Quick assist with finding Javascript variable (PollDaddy hash) - javascript

I'm working on finding a variable for a PollDaddy poll. The API says that the hash is attributed to the variable PDV_h[PollID] (check "Voting" part of API). I've been looking all around this poll here but can't seem to find it. Can anyone help me figure out the hash and tell me how you were able to find it?

The hash doesn't seem to be used in the link you gave me here.
But on what I assume is your site, here, there's a variable PDV_h5547018, which gives you the hash you need to make the request.
This is what I got back, but this will be invalidated, of course:
PDV_n0='f5a9a0cf08b733a0e1738e271c9303d6';PD_vote0(0);
I would track down where it was made but there are so many script references. I assume you are using a script request from them, which is why they say it's in the JavaScript.

Related

Getting data from JSON (i think)

I hope someone here can help me with this as i am at a loose end. I have a little experience with programming (variables, etc) but not much at all with Javascript, JSON and many others.
Unfortunalty i cannot fully describe what im doing as it invloves sensitive info but i will try my best:
My plan is to collect data from a webhook and enter it into a google sheet which can then be seen by myself and my colleagues (and it needs to be as 'real-time' as possible, hence using webhooks instead of API - i think)
Ive been using google apps script and javascript
At the moment i just want to be able to collect the data from 1 variable, once i know how to do that i can hopefully figure out how to get the rest of the data that i need from the other variables - but there is another problem, the JSON data seems to come in 2 different formats which to be perfectly honest i confusing the **** out of me, so if anyone can could you please explain as best you can what i need to do.
I have looked at w3 schools and a number of other sites and forums (of which this one seemed to make the most sense hence me asking on here) but most of it has fryed my brain.
anyway here is what i need :
I would like to get the data from "title" - in this example "Order #301428\"
here is part of the webhook i have received - the data has made it to the spreadsheet but it is in one massive string which is no good to me, i need to be able to just grab the data i need.
also could someone please tell me how to enter the data i need in a google sheet
Thank you very much in advance for any help
here is the 1st format that i have recieved (not complete as sensitive data) :
{"parameter":{},"postData":{"contents":"{\"id\":12374453,\"title\":\"Order #301428\",\"created_at\":\"2020-04-28T23:43:13.000Z\",\"updated_at\":\"2020-04-30T10:52:27.000Z\",\"customer_id\":10960996,\"user_id\":14426,\"status\":4,\"scheduled_at\":\"2020-04-30T10:00:00.000Z\",\"merchant_id\":149,\"extras\":{\"previous_task_distance\":null,\"distance_to_team\":null},\"
here is the 2nd format :
{"contextPath":"","parameters":{},"contentLength":23356,"parameter":{},"queryString":"","postData":{"contents":"{\"id\":12425150,\"title\":\"Order #354554\",\"created_at\":\"2020-04-30T09:14:01.000Z\",\"updated_at\":\"2020-04-30T10:43:11.000Z\",\"customer_id\":11003352,\"user_id\":14894,\"status\":4,\"scheduled_at\":\"2020-04-30T11:00:00.000Z\",\"merchant_id\":149,\"extras\":{\"previous_task_distance\":null,\"distance_to_team\"
thank you again
Thank you all for your help - i've looked through numerous tutorials and other information but no matter what i do i cant get it to work and i honestly have no idea what im doing wrong - the thing that is really getting me is i can get the long string of data to show up in google sheets so i know ive got the connection there right - but when i follow any of the advice regarding JSON.parse, Javascript objects, JSON.stringify or anything else it just doesnt work - heres my code (my latest test)
var data = JSON.parse(e);
var orderno = data.postData.contents[1];
sheet.getRange(lastRow + 1,1,1,1).setValue([orderno]);
for some reason i cant enter all of my code
Take the json and parse it into an object:
https://www.w3schools.com/js/js_json_parse.asp
You should then be able to access the attributes like so:
obj.postData
PostData appears to be another json string embedded in the first json, so you will need to parse that as well.

