Access $_GET with Javascript and update <script data-email=""></script> - javascript

This is a bit tough for me to do appreciate some help.
I give this code to clients to place on their site, pass data to me and load dynamic content:
<script type="text/javascript" src="https://example.com/countdown_timer_evergreen.php"
data-launch_owner_email_hashed="94bd214b329301668349352de430bb6d"
data-launch_id="43" data-email="<?php echo $_GET['email'];?>">
</script>
Since a lot of clients don't have php, I have to use Javascript to capture the email from $_GET. So I use such code:
<script>
var getUrlParameter = function getUrlParameter(sParam)
{
var sPageURL = decodeURIComponent(window.location.search.substring(1)),
sURLVariables = sPageURL.split('&'),
sParameterName,
i;
for (i = 0; i < sURLVariables.length; i++)
{
sParameterName = sURLVariables[i].split('=');
if (sParameterName[0] === sParam)
{
return sParameterName[1] === undefined ? true : sParameterName[1];
}
}
}
var email = getUrlParameter('email');
</script>
How can I update my original code, replace with the javascript output of the content (capture the email with JS above) and give them the code? I want to give them 1 piece of code. Not sure how to pass the value of email between scripts.
And this is my code that receives the data (countdown_timer_evergreen.php)
<?php
//Allow cross-origin requests
header('Access-control-allow-origin: *');
$action = isset($_GET['action'])?$_GET['action']:null;
switch ($action){
case 'load-template':
DoLoadTemplate();
break;
default:
DoDefault();
}
exit;
function DoDefault(){
header('Content-type: text/javascript');
?>
(function(window){
var currentScript = document.currentScript;
var apiUrl = currentScript.src;
if (!('jQuery' in window)){
loadJQuery(initialize);
} else {
initialize();
}
function loadJQuery(cb){
var script = document.createElement('script');
script.src = 'https://code.jquery.com/jquery-3.3.1.min.js';
script.type = 'text/javascript';
script.addEventListener('load', cb);
document.getElementsByTagName('head')[0].appendChild(script);
}
function initialize(){
var $currentScript = $(currentScript);
var params = $.param({
action: 'load-template'
, launch_owner_email_hashed: $currentScript.data('launch_owner_email_hashed')
, launch_id: $currentScript.data('launch_id')
, email: $currentScript.data('email')
});
console.log(params);
$.get(apiUrl, params).then(function(html){
var div = $('<div>').html(html);
$currentScript.after(div);
});
}
}(this));
<?php
}
function DoLoadTemplate()
{
header('Content-type: text/html; charset=utf-8');
$launch_owner_email_hashed = htmlspecialchars($_GET['launch_owner_email_hashed']);
$launch_id = htmlspecialchars($_GET['launch_id']);
$email = htmlspecialchars($_GET['email']);
if($_SERVER['SERVER_ADDR']=="::1")
{
$root = "http://local.moosh.com/eg-launch-timer";
}
else
{
$root = "https://moosh.com/eg-launch-timer";
}
?> dd
<iframe src="<?php echo $root.'/'.$launch_owner_email_hashed.'/'.$launch_id.'/'.$email;?>" style="width:100%; height:100%; border:none;">
</iframe>
<?php } ?>
Open to ideas
Thanks

Related

Spell email address for forums

How can I make the code of the mail to spell it and undetectable for forum when I try to put it in html
Thank's anticipated
Like this ! but more sophisticated
<h>mariaburkke76</h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h><h>#<h><h><h><h><h>g<h><h><h><h><h><h><h><h><h><h><h>m<h><h><h>a<h><h>i<h><h><h><h><h><h><h><h><h><h><h><h><h><h><h>l<h><h><h><h>.<h>com<h><h><h><h><h><h><h><h><h>

