Uniquely recognize Client on localhost - javascript

I have apache installed on a windows laptop that is not connected to the internet. The laptop has multiple user accounts. Let's say that two of the user accounts are "Adam" and "Sally". I have a project on localhost that needs to differentiate between the different Window's users via the Chrome browser.
I understand detecting the username through the browser directly is a gross security sandbox breach, but I don't care: I have complete control of the computer and the project is not web accessible, so there are no security concerns. I'm willing to cheat in any way imaginable including building a custom .exe to help. I just need to differentiate between the different accounts. It doesn't need to be by username, but any alternative ID would need to persist for that given user.
I am asking for outside of the box thinking.
How can I create a page that I can open in Chrome that will say "Hi Adam" or "Hi Sally" or even "Hi -=[GUID]=-" without the visitor ever typing in their name/guid.

You should probably use something like NW.js or Electron instead of chrome for this so you don't have to sacrifice security.
Here's a picture of me running the nw.js sdk and loading just the demo page, bringing up the dev tools and retrieving my username.
Pretty straight forward. Follow node documentation and do whatever you'd like there.
You could have a batch file that runs on startup via the task scheduler or registry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run or Local Group Policy that performs something like echo setCurrentUser("%USERNAME%"); > c:\your_project_directory\set-current-user.js, then you just have a script that defines <script>function setCurrentUser(s) { alert("Hello "+s); /* ... */ }</script> followed by a script import like <script src="set-current-user.js"></script>
If you just want to be able to do whatever in the filesystem, change the shortcut that launches Chrome to --allow-file-access-from-files --user-data-dir=c:\your_project_directory --disable-web-security and restart the PC (or just kill all chrome.exe processes, incl. background).
Edit: Updated with note on using --allow-file-access-from-files from Pritam Banerjee. If you go that route, he gets credit. :)
If you're interested in trying NW.js, here's a full example:
package.json :
{
"name": "nw-hello-user",
"version": "0.0.1",
"main": "index.html"
}
index.html :
<!DOCTYPE html>
<html>
<head>
<title>Hello!</title>
</head>
<body>
Hello <script>document.write(process.env.USERNAME)</script>!
</body>
</html>
Here's the command line:
Here's the end product!

Since you tagged your question with PHP, you could just create a index.php file with the following contents:
Hi <?= getenv("USERNAME") ?>
getenv("USERNAME") returns the the value of the USERNAME environment variable.
Update: Thanks to TylerY86 for providing the more correct way to get the username. Also note from his comment below:
You also have to be sure that the Apache instance is running in the
context of the user, and not as a service. If you try the example, if
you get something like SYSTEM or IUSR_MACHINE instead of the user
name, you'll need to adjust.

You have 2 choices, as far as I see.
1) you may ask users to identify themself first time they use the page and store it to the local storage. Since those are different users on the machine, their localStorages should be separate.
2) You may deploy a small web service on the local host, that gets the user credentials from the system and returns on GET request.

Related

Force Auto Open Dialog in Chrome

FileRun has a beautiful File-Explorer Google-Drive styled. You can testdrive it here FileRunDemoSite
When I download a File I get to choose if I want to open the file directly in a Office Application.
When I click on Office, google prompts me with a Chrome Open File Dialog. The File opens directly from the location instead of being savend in /downloads/ folder.
How can I achieve this behavior? All existing answers on SA state that this is not possible, so this might be interesting to others as well. Not even google has implemented this. Is there a cross-browser solution?
Onedrive does it as well:
Credit to Thomas2D to get me on the right track. How it basically works is:
If you develop an application you can register a new protocol with the operation-system. http:// will be handled by your default browser. applicationX:// will be handled by applicationX, ms-word:// will be handled by word. If you click on a link the browser/operating-system looks up which application should handle the protocol an pass the request on to this application.
For Office documents the URI is a bit more complex ms-excel:ofv|u|http://contoso/Q4/budget.xls. You can open it readonly/ for edit / as a template. Check out this document for a detailed description of all the options: Office URI Schemes
For other applications check the URI Schemes with that application.
How to use it on a website:
It is not advisable to set a link to an application in a Dom element href attribute. You have no way of checking if the application is installed or not.
If you use Javascript you can check if the request times out / fails and use http:// instead.
. Set the protocol in a href: window.location.href = encodeURI('ms-excel:ofe|u|http://example.com/excel.xlsx') or by setting the the location.protocol, https://www.w3schools.com/jsref/prop_loc_protocol.asp
There is a jQuery Plugin to do that :jquery.applink.js
I personally think that this is accomplished by starting application via specific url.
I know that this works on iOS for launching application. In iOS it was done by something (simillar to mailto:example#example.com)
<script type="text/javascript" charset="utf-8">
window.location = "myapplication://myparams";
</script>
EDIT: I finally get it, you have to use application url scheme. For example, if you want to open your Excel file via browser, you have to use this JS code.
window.location.href = encodeURI('ms-excel:ofe|u|http://example.com/excel.xlsx');

