Well, I encountered this new term in programming. What is it? How does it works and how to use it? Can somebody illustrate in php?
I have a website, full flash. That site is for signup, enter username and email. The button is in flash.
An user visit my site, www.domain.com/index.php?var=string
Can I use pixel tracking method to pass this URL variable($var) to another php page (email subscibe processing php page) together with username and email from Flash/AS3??
The more common term is Web bug: an invisible (i.e. 1x1 transparent pixel) image embedded in a web page or email, with its URL containing parameter data. When the page/email is displayed, it will load the image, thereby causing a request containing the parameter data on the server, which can then do things with that data.
Edit: I don't think the technique would work for what you want to do, since it sounds like the username and email address are entered into the flash app only after the page is fully loaded and displayed, i.e. after the request generated by a hypothetical web bug has already been sent. Can't you make the request to your signup page from the Flash code? Then all you need to do is somehow pass the URL parameter to the Flash app. I think that should be possible.
Is there anything wrong with simply passing your information via querystring from your Flash application to the PHP script?
If its just username and email then I don't think you need to do anything more than that.
Is there a reason you want to use this pixel tracking other than to simply learn how to do it?
Related
I made a one time URL system, that has a token that becomes invalid once the user accesses that URL.
I send the email to the client with the URL containing the token, when he commits a form.
It works fine for people who uses Gmail and whatnot. However, many of the clients who use Hotmail complained that always when they clicked the URL even for the first time, it was already invalid.
I ended up finding out that Outlook has a Link Preview function, enabled by default, that display a little preview of the links in the email. Since this function accesses the URL once, the token becomes invalid when the client opens the email.
Is there a way in PHP to detect if the access to a URL is being done by a link preview system? That way I could make the token invalid only when the access was not made by a link preview.
The outlook preivew request is using HEAD request here. You can check the request type and do not invalidate your link with HEAD request.
(A better solution will be stopping triggering any logic with a simple GET request. You can create a button instead of link to ask users to click. Preview bot is unlikely to click a button like users.)
I have a google apps domain that i'd like to create a custom login page for but am having problems.
Google provides documentation for SSO/OpenID/userApi that will do this. The implementation on these docs that I can understand states once a user hits your site they will be sent to the regular gmail login and then sent back to your site once logged in. I'm trying to have them login in a custom page and not be sent over to googles default gmail login. There is other documentation that seems to require SSO and a lot of integration that I am too incompetent to understand which would let you do that, but as I said it's way over my head.
Then I thought I could just copy the form element and create custom css seeing as the action value on the form would authenticate via google. This worked sporadically until I figured out that when you go to https://accounts.google.com/ServiceLoginAuth (the default gmail login) it creates a value (name="GALX" value=Randomletters) in the html form that must match a cookies name and value to be able to submit and authenticate to google.
From here I thought no problem I'll create a hidden iframe to the google login so the cookie populates (it does get the cookie) and then read and insert the value in the html form. That is until I discovered you cannot alter or read another domains cookies for security reasons which makes perfect sense.
Then I thought I could just use php's file_get_contents on the gmail login url to get cookie and the right html and just insert the html into my custom page. I received the html but no cookie this time.
Is there anyway to send a request that would return the html/cookie pair with something like php's file_get_contents('url') or curl? This way I could traverse the file_get_contents object and insert the html into the page via the DOM. Or am I barking up a tree that will never work because security reasons specifically prevent this?
If the above isn't possible could someone explain how I could login my users via a custom login screen?
the google docs for such a project are:
https://developers.google.com/appengine/docs/python/gettingstartedpython27/usingusers
https://developers.google.com/appengine/docs/python/users/#Python_Signing_in_and_out
https://developers.google.com/google-apps/sso/saml_reference_implementation
I believe this is what you're looking for...
http://curl.haxx.se/docs/http-cookies.html
I'm developing a website, but stuck at some point, where i needed to detect outgoing links on my website, and either forbid the links, or accept that, i don't know how facebook is doing this, but they can do it through facebook.com/l.php that if the link is marked spam, users will get notified about it.
I don't know if that's a php or htaccess, it worked in php using the DOMDOCUMENT, but it's not a real solution for this.
This is not something that you solve on the Apache or .htaccess level. Basically, whenever you're outputting a link, check if it's external, and if it is, change the destination to your redirector.
The redirector can then just check the URL passed, and if it's marked as malicious, it can show a message, and if it's not, then it can either automatically redirect or display some kind of notice that you're leaving the website.
I'm not 100% sure how Facebook is implementing it, but what I would recommend is to use JQuery (or another javascript library) to rewrite all external links to a validating PHP script (e.g. Facebook's l.php script), w/ the intended url getting passed as a GET parameter.
