I want to identify from where a visitor coming to my webpage.Is there anyways to getting that reference in a javascript file.eg: if my website is www.example.com.if user getting this site from google or bing search,then i need to identify that,user from google or bing respectivly.How can i get this in javascript(more priority) or in php.If anybody know help me please...
You want to get the Referer information.
In PHP, you can access it with $_SERVER['HTTP_REFERER'].
In Javascript, I suppose that this should give you that information : document.referrer.
Note : the referer is an information that's sent by the user's browser, which means :
It can, or cannot, be sent
Which means your application can use it to provide some additionnal stuff,
But must work even if the Referer is not there.
It can be forged
Which means you must not trust it for any important feature.
And you might want to filter/validate it
Related
I was wondering if there's a way to add html to a webpage (from another domain) before displaying it in a iframe. Basically my idea is to make a website that allows the user to type in a website and choose or add things to the page, like copy a yahoo anwsers page and still have it function (so javascript and all still works) but the background has changed or a button that does a specific thing to the page has been added in. So far I keep running into cross domain policies and I have no idea how to get round these.
No, you cannot, this will be a massive violation of information security codes.
Imagine if someone could access your code, js and html and just alter it and access your information.
even worse, if you have sensitive information stored in the client code (you shouldn't but lets imagine), everyone across the web will have access to that information.
Displaying the webpage is one thing, you have api's for this sort of things (for example, google, twitter, facebook api's) and you pay for them too.
The reason you are running into cross domain policies is because you are not allowed to make that request. Not by JsonP and not by CORS Requests.
If you want access, look for a proper api.
For beginners, here is the Yahoo Api (Yql)
And here is it's Terms of use
Read them before you continue.
You can't do that because, if you could, an attacker could use this to exploit referred page.
Source: https://developer.mozilla.org/pt-BR/docs/Glossary/Cross-site_scripting
How would you determine how a visitors is coming from Google, other search engine or any other channel? I want to show a one-off coupon code to my Google Search visitors.
Not sure how to do it though - I run my website on PHP/WORDPRESS/JQUERY.
$_SERVER['HTTP_REFERER']
The address of the page (if any) which referred the user agent to the
current page. This is set by the user agent. Not all user agents will
set this, and some provide the ability to modify HTTP_REFERER as a
feature. In short, it cannot really be trusted.
http://php.net/manual/en/reserved.variables.server.php
The HTTP_REFERER includes google.com so you know it came from a google search, but not what was searched for.
From the front side (javascript) you can get it from document.referrer
I believe it should be possible to retrieve information from another page as long as it's from the same domain right? There are some information that I would like to retrieve from this page, and to display it on another Wikia page. (So that the information can update on its own regularly).
Unfortunately, I cannot identify which specific id do I need to retrieve on the Wikia WAM page. I simply don't know how to retrieve the Rank/WAM Score information. Since the WAM Score/Rank updates regularly, the arrow image also changes depending on whether you rose or descended in your rankings. This is why I would like to pull the data from the page so that it can update regularly without having to do it manually.
Is there a way to do this using javascript?
P.S. I apologize for the inconvenience, and to have asked without much knowledge on programming (I only know basic javascript).
I believe it should be possible to retrieve information from another page as long as it's from the same domain right?
The same origin, which is about more than just domain. This is defined by the Same Origin Policy.
The two pages you asked about are on different origins, http://www.wikia.com and http://asphalt.wikia.com, because the hosts are different even though the TLD is the same. So you won't be able to use ajax to retrieve information on one from the other unless the one you're trying to get the information from shares it with the one you're trying to get it on via Cross-Origin Resource Sharing and you're using a browser that supports it.
If it does support CORS, yes, you can use ajax to query the content of the page, parse it, and extract the information you need.
If not, you might look at using YQL as a cross-origin proxy. Basically that's calling a Yahoo service that uses a server to get the page (so the SOP doesn't come into it), parses it for you, and lets you query against the parsed results.
I have a web site with following functionality: An user comes to www.mysite.com/page.php. Javascript on that page makes ajax API call to www.mysite.com/api.php and shows results on the same page www.mysite.com/page.php
I'm afraid of situation where somebody starts to use my api.php on own software, because using www.mysite.com/api.php costs me a bit money. Therefore I want that only users that have visited the page www.mysite.com/page.php can get valid results from www.mysite.com/api.php . There won't be any way for users to log in to my web site.
What would be the right way to do this? I guess I could start a session when an user comes to page.php and then somehow maybe first check on api.php that a session with valid session id exists?
If you just want the user to visit page.php before using api.php, the session is the way to go.
Typically, if you want a "soft" protection you use the POST verb to get results from your site. Then, if the user goes the the URL in their browser and just types the api.php call they will not get a result. This doesn't protect your site but it keeps search engines away from that url reasonably well and accidental browsing to it.
Otherwise, there are lots of authentication plugins for php.
http://www.homeandlearn.co.uk/php/php14p1.html for example.
You can check the request in several ways such as Token validation, Session validation or even by Server 'HTTP_REFERER' variable
Check the referrer with $_SERVER['HTTP_REFERER'] if its outside the domain block it.
Beware that people can alter their REFERER so its not secure.
Another better solution might be a CAPTCHA like this one from google https://www.google.com/recaptcha/intro/index.html
Cookies, HTTP-Referer, additional POST-Data or some form data, that you send in an hidden input field aren't secure enough to be sure, that the user comes from your site.
Everything of it can be easily changed by user, by modifying the http-headerdata (or if you use cookies, by changing the cookie-file on the client machine).
I would prefer the PHP-Session combined with an good protection against bots (ex. a Honeypot), because it's not so easy to hi-jack, if you use them properly.
Please note: If there is a bot especially for your site, you lost anyway. So there isn't a 100% protection.
Google analytics tracks pageviews.
I would like to use JavaScript to fetch the number of views that a specific page URL has.
How can I do this?
P.S. Google documentation is a mess, all I can find out from it is how to setup tracking.
Doing this purly in javascript is going to be tricky. Due to the fact that you will need authorization to access your data.
Now normaly for a case like this I would say use a service account but in order to use a service account to connect to google analytics, you will need to download a key file. This file must be kept save and secure.
Javascript is client side scripting how can you send a file that no one else should be allowed to access? As far as I know there are no javascript examples for using a service account to access google analtyics i have also been unable to come up with a safe and secure way of doing this myself. If any one has any ideas please comment i would love to hear how you got this working.
The only other option is to go with normal autentication the problem with this is that you will need to autenticate the script. Thats not hard you could then save the RefreshToken some place and pass it to the page. Again this is a problem anyone that then looks at your source code will have the RefreshToken and the ability to access your data.
My recomendation: Use some server sided scripting language like php for example.
If you want to look at the code for doing this in javascript Hello-analytics-api