Starting a vbs script from a HTML file

I've been wrapping my head around this problem for a couple of days searching for all possible solutions on the forums and online but can't seem to get it working.
I'm calling a script by a link on a "button" to start a script on a server (in HTML):
<a href="#" onClick="RunScript();">
The script code is:
<script type="text/javascript" language="javascript">
function RunScript() {
var objShell = new ActiveXObject("WScript.Shell");
objShell.Run("%comspec% /k my_projects_EN.vbs" "), 1, false;
}
</script>
So why am I using a vbs? What I'm trying to do is create custom pages for each employee. So the vbs is actually checking the computer name and an if clause directs the employee to a custom page. With my basic knowledge of programming and a lot of hours of searching I did not find a better solution for this yet. So I'm trying to make this one to work.
And it does but only if I'm running the script locally (desktop). But as the webpage will be used in an intranet location this script will be on a server. And this is where it became a bit hairy as I can't seem to find the right combination of commands to do so. I already tried pushd for creating a mounted volume or currentDir for setting up the location of script but nothing seems to work completely.
I assume that I'm missing a subroutine for the function as adding anything there just stops the script - but how to go at it is beyond me.
All help is appreciated even if it means I have to bury myself into another program language (not preferred of course).
I am certain that there is a way to solve this other than sending a script to each employee to put on their desktop (each time a new employee comes to work).
Thanks
Edit: I see an additional clarification is in order:
We're creating an intranet webpage as a help for more efficient work for our employees. We're on the same level as the rest so not IT or admin rights guys so we're on our own.
The point is to have a personal page for each employee which can be accessed via the same interface. So a link has to send each person to another page that is why I've created the vbs code which helps with that. Checking several other options this seemed to be the simplest and best one - and it works at least partially. I don't see any security risks as all will be done on each client computer - the files themselves will be located on the server. The script itself does not represent any risk at least not that I would see it - but of course I'm not a specialist.
So in short this is what we're trying to do:
Main page -> link to My_projects button -> start script (located on the same server as the main page) -> determine the client computer name -> redirect to the right webpage.
Sorry for a lack of details, I see that it's sometimes hard to explain exactly what you want if you're not a pro in these things.
Thanks again.
If those computers are physically located at your workplace and you have control over the system, it would be better to tweak DNS redirections on those computers. Otherwise, more general and OS independent solution, would be session, cookie, or token on employee's computer. Still, some kind of authentication other than having one piece of machine, could be more versatile and secure (unless your PCs are 1000 feet underground :-) ).
Edit: What kind of info/data are sent to the server script? Server script runs on server and everything related to "this computer" (e.g. name) is actually referring to the server itself. Thus the script needs some data from the client to recognise his computer.
thanks for the effort
Everything is actually located on the server so the client computer only runs the page or interface which is in \Server\folder\folder for example.
In your browser you open the start page which contains a button with a link to this script (located on the same server).
When the script executes it searches for the computer name and send the user to his personal page:
Set wshShell = CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
On Error Resume Next
'#01 name_surname
If strComputerName = "XXXXXXXX" Then
CreateObject("WScript.Shell").Run """name_surname.html"""
and so on.
And this is all there is. As mentioned before we don't have admin rights to change anything on the client computer. So nothing is being done on the client side other that executing a script located on the server.