First time using an API: How do I construct a request for the proper data from a quote API? Links included

I am using this API from Stands4 to get quotes. I was able to build my random quote generator for free code camp using their RANDOM tag in the request. Now I want to know how to write a request to get quote from a tv show for a personal project I am working on. Does anyone know how this is possible?
Here is the API doc: Link
In particular I am looking at the second and third lines of their Request parameters table. I want to use 'SEARCH' but don't know how to produce the correct 'query'. Maybe I am going about this wrong.
Here is the show I would like to get quotes from: Link
Here is what I tried. Goal is to get a random quote from the show.
http://www.stands4.com/services/v2/quotes.php?uid=MYUID&tokenid=MYTOKENID&searchtype=RANDOM&SEARCH&query=Its+Always+Sunny+In+Philadelphia
Unfortunately, these aren't the greatest docs so you'll have to play around with the "query=" part of your search. You're correct in thinking that's where to start.
Here's the approach I would take to make this work:
1. Searchtype=Search: I would start subbing in all sorts of different things from It's always Sunny and seeing what gets returned, including: character names, the show name, writer/actor names, and if all else fails show objects ("Paddy's pub" and "Day man") come to mind. Note: for things with spaces make sure you're using url-encoding.
2. Searchtype=Author: Take writer names and maybe character names to see if putting those in with an author search type returns anything.
3. Use their Scripts API: I'd hope something would come from that, but if it doesn't work, you can always try and find some scripts from their Scripts API and parse them.
If all else fails you can use a scraping tool like Import.io and grab quotes from a site like IMDB. Import.io is free and very easy to use.

How to remove unwanted namespaces from xmlns in Node.js?

First, I want to start off that I am really new with stackoverflow. I'm normally a viewer and this is my first time to ask here. Second, please do excuse me if there are terminologies, which I might later use incorrectly or if I am asking in the wrong place. Lastly, I would appreciate it if everyone would use less, or possibly, no negative comments or statements, and if there are less links (to answer my question) and instead more explanation.
So, I've been working on a system. However I'm having trouble with giving request to a wsdl. Normally, I get enough namespaces for me to provide the needed information to get the proper response. However, in my case with this specific wsdl, I'm getting a lot of namespaces. I've tried using soapUI to see if I would get a response, but the problem here is that, it works if I remove enough number of namespaces.
Here is a sample:
<qr2:Envelope
xmlns:qr1="http://qr1/sample"
xmlns:qr2="http://qr2/sample"
xmlns:qr3="http://qr3/sample"
xmlns:qr4="http://qr4/sample"
xmlns:qr5="http://qr5/sample"
xmlns:qr6="http://qr6/sample">
xmlns:qr7="http://qr7/sample">
xmlns:qr8="http://qr8/sample">
xmlns:qr9="http://qr9/sample">
xmlns:qr10="http://qr10/sample">
xmlns:qr11="http://qr11/sample">
<qr2:Header>
</qr2:Header>
<qr2:Body>
</qr2:Body>
</qr2:Envelope>
What I want to happen is to lessen the number of namespaces. In my sample above, instead of getting eleven namespaces, I want it to have, say five, as so:
<qr2:Envelope
xmlns:qr1="http://qr1/sample"
xmlns:qr2="http://qr2/sample"
xmlns:qr3="http://qr3/sample"
xmlns:qr4="http://qr4/sample"
xmlns:qr5="http://qr5/sample">
<qr2:Header>
</qr2:Header>
<qr2:Body>
</qr2:Body>
</qr2:Envelope>
Is there a way for me to do this using node.js?
I'm already at this point of my code:
soap.createClient(https://sampleLinkOf.wsdl, wsdlOptions, function(err, client) {
}
I'd appreciate an answer instead of a workaround (deleting files, downloading files, etc).

Can you tell, via PHP, whether an ajax call came from a page or the console?

I'm updating a database via PHP with data that's being sent via ajax. Is there a way to tell whether the script that is sending the data is called by the page on which it is included (remotely hosted), or just being hacked into the JS Console by someone who's "inspected my elements" and trying to pull a fast one?
Thanks in advance...
Danny
There really is no way of telling between either of them, but you can make the job much harder to do.
But since you say that 'it won't start wars', working off of that, there are a few ways of 'securing' it.
Step 1 : Creating 'Verification' calls
If you aren't already, the very first step would be to implement a few preliminary AJAX calls that retrieve certain variables which are later used in the calls that follow, for example:
Call #1 Retrieves Security-Token
Call #2 Creates a cookie Security-Token-2
Call #3 Call to your php script with Security-Token encrypted with Security-Token-2
What your page would then do, would decrypt the sent text with the 'token' stored in the cookie and use that.
Step 2 : Adding extra logic into javascript
You can add some encoding-decoding logic into the javascript,
I'm not saying this is going to be hard to break, but It might be tough, especially if you obfuscate your code (We all know obfuscation is no good, but bear with me)
Step 3 : Don't keep any names
Another thing you can do is remove all the names from the AJAX variables, or better yet, the names can be different every time.
If you want to go even further, you can encrypt the names, and plus to the encryption add a component of randomness by introducing an IV, and storing the IV in the cookies (maybe even encoded for added security).
(EDIT) Found the 'dynamic name generation' solution I was looking for:
Dynamic Field Names in PHP
The solution was initially designed to fight spambots which 'autofill' certain fields, and if the field names look random it doesn't know which fields are 'traps', however you could use it to generate the names for your AJAX calls.
In the end though, it is always possible to crack, all one needs is enough time and money.
This is a youtube guide by phpcademy (now codecourse) that throughly explains how to prevent CSRF (Cross Site Request Forgery) in PHP.
It involves generating a new random token every time a form is submitted.
Afterwards you check if a token has been posted. If not, the request is not authentic.
EDIT: you needn't be worried about people seeing the token when inspecting the page, as you have your own (server side) way of validating your token.

