I'm a research student looking to compare the H-indexes (a measure of how often a scientist's work has been cited by others) of a comma-separated list of people. Web of Knowledge has a javascript form that lets you enter the author's name (field) and their institution (radio button). The h-index is then given as html. How would I go about automating the search and culling out the h-index value for each researcher?
One fairly simple way would be to write a script that uses curl to simulate a submission of the form over the data set you want to use. You'll need to know the form type (POST or GET) and what the parameter names are, then you can fill them out, feeding in data from the command line, a file, or a constant to your script.
The only trick here appears to be that Web of Knowledge will require you to authenticate to use this form.
Related
I have a small web application written in vanilla PHP with MySQL database, on which registered users are able to create custom profile pages.
Id like to add a textarea form field in the control panel, for users to add their custom tracking code (namely Facebook Pixel or Google Analytics) for their tracking purposes.
My question is, what is the correct way to add such functionality? I'm afraid letting my users to "inject" custom code would lead to security issues for my website. As far as i know the aforementioned tracking codes use regular JS/HTML for their tracking. If that is the case how to allow JS while restricting server side code, like PHP, from being executed?
Any help would be greatly appreciated.
The tracking code is always the same, apart from one or two elements. For instance, in a Google Tracking code the only variable element is a tracking ID in the format: UA-XXXXX-Y.
You could let the user select which type of tracking they want and let them only enter the tracking ID, and perhaps one more variable. You can easily check whether these have been entered in the correct format. From that you can generate the Javascript code yourself.
Alternatively, now that you know the code is always the same you could also use that to check what has been entered. Strip out any non-linguistical elements like space, and check it against your template: Only the ID's should be variable and you know their format.
However, I think this last method is less user-friendly, because it relies on the users to provide you with a rather exact copy of the code. That might be too difficult, and that will be your problem.
I'm trying to create a Rails app where our organization's users can create forms and then let our customers answer them in our website.
In short the requirements are:
Drag-and-drop form creation interface;
Conditional redirection (ex: if customer answers yes to a certain question, redirect to form x, else redirect to form y);
Client and server-side validation of fields, established by the users, whenever possible;
Associate answers with a "customer" entity (also notice the fields in these answers aren't pre-established in the model/DB);
Customization is a plus (ex: custom classes for the fields), users are tech-savvy.
So far I've been using https://github.com/kevinchappell/formBuilder to provide the actual form-building, but I've been having some problems with encoding (our forms have a lot of á, ã, à and such) and it generates an XML, which sometimes doesn't play nice when I try to render the form later; maybe if I could serialize/de-serialize it the later (or both, who knows) wouldn't be a problem anymore.
I'm also using MongoDB to store the answers and manually setting the redirections based on the answers (not cool).
So, is there a Rails/JS/dunno framework with which I could streamline all these actions (or at least some of them)?
Thanks.
The encoding issue should be solved in v1.15.0 of formBuilder https://github.com/kevinchappell/formBuilder/pull/211. I also wrote another plug-in called Formeo http://draggable.github.io/formeo/ that uses JSON and handles special characters pretty well.
Unfortunately I don't know of any package that handles the full front and back of a form building app other than the one I'm building, but it's not ready yet.
new to PHP. After around hours of learning&practising I have created a small PHP project with MySQL database for check/create/edit/delete employee's information.
So here are my questions to improve it(as a good and smart php project standard, doesn't have to be a enterprise levelled one):
Should I use more Javascript to do the client side validation , or use PHP functions to do the job mostly? (e.g. check if form data was entered with the correct format )
To modify the employee's information , what should I do to make sure the data was created/edited with the same standard inside database(e.g. first & second name should always starting with the one(and the only) upper case letter no matter what did user entered into the forms), javascript, php function or the sql queries? I think they could all make it working but which one is the best way and why?
This kind of code is driving me crazy
<input type="text" name="inputFname" class="field-divided" placeholder="First"value="<?php echo $emp['f_name'] ?>"/>
Any better way to make the php code separated with the html code?