GAS UrlFetchApp can't request GAS projects

I am trying to have a large set of Google Apps Scripts projects, and want to have a set of HTML files available to all projects. I have a core project which has the following code:
function doGet (e) {
return HtmlService.createHtmlOutputFromFile(e.parameter.htmldoc);
}
Then, from another project I can just run
UrlFetchApp.fetch("https://script.google.com/macros/s/someid/dev?htmldoc=footertemplate").getContextText();
However, when I try to run the code to load an HTML file, what happens is it gets HTML code to login to Google:
Everyone is able to run both projects, and every prompt asking me for permission I gave permission to. If anyone is able to figure it out, I would greatly appreciate it.
EDIT:
I have tried this out with two other fresh projects and found that this isn't just with these two projects
There must be an issue with your publish settings. While publish, you should get an option like "Who has access to the app"
If you want to access without login, then set it as "Anyone, even anonymous".

Using branch.io to redirect to app in javascript

So, we have a mobile download site that we want to bypass if the user already has our app installed, and open our app. We are using the branch javascript code to try to accomplish this task. We have our branch key where I have 'my_branch_key', and we copied the rest of the code below directly out of the branch instructions. And, of course, it is failing to redirect our mobile users. I imagine the problem is the lack of some sort of app identifier in the code, but we could not find any instructions on where to add that. Anyone know what we're missing and where we need to add it. Any advice would be greatly appreciated.
// load the Branch SDK file
(function(b,r,a,n,c,h,_,s,d,k){if(!b[n]||!b[n]._q){for(;s<_.length;)c(h,_[s++]);d=r.createElement(a);d.async=1;d.src="https://cdn.branch.io/branch-latest.min.js";k=r.getElementsByTagName(a)[0];k.parentNode.insertBefore(d,k);b[n]=h}})(window,document,"script","branch",function(b,r){b[r]=function(){b._q.push([r,arguments])}},{_q:[],_v:1},"addListener applyCode banner closeBanner creditHistory credits data deepview deepviewCta first getCode init link logout redeem referrals removeListener sendSMS setIdentity track validateCode".split(" "), 0);
branch.init('my_branch_key');
// define the deepview structure
branch.deepview(
{
'channel': 'mobile_web',
'feature': 'deepview',
data : {
'source': 'website'
}
},
{
'open_app': true
}
);
Additional info: We noticed an oddity when trying to test this, for a couple of our iPhone users, it seems to work perfectly, but for the rest of the iPhone users and all the android users it still fails to redirect.
Alex with Branch.io here: the automatic open_app: true setting actually doesn't work in iOS 9 with Safari, due to some changes Apple made to Universal Links in iOS 9.3. This is a fairly recent change, so our docs haven't been updated quite yet. It's annoying, I agree...
The best workaround is to put a button on the page with deepviewCta(). Visitors will have to click it to open the app. We realise this is not ideal, but it's the best option for Apple's current system.
The other option you can try is enabling your own domain for Universal Link. That way whenever a URL at your domain is clicked, your app will launch immediately and the site will never even be loaded.

Track outlinks on localhost app

I have built a simple webpage for a touchscreen kiosk (Win7, XAMPP).
The interface is built up of 9 tiles (windows metro style). HTML, PHP and CSS only. Each of the tiles are simple links
What I would like to do is track how many times each of the tiles have been clicked.
Examples of my pages are;
www.example.com/help.html
www.example.com/contact.html
www.example.com/map/floor1.html
The kiosk will be running on localhost and I feel that Google Analytics, Piwik or AWStats are too resource intensive for such a small task. Obviously as the kiosk is running on localhost the IPs, location, browser etc... aren't important.
Are there any other ways I could track the clicks to a log file or similar?
Any advice appreciated.
You can use onclick functions on the links, and use javascript to write a log file. This might help you creating a log file through javascript
I would say this data can be found inside Apaches access logs if you only want to know how many times a page has been accessed. This can be easliy done by using a tool such as Apache Log Viewer.
If you actually want to log link clicks, you probably have to use javascript action handlers. Because I consider writing from JavaScript ugly, I would probably send an ajax request to my PHP server every time.
Edit:
Another way would be, to convert all you html files into php and log from there (I can also add an example how).
Example:
<html>
<?php
$count= include 'count.php';
$count['count-'. __FILE__]= $count['count-'.__FILE__] + 1;
file_put_contents('count.php', '<?php return ' . var_export($count, true) .'; ?>');
?>
</html>

Categories