I am trying to develop a analytic s project. My goal is to let a owner of x-domain be allowed to copy and paste a small snippet of javascript includes on to their site, from my server. That will be able to analyze the end users experience on their site.
Given that my server is php, and I will sending and recieving data larger then the browser max limit, my question is...
Does only 1 server need to have the web proxy In order to make a successful exchange of data ? (i.e. can the x-domain send data back to me and not require a proxy as well?)
Since I am only gathering data from the x-domain, I only need for x-domain to send me data. There is no need for my server to send data to it. Since I am using php/apache for my server. will I only need configure php to setup this proxy in order for javascript to send the data.
I notice that yahoo developers network got sample code for setting up a web proxy. Could I use this for my own use and own work ? Are there any good resources out there to get me start on doing this correctly ?
Thanks for you guys responses. I appreciate it.
You should not need any proxies. You should also not be using ajax, but be passing data to a hidden "<img>" in the page. This is how the Google gets around the cross-domain issue: they load a "gif", only it's not really a gif, but just simply a path to their server which feeds user data as it happens.
This may be your best bet to get around the cross-domain issue.
Related
If I have a wordpress website, and a user on the website enters some survey information, is it possible to send the results to a local server inside a company (assuming the website is hosted on some other companies server). From looking around I see people using the JSON formats and GET, PUT etc.. but I havent seen this demonstrated with wordpress. Is there a standard way to do this? I can see it is possible to send via emails, but I was hoping for something more like TCP/IP communications
If it must run through the front-ends WordPress installation, then the easiest way to be a simple HTTP POST request to a server you control. PHP has several different ways you can accomplish this with minimal effort.
The other way you can do this is just to set up a form that will send an AJAX response to your server. Just make sure your receiving server is configured to allow the originating domain.
I have a php page which connects an API and gets information back which can then be displayed.
I'd like to turn this into an app for Android. I've heard of PhoneGap, which I know uses javascript, html, and css. I know javascript is capable of calling php files, but I am unsure how or if its even possible to call a php file from an android device. I'm not sure if android browsers can handle php, or what the deal is with them. So if you have any information on that, I'd appreciate it.
I'm also willing to rewrite the API call in javascript, but I don't think thats possible. If you think differently, please let me know what you're talking about.
Android cannot talk directly to PHP. What phonegap, javascript, etc.. are doing is simply issuing HTTP requests that happen to be handled by a PHP script.
The PHP code will execute, output some data (json, html, xml, gif, jpg, etc...) and send that out as a the HTTP request's reply.
PHP is just a server side language so it doesn't matter if your browser "can or cannot" handle it, only HTML is returned (unless you set a different content-type).
You may be worth while looking into REST style JSON api's which would allow a XMLRequest to be sent to. Have a look at this document
Theres also a nice tutorial here which shows how to call a REST API and a PHP Tutorial here to create a REST API.
1.It dosent matter to PhoneGap where the PHP is hosted or Its PHP OR ASP.NET OR ASP.NET MVC
2.If You wanna host your PHP code yourself in production (You mayb shouldn't do this in production). then you need a server and a static IP address
3.if you just wanna setup a PHP server for developmental purposes then just tie it to 127.0.0.1:81 and you can directly use this address it doesn't matter whether you have a static IP address or not.
I have done this with phonegap using jsonp
http://en.wikipedia.org/wiki/JSONP
Works great
To give a quick example of my question, consider the JS file provided by Google to capture Analytics data that we paste in our files. How does this JS file get all the data? I want to know how to create such JS files that I can give out to others who can then run it on their own websites and yet, store data on my website server. In short, they only copy the 1-2 lines of JS in their pages and all the intended functionality would run on their website, but the data will be stored on my web server database.
How can I attach the functionality to such a JS file? I mean, how can I tell the JS file whether to collect Analytic data or show a form, etc. I am using PHP for server side processing. I did not find any good information on this so far.
Edit 1:
I wanted to add that the functionality is NOT limited just to analytics. It could be even as simple as showing a contact form that sends email to recipients, etc.
Google Analytics has a client-side javascript file that the site-owner puts a reference to in their web page. When that javascript file runs, it collects information about the current page and then makes a request of Google's server with that information encoded in the request and Google's server records that information in their database. Because ajax calls are subject to the same-origin limitations, Google's request back to their server is actually for a GIF image with the data encoded in the URL.
