#logoContainer").click(function(){
$("#wrapper").show("fast");
$("#splash_kill").remove();
$(this).remove();
});
});
</script>';
}
?>
Any help would be much appreciated. Thanks!
The notice is telling you that a HTTP_REFERER isn't set.
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the
current page. This is set by the user
agent. Not all user agents will set
this, and some provide the ability to
modify HTTP_REFERER as a feature. In
short, it cannot really be trusted.
http://php.net/manual/en/reserved.variables.server.php
A quick search led to this, which provides a little more detail: http://www.electrictoolbox.com/php-http-referer-variable/
Update:
You could try using a session variable. The variable could be a simple boolean, which is set to true if the splash page has been displayed, false otherwise. This would require some session handling on every page that may be an entry point to the website and/or every page where you'd want to display the splash.
http://php.net/manual/en/function.session-start.php
Of course, this would only be viable for the duration of the session.
So, you could use a cookie instead or with this approach.
Personally, I would probably opt for the simple cookie approach, as this is just a splash. No need to add the overhead of sessions for something this simple.
This is what I am trying. I am not sure about the wildcard:
<?php
//echo $ref
$ref = $_SERVER["HTTP_REFERER"];
//if is NOT coming from inside linking
if ( $ref != '*www.example*' )
// send to index and exit
{header("Location:http://www.example.com/index.php");
Exit;
//
}
?>
While you can't completely rely on $_SERVER['HTTP_REFERER'] to be set, I think you will find that it is reliable enough for a splash page. When it isn't set, there is no referer and that will be blank, as it isn't in the header.
You should first test to see if empty($_SERVER['HTTP_REFERER']) and then check to see if it has your own domain in it.
On another note, I was working on an old IIS server that changed the names of some of those $_SERVER variables, and generally messed them up. I'd do a print_r($_SERVER) to see what's up.
if(isset($_SERVER['HTTP_REFERER'])&&!empty($_SERVER['HTTP_REFERER'])) {
$http_referer=$_SERVER['HTTP_REFERER'];
}