Any and all data coming from an untrustworthy source (the client, which can be manipulated by a hostile user) needs to be validated and sanitized within a controlled, secure environment (the server, which is locked away where end-users can't get at it) before being allowed contact with the database.
You can (and should) also perform "bozo-test" validation at the client to ensure completeness, correct formatting &c.; client-side validation allows you to inform the user of an error immediately without the overhead of a round-trip to the server. Keep in mind, though, that client-side validation can not protect you from an actively hostile user.
Hope that helps.
I'd like to replace a parts requisition process at my workplace with a simple (and cheap to implement) electronic process, initiated using a Google Form. The problem is that I would like users to be able to enter multiple parts (along with associated info, e.g. quantities required, booking references etc.), but I want to do so without having to have multiple repeated questions.
I have researched this extensively and cannot find anything which fits the bill - my thoughts are to use Google Apps Script to create a table in the form which a user can fill-in. The closest I have found is something like this: Creating Form Elements Dynamically
The original paper form looks like the below - I would like the table to request the information as shown below in a similar format:
Thanks in advance!
EDIT! To make it clear, I'm happy to consider other solutions to run this process through an online interface - I have gone for Google Sheets/Forms in the first instance as they are already well integrated within my company and I have experience of them (setting-up triggers etc is pretty simple)
I understand the OP has probably long moved on from this problem. I however have done something along these lines in the past and thought I'd share my approach with the community.
I'll start with the premise Google forms are just good ol' plain HTML forms that users programmatically generate with their form builder. Therefore it's possible to traverse the as-built form and extract both submit location and all field names:
document.querySelectorAll('form').forEach((x) => {console.log(x.action)})```
document.querySelectorAll('[name^="entry."]').forEach((x) => {console.log(x.name + '=' + x.closest('[role="listitem"]').querySelector('[role="heading"]').innerText)})
The above snippet will give you an idea of what the components are.
All that's left after is to build a front end to your requirements with the framework of your choice (I used AngularJs at the peak of its popularity) and incorporate as much or as little UI and validations into it as you desire.
Here you've got the flexibility to either submit the whole thing as one JSON, or to parse it into individual fields and submit entries one by one, for purposes of this demo I opted for the easiest way but this thing surely's got the potential.
I'm initiating my first start-up. I can't stand attempting to read captchas when signing up for websites, don't want my users to. I looked for alternatives, and I found the checkbox captcha. How is this done, using JavaScript to load a checkbox, and validate it with the same code as would normally be used to make a sign up form?
Thanks.
I looked at the example linked from the article you posted. At first glance, it seems like this can be easily bypassed.
The checkbox captcha works on the basis that spam-bots don't parse or use JavaScript code embedded in webpages. Because of this, they will not find the captcha checkbox element within the form it is searching, and therefore will not send a post value for the checkbox along with the form, and on the server side, you would reject the form if the checkbox value wasn't sent.
The problem with this is:
The checkbox name is always the same (gasp_checkbox)
A bot could easily be "trained" to detect this javascript on your page and act accordingly
Even if you output a random name and value that must be used for the checkbox, it could still be detected
The outcome of those 3 problems means that this is much easier to break than image captchas or other methods. All a bot has to do when they submit your form is add: gasp_checkbox=on to their HTTP request.
That said, if you implement this for yourself on your own site, it is unlikely that any bots will able to get past it because its use is not widespread.
You could make it more secure by doing the following:
Generate unique name/value pairs for the checkbox on the server side, and output those values in obfuscated javascript to the client
Serve the script away from your form, preferably in an external javascript file that is generated by a script.
Verify that the values sent for the checkbox match a pair that was previously generated, and not used before.
If you do those things, I think you could have an effective checkbox captcha. If someone does catch on to it on your site, it may still be trivial to defeat, even with the above safeguards in place, but it may take a while, and still be effective for you most of the time.