Is there any way to enable JavaScript on the client machine using PHP?
You can't do such a thing. It's impossible to modify user preferences stored on their local machines.
You can ask them to enable javascript if it's not the case using the noscript tag.
No, as neither the HTTP protocol or HTML have a feature to do this. To have a website able to enable JavaScript would also be a breach of security. There is also no guarentee that the users browser has JavaScript.
You may wish to look at the <noscript> tags, which allow you to display a message to the user when JavaScript is not active.
Related
SSL is installed to my VPS correctly. I want to use ssl in some pages of my website. Every form in these pages are starting with "https://", too. But browsers don't accept it.
What are the possible reasons?
There may be a number of reasons. Last time I got it on my site was when I was using an iframe with external content and a flash widget loaded via an external javascript. Both were accessed via HTTP and messed my site's trustworthiness.
So. Check all your external content: javascripts, widgets, iframes, images, stylesheets... You may be loading them via HTTP, which in turn may make Chrome claim the SSL certificate has a problem.
I would try checking it via something like this first : http://www.sslshopper.com/ssl-checker.html
You might also try running curl -verbose https://yourlink.com from the console in order to get detailed printout of where the hiccups are.
I'm using loadVars to load a PHP URL with lots of sensitive information required for the Flash application. Only problem is that URL can be accessed via a web browser which raises security issues if someone gets a hold of this URL. Is it possible to have the PHP page only accessible via my Flash application?
Appreciate the help!
Thanks
No, there is no way to limit a page to a specific app, browser or user agent, since all of those things can be mimicked. If you are passing around sensitive information then you need to do authentication and use encrypted data transfer (HTTPS).
Regardless of how you attempt to make it only accessible from your Flash application, a determined user will certainly be able to view the page also. It can be as simple as proxying the requests through an HTTP proxy like Charles, Firebug or Wireshark.
There are things that can be done to make it more difficult to figure out what the data is from viewing the page directly. For instance, you can encrypt the data or output it as binary. But since SWF is an open sourced format, users can use decompilers or just inspect the ABC (Actionscript Byte Code) to see what is really going on.
The short answer is NO, you cannot protect the information available to the client side (Flash) from being accessible from other clients.
As long as you have a page on HTTP, a determined user can always find a way around any user-agent restrictions imposed by you.
One way to protect the data (other than using HTTPS) is to encrypt it at the server, send it over HTTP and then decrypt it in Flash using as3Crypto or some other cryptography library.
Hope this helps,
I am looking to detect how modern the user's browser is. For example Google displays a table based gmail depending on the browser, and a table based layout for Google images also depending on the browser. http://mail.google.com/support/bin/answer.py?hl=en&answer=6557
Google's choice of "modern" browsers is fine with me, but I am unsure how to insure future functionality. When user agent strings change or a new browser is released it seems the list of user agent strings would have to change.
Edit : I ended up using the concept as the mordernizer php server library. I test for functionality and if the default settings aren't correct I set a cookie and refresh the page.
Check out the modernizr-server library, which is a port of Modernizr to php, for detecting what modern features a visitor's browser supports. More information is available in the Modernizr on the server-side blog post.
Browser.php is similar, but detects OS, browser, and version (not whether a particular feature is supported). The Browser Capabilities Project is another possible option.
Iam getting new window pop up by using window.open(), but need When i click button in Mozilla browser, a new pop window should open in Internet Explorer, Is it possible......
What about non-Microsoft operating systems? Internet Explorer is not available on e.g. Linux. As such this is not possible. Executing arbitrary external applications should not be possible, at least not without the user's explicit permission. That would be a serious security risk.
Why do you want to do this? Does you website not render properly on anything other than IE? If that is so, then you may want to improve the HTML/CSS/Javascript to make it more standards/cross-browser compliant.
Of course, you could just ask or advice the user to view your website in IE. Not a fancy solution, but it has been done that way for ages. Firefox has the IE Tab add-on, which allows users to render pages using IE's render engine inside the Firefox GUI. This makes things slightly more convenient, but it's still a manual process which requires the user's explicit consent.
As a side note, something akin to what you want is possible with the combination IE/Google Chrome Frame. If you add the following meta tag in the target page, then IE with Google Chrome Frame installed will use Google's instead of IE's rendering engine (source):
<meta http-equiv="X-UA-Compatible" content="chrome=1">
I am not aware of any other browser/plugin combination with this feature.
No. Not possible.
If it was possible to run other applications straight from the web, you would already have tons of malware on your computer. Of course this is impossible and not everyone has Windows.
It might be possible if you have control over clients PC (like e.g. company network). There are handlers for special urls in Firefox that allow you to open external application. It requires approval from user. I saw such links for Skype or other IM clients. And one another example is mailto: link.
Well, there are no such compatibilities in DOM, niether there's access necessary for JS to know system capabilities... but I just found this add-on, IE View, that let's you load pages in IE with a right click (using context menu) and mark certain sites to be loaded from IE only.
I have a client running an ASP.NET application. Inside of that, there's a self-contained PHP wiki. The problem is that the wiki won't use the .NET authentication, so requests directly to http://foobar/path/wiki/ will resolve without forcing a login.
My simple solution for this is to run the PHP application in an iFrame from an .aspx file that will force authentication, and then use PHP to detect if the page is loaded outside of a frame and redirect if so.
I know this can be done with JavaScript quite easily, but I would prefer to do this test server-side before the Wiki content loads. I need help figuring out a way that this can be done. Referrer comparison perhaps?
Any suggestions?
Thanks!
There is no way to tell on the server-side if a client's browser is loading a page within a frame, tab, or dedicated window.
What you can do is have your .NET application set a cookie after authenticating that the PHP application will read. If the cookie doesn't exist then do a redirect to the authentication page.
Even with JavaScript this is not secure. One could simply request the Wiki pages and ignore the JavaScript. For example, I could use WGET to pull down all your content without ever authenticating.
If security is important, I would highly recommend figuring out a way to make the PHP app aware of the authentication.
The simplest approach, if this is all on one server, would be to have the .NET application store some sort of token after authenticating, somewhere PHP can access it. Then set a cookie that the PHP wiki will receive and check that value is a valid session for each request.