How do you troubleshot google analytics code?

Can anyone share best practices for troubleshooting google anlytics code?
Has anyone built a debugging tool? Does google have a linter hidden somewhere? Does anybody have a good triage logic diagram?
I'll periodically set up different parts of GA and it seems like every time I do it takes 4 or 5 days to get it working.
The workflow looks like this:
Read the docs on the feature (e.g. events, custom variables).
Implement what appears to be the correct code based on the docs.
Wait a day.
See no data.
Google every version of the problem I can imagine. Find what may be a solution.
Change my code.
Wait a day.
See no data.
Loop:
Randomly move elements of the tracking code around.
Wait a day.
If other parts break, tell ceo, get yelled at, revert changes.
If data appears, break.
Pray it continues to work/I never have to change the tracking code again.
For obvious reasons, I'm not satisfied with this workflow and hoping someone has figured out something I haven't.
Everything I do, debugging GA code, stops and starts with the Google Analytics Debugger Chrome Extension. It prints out to the console a summary of the data it has sent to Google Analytics which, for all purposes except testing profile filters, is all you need. It'll eliminate the "wait a day" step.
If you're not a fan of Google Chrome, you can inspect the HTTP requests yourself to see how the data is parsing. You can use this guide to figure out what each paramater in the URL represents.
In terms of ensuring the features I've installed or the code itself is working, I'll open a fresh browser (cleared of cookies), and navigate to the site I'm testing via Google search. I'll proceed to navigate to all of the pertinent pages, and trigger all the pertinent events, all the while ensuring that the requests are being sent to Google, and that the session isn't broken at any point (by either keeping an eye on the Session Count, or ensuring that the traffic source doesn't change from organic/google to direct or a self-referral.
Screenshot:
To begin with, this answer isn't at odds with any portion of either of the two answers before mine--i.e. you could certainly implement them all without conflict.
My answer just reflects my own priority, which is that the latency issue. Latency makes debugging far more difficult than it should be. Ten minutes of latency while waiting for the compiler to finish is irritating, four hours (minimum GA latency) is painful.
So for me, the first step in building a GA de-bugging framework was to somehow get the GA results in real-time--in other words, if i changed a regular expression filter, i needed to catch the traffic processed by that filter. So removing the 4-24 hour latency in getting results from the GA server was critical.
The easiest way i have found so far to do this is to modify the GA tracking code on each page of your Site so that it sends a copy of each GIF Request to your own server.
To do this, immediately before the call to trackPageview(), add this line:
pageTracker._setLocalRemoteServerMode();
This will send the entire request header to your server access log, which you can parse in real time. (Specifically, your server writes to the access log one line at a time--one line corresponds to one request. All of the GA data is packaged and set as a request header, so there's perfect coincidence between the two.
yahelc answer is great, but I'd like to add my 2c here.
Get yourself a nice sniffer to see the hits flowing.
Nice options:
Wasp
Charles
HTTPFox
Fiddler
Then implement your changes on QA.
Test this new setup on QA. Things you should keep an eye on.
Always make sure that the basic pageview fires. It should have at least an utmp value and no utmt set.
Make sure the visitor Id doesn't get overwritten. This is the second number on the __utma cookie. This number should be your userid, if it changes then things are broken.
Make sure your pageviews contain the page and session variables you set. If you set any. They are coded into the param utme.
Make sure that any Visitor custom var is fired before your basic pageview. utmt=custom variable
Make sure the source data is not overwritten (Campaign/medium/source/content/keyword) - These are set on the __utmz cookie. If it gets overwritten by direct or a referral of you own site there's something wrong.
If you miss any event it may be due a reqired field missing or the last value being a float or string. The value of an event must be an integer.
If you're using the ecomerce double check all your parameters. Make sure that you're firing everything as strings here and that unused parametrs are empty strings.
triple check your account number. UA-XXXXX-X.
If your doing something with custom JS make sure to test on all browsers, and try to get at least the basic tracking on a safe zone where you are sure things won't break.
Send debug info about javascript code that might break GA to GA. Check this.

Categories