Using JQuery, it might look like:
$('a[href]').each(function(){
var safe_href = 'http://yourdomain.com/yourscript.php?url='+$(this).attr('href');
$(this).attr('href', safe_href);
});
You can can then do a database lookup in yourscript.php based on the variable $_GET['url'], and redirect to that url if it's safe or display a message if it isn't.
l.php is a script that reads links via $_GET['u']. With the url in the your hand you decide where you want the client to be redirected.
So as it looks, you want the users to teach your application what is spam and what not. For that you will need a button "report spam" beside the url.
I'm looking to make a simple PHP microsite that allows the download of one of my bands tracks in exchange for an email address. I know I could use Bandcamp but I want to do it myself ;)
I found a microsite from a band I like that does exactly what I want so I tried to pick it to pieces. The site is http://threetrappedtigers.heroku.com. This site basically gets you to enter your email address which it then must put in a database (unless it finds a match for that email address in the DB).
You can then view the download button and downloads the file without revealing the source url of the file. The href for that button is "download/" leading me to assume that there is an index.php in the download directory, which must require some sort of session id (presumably set up when submitting your email) to stop people linking directly to it. However the file also does some work that I don't know about in order to obscure the link.
The other aspect I don't understand is that on the page where the email is inputted there is a hidden input that submits a random authenticity_token when submitting the email address. I can't quite work out why that is necessary either.
Apologies for this horribly specific question but I've been trying to work it out all morning and can't quite get my head around.
Thanks,
Rich
What you can do is this:
User enters an email address
Verify (or not, depends on your wishes) by sending an email with a link that contains a token. i.e.: http://myawesomband.com/downloadtrack.php?token=asd#%$dhj123
downloadtrack.php validates the token and loads the sample track with file_get_contents() and offers it as a download (see specific headers on the php.net site)
The advantage is that the user doesn't know where the file is located (it is best if you place the sample track outside of the webroot.
[EDIT]
For your hidden input field token: This might be used to confuse bots and other scripts that will only post the 'email' field in large quantities. If the token isn't sent and doesn't match the $_SESSION['token'] value the request isn't handled. This works because scripts that do these kinds of attack generally don't accept cookies so their $_SESSION array is never reloaded.
you can have a look at this as it does what you want, either use cake or take some ideas
http://book.cakephp.org/view/1094/Media-Views
https://github.com/cakephp/cakephp/blob/master/cake/libs/view/media.php
you can see in the render() function its mostly about setting the correct header
I'm trying to create a "Email to friend" page using php. The objective of this page is that users can share the page that they are viewing with their friends.
When a user clicks on the 'share' link, it'll redirect user to a page that asks a user to input their own email address and a recipient email address. The subject will be the previous page title and the email body will be the URL of the previous page plus whatever a user may want to include.
I've got the whole concept here but I'm stuck on the implementation stage. I can't seem to figure the best way to pass the previous page title and the page URL to the share page.
Here's what I have thought of so far.
Using POST and GET method doesn't
seem to fit in because there is no
forms involved when a user clicks on
the share link.
Using session and cookies would be
very tedious as it requires assigning
and modifying the cookie / session
each time a user views a page.
Passing variables in URL would make
simply make the URL long and somewhat
undesirable.
Is there any other way that I could use to pass the page title and page url to the next page? I'm open for other suggestions on how I could implement this idea differently. Thanks in advance.
As far as I can see, passing the URL as a GET parameter is indeed the ideal solution.
http://example.com/share.php?url=http%3a%2f%2fwww.example.com
note that
You need to URL-encode the URL you are passing using urlencode()
the total resulting URL should not be longer than 2-4 kilobytes due to restrictions in some browsers.
I don't understand why POST and GET are not an option. Just because there isn't a form on the page doesn't mean you can't put one there. Can the link be turned into a button? If you don't like the look of a button, use CSS. Putting a form on the page would only take a few lines.
I would go for the session approach, even though you consider it tedious. This is called "flash messages" and it's quite commonspread. Zend Framework has these out of the box, CodeIgniter has a neat contributed library for it... Basically, you just need to write a few helper functions and you're set. To get the barebones functionality, you need:
adding a new message
retrieving a message/all messages
clearing messages (could be called after fetching messages)
The messages stored in the session will persist until you clear them, they are immune to redirecting and once you write your helper functions, it'll be as easy as:
//before redirect:
setFlash('You have successfully logged in!');
//after redirect
echo fetchFlash();
clearFlash(); //if fetchFlash doesn't call it automatically
So I wouldn't call it tedious, really. Rather a butt-saver.