Here's Google's explanation of how it works: http://code.google.com/apis/analytics/docs/concepts/gaConceptsOverview.html
To create something like this for your clients, you would have to create the appropriate javascript file, host it on your servers, give out the instructions for installing it into their web pages and create the right PHP scripts for recording the information that comes in when the GIF is requested (presumably, you'd have to do some web server configuration to get your PHP scripts to run on a GIF request too).
I think you can find the answer to your question here: How to send data to remote server using Javascript
In short, you'll be able to send data to another domain using JSONP. You can achieve this also with jQuery's, $.getJson method.
By inserting something like
<script src="http://myeviltrackingsite.com/track.js"></script>
the visitor's browser will ask your server for track.js. When asked your server will get a normal HTTP-Header from the visitor and of course his IP. This HTTP-Header contains all information you want like the visitor's language, the kind of browser he uses. To track the visitor's geo location you can use the visitor's IP address and do a reverse IP lookup. there are free geo location databases available.
I'm using loadVars to load a PHP URL with lots of sensitive information required for the Flash application. Only problem is that URL can be accessed via a web browser which raises security issues if someone gets a hold of this URL. Is it possible to have the PHP page only accessible via my Flash application?
Appreciate the help!
Thanks
No, there is no way to limit a page to a specific app, browser or user agent, since all of those things can be mimicked. If you are passing around sensitive information then you need to do authentication and use encrypted data transfer (HTTPS).
Regardless of how you attempt to make it only accessible from your Flash application, a determined user will certainly be able to view the page also. It can be as simple as proxying the requests through an HTTP proxy like Charles, Firebug or Wireshark.
There are things that can be done to make it more difficult to figure out what the data is from viewing the page directly. For instance, you can encrypt the data or output it as binary. But since SWF is an open sourced format, users can use decompilers or just inspect the ABC (Actionscript Byte Code) to see what is really going on.
The short answer is NO, you cannot protect the information available to the client side (Flash) from being accessible from other clients.
As long as you have a page on HTTP, a determined user can always find a way around any user-agent restrictions imposed by you.
One way to protect the data (other than using HTTPS) is to encrypt it at the server, send it over HTTP and then decrypt it in Flash using as3Crypto or some other cryptography library.
Hope this helps,
I have a website where most of the traffic comes from the API (http://untiny.com/api/). I use Google Analytics to collect traffic data, however, the statistics do not include the API traffic because I couldn't include the Google Analytics javascript code into the API pages, and including it will affect the API results. (example: http://untiny.com/api/1.0/extract/?url=tinyurl.com/123).
The solution might be executing the javascript using a javascript engine. I searched stackoverflow and found javascript engines/interpreters for Java and C, but I couldn't find one for PHP except an old one "J4P5" http://j4p5.sourceforge.net/index.php
The question: is using a javascript engine will solve the problem? or is there another why to include the API traffic to Google Analytics?
A simple problem with this in general is that any data you get could be very misleading.
A lot of the time it is probably other servers making calls to your server. When this is true the location of the server in no way represents to location of the people using it, the user agent will be fake, and you can't tell how many different individuals are actually using the service. There's no referrers and if there is they're probably fake... etc. Not many stats in this case are useful at all.
Perhaps make a PHP back end that logs IP and other header information, that's really all you can do to. You'll at least be able to track total calls to the API, and where they're made from (although again, probably from servers but you can tell which servers).
I spent ages researching this and finally found an open source project that seems perfect, though totally under the radar.
http://code.google.com/p/serversidegoogleanalytics/
Will report back on results.
you would likely have to emulate all http calls on the server side with whatever programming language you are using..... This will not give you information on who is using it though, unless untiny is providing client info through some kind of header.
if you want to include it purely for statistical purposes, you could try using curl (if using php) to access the gif file if you detect untiny on the server side
http://code.google.com/apis/analytics/docs/tracking/gaTrackingTroubleshooting.html#gifParameters
You can't easily do this as the Javascript based Google Analytics script will not be run by the end user (unless of course, they are including your API output exactly on their display to the end user: which would negate the need for a fully fledged API [you could just offer an iframable code], pose possible security risks and possibly run foul of browser cross-domain javascript checks).
Your best solution would be either to use server side analytics (such as Apache or IIS's server logs with Analog, Webalizer or Awstats) or - since the most information you would be getting from an API call would be useragent, request and IP address - just log that information in a database when the API is called.