I need to get the browser user local date and Time on my server side asp vbscript page.
The goal is to show a specific message to all connected users that are in conversation at a specific local time in my web chat application.
Is that possible?
One way is to include the local time on an hidden text field and then pass it through using ajax/javascript but it's not secure because user could change it and find the secret time on server side.
The best I can think of would be to cross-reference Request.ServerVariables["HTTP_ACCEPT_LANGUAGE"] to a time zone offset and then calculate their local time using UTC. The liabilities here are trusting that their local language setting corresponds to their time zone appropriately and that your accuracy doesn't need to be perfect all of the time (multiple time zones per language code).
Alternatively, if you can afford to be lazy in this case (how important is this local time to your app?), you could just write some purposely obscure js code to smuggle the local system's current time as a long int and named something misleading for those hackers interested in spoofing your js.
Related
I have variable in Javascript which are created by reading a number from HTML, adding a number to it and then returning it to HTML.
I want to make it so that no matter what browser/what user you are, you are seeing the latest version of the variable. Currently, if I refresh the page then the number resets to 0 (the default value). I want it so that if I update the number to 1 when someone else views it from another browser they will also see 1 and not 0.
I've seen that cookies are an option, however I thought cookies were client side only? So that would mean that only I would see the latest version of the variable.
I've seen that sessions are another option, are sessions server side? And would they do the job that I am after?
Is there another way of doing this I haven't considered?
Thanks in advance
I want to make it so that no matter what browser/what user you are, you are seeing the latest version of the variable.
You need to send your updates from the browser to a server, and then have that server relay your updates to all the other clients. There are many choices for how to do this, with various tradeoffs and complexity.
One method is to simply take that number and send it to the server. Then, on next page load, the server injects that new number into the page it outputs (or it serves it up via an API call, over AJAX, via the Fetch API, or server-sent events, WebSocket, etc.). If you do this though, you will need to decide how to handle concurrency. What will happen if two people load the page at the same time?
The general system you're describing is called Operational Transform, and this is a rabbit hole you probably don't want to go down right now. Just understand that there's no magic that synchronizes things across the planet perfectly and at the same time. Your system has to account for inherent delays in some way.
I've seen that cookies are an option, however I thought cookies were client side only?
Yes, cookies are client-side. They're sent to the server with every request, but that's not a useful tool for you, aside from session identification.
I've seen that sessions are another option, are sessions server side?
They can be, but you need to find a way to know what the user is between browsers. Normally, a session ID is stored in cookies.
I want to track that the user has played the game on my website for 15 minutes per day and for continuous 10 days if he misses one day then his needs to again start from day 1 using JavaScript and PHP.
I am getting stuck in the idea that how we can track the 15 minutes a day and 10 days for a specific user.
As #arkascha mentioned, tracking user involves using sessions and saving data to permanent storage (you can save into file for first time, but learn DB management - PHP is closely tied with this one)
But before that you need to ask YOURSELF with few questions
Why do need to check data about users on your site? Remember that most of time users don't spend on web page, maybe it's better to check their requests to your site?
What type of network environment you're using. Is your website is opened for entire world (e.g. Internet) or you're located in small network with network access rules?
How you should identify your users? By IP or some kind of name?
Answering 3rd question can be done via requesting phpinfo() function and checking following variables $_SERVER['USERNAME'], $_SERVER['REMOTE_USER'], $_SERVER['REMOTE_HOST'], $_SERVER['REMOTE_ADDR']
Learn sessions (start from manual http://php.net/manual/en/function.session-start.php)
And remember - you should ask questions about particular problems (for example, "Session variables are not storing on PHP 7.x, Ubuntu XX, Apache 2.4.x"), NOT general ones (please write the code for me)
Does the date object get the values from the operating system locally ? what if someone changes his time value , in my project I need to implement a system for reserving food, in my case the user can't make request for food before 10 am , but what if one of the users change his current time ?
I think that the best choice is to get time value form backed side.
any suggestions ?
Everything you do in javascript is client side, it's executed in the browser of the user, so your date object will be created depending on the client's browser.
Moreover, all the validation about the time has to be server side to prevent any kind of alteration. You have to perform ajax requests and make sure on your server that the client is allowed to buy food.
I have found certain online time servers that share accurate time when provided with proper time zones. For example:
time.windows.com
time.nist.gov
time-nw.nist.gov
time-a.nist.gov
time-b.nist.gov
are some time servers that are used by Windows to auto-update time over internet. I want to use these servers to determine the accurate time instead of local server time or client system time. I tried querying as : http://time.windows.com/?timezone=GMT+5:30 (get request) expecting to get current time in India but it said: Error : 403.
So, I would like to know , What's the right format to query such time server to get the time & date in response. Codes using any ne of html (get)(post), php, js, jquery is/are acceptable.
Thanks !
You should not do this from your application code. As you are pointing out there are "some time servers that are used by Windows to auto-update time over internet." So, use an appropriate client program/service to set your server's time on a regular bases. This way your server's clock will always be accurate to the microsecond level. Attempting to query a time-server on a per request bases (as your description suggests) is foolish and causes a great deal of unnecessary overhead.
Where should I store a client secret in a JavaScript application to prevent other users from getting access to it? My particular use case is an AngularJS SPA.
The client secret is a guid which is generated at login and passed back to the client, expires after 15 minutes of inactivity.
Considering the nature of my secret key, should I even care?
2 things:
One: You can't. It's on their side, anyone with access (to the computer while that user is logged in) and knowledge will be able to see it. As well as anyone that intercepts the transmission from client to server (if your not using https).
Two: It's not necessary if you are implementing it correctly.
Meaning will it ever be valid again, after it expires, or is it a one off*?
Is it authenticated against the other half on your server?
*By one off, I mean a GUID is supposed to be globally unique. Are you using the same GUID each time for each user or are you scrapping it and the next time assigning them a new one? If the first you have an issue.
If your doing all those things then you really don't need to worry about it.