You could use a combination of XOR (w/ random key) and base64/atob.
Though it wont stop a bot which is specifically designed to scrape your forum, see below.
<?php
$email = 'mariaburkke76#gmail.com';
function xor_email($str) {
$key = mt_rand(1, 192);
for ($i = 0; $i < strlen($str); $i++) {
$str[$i] = chr(ord($str[$i]) ^ $key);
}
return $key.'.'.base64_encode($str);
}
$enc = xor_email($email);
?>
<e data-enc='<?= $enc ?>'/>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script>
var decode = function(key, hash) {
var salt = parseInt(key);
var result = '';
for (var i=0; i<hash.length; i++) {
result += String.fromCharCode(salt ^ hash.charCodeAt(i));
}
return result;
}
$(document).find('e').each(function(){
var data = $(this).data('enc').split(".");
$(this).replaceWith(decode(data[0], atob(data[1])));
});
</script>
Would generate the following.
<e data-enc='102.WgdGDhQDAFtECwcPChIJXAsHFA8HBBMUDQ0DUVAmAQsHDwpIBQkLRFgLBxQPBwQTFA0NA1FQJgELBw8KSAUJC1pJB1g='/>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script>
var decode = function(key, hash) {
var salt = parseInt(key);
var result = '';
for (var i=0; i<hash.length; i++) {
result += String.fromCharCode(salt ^ hash.charCodeAt(i));
}
return result;
}
$(document).find('e').each(function(){
var data = $(this).data('enc').split(".");
$(this).replaceWith(decode(data[0], atob(data[1])));
});
</script>
From a harvesters point of view, once determined the method of protection one could easily scrape out the email as followed. Just so you're under no illusions that security through obscurity will not protect you from a custom-made email bot/scraper/harvester.
<?php
$html = '<e data-enc=\'102.WgdGDhQDAFtECwcPChIJXAsHFA8HBBMUDQ0DUVAmAQsHDwpIBQkLRFgLBxQPBwQTFA0NA1FQJgELBw8KSAUJC1pJB1g=\'/>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script>
var decode = function(key, hash) {
var salt = parseInt(key);
var result = \'\';
for (var i=0; i<hash.length; i++) {
result += String.fromCharCode(salt ^ hash.charCodeAt(i));
}
return result;
}
$(document).find(\'e\').each(function(){
var data = $(this).data(\'enc\').split("-");
$(this).replaceWith(decode(data[0], atob(data[1])));
});
</script>';
function xor_email($str, $key) {
for ($i = 0; $i < strlen($str); $i++) {
$str[$i] = chr(ord($str[$i]) ^ $key);
}
return $str;
}
$doc = new DOMDocument();
libxml_use_internal_errors(true);
$doc->loadHTML($html);
//
foreach ($doc->getElementsByTagName('e') as $e) {
// parse out XORed string
$enc = $e->getAttribute('data-enc');
$enc = explode('.', $enc);
$decoded = xor_email(base64_decode($enc[1]), $enc[0]);
// parse out email
$sub_doc = new DOMDocument();
$sub_doc->loadHTML($decoded);
foreach ($sub_doc->getElementsByTagName('a') as $a) {
echo $a->nodeValue;
}
}
https://3v4l.org/T0mlp

You could use ROT13 simple cipher. It is used to screen out spam bots.

JS - How to execute code at specific page

I would like to execute this js code only at page: "header-26.php" using js only.
if (document.createElement &&
(meta = document.createElement('meta'))) {
meta.name = "xxx";
meta.content = "xxx";
document.getElementsByTagName('head').item(0).appendChild(meta);
}
How can I do that?
Thank you very much in advance.

In header-26.php
echo the javascript code:
echo '<script>
if (document.createElement &&
(meta = document.createElement('meta'))) {
meta.name = "xxx";
meta.content = "xxx";
document.getElementsByTagName('head').item(0).appendChild(meta);
}
</script>';

if (window.location.pathname == 'header-26.php') {
if (document.createElement &&
(meta = document.createElement('meta'))) {
meta.name = "xxx";
meta.content = "xxx";
document.getElementsByTagName('head').item(0).appendChild(meta);
}
}

Value not found in php

For login i'm passing mail id and password from javascript file and i've checked through console.log that the values are printed. But when i echo both values in php only password is showed not the mail. But i can't find any error.Here i'm pasting the php file.
<?php
require_once('DBconnection.php');
ini_set('display_errors', 1);
ini_set('log_errors', 1);
$datamail = $_GET["mailID"];
$datapass = $_GET["psw"];
//$datamail = isset($_GET["mailID"]) ? $_GET["mailID"] : '';
echo $datamail;
echo $datapass;
$login_query = "SELECT * FROM student_table where mail_id = '$datamail' AND password='$datapass'";
//echo $login_query;
$login_res = $db->query($login_query);
if( $login_res->num_rows == 1 ){
//if( $login_res == true ){
echo "success";
}
else {
//echo $login_res;
echo mysqli_error($db);
exit;
}
$db->close();
?>
Javascrit file Here
function globalLogin() {
checkLogInMail();
//pageEntry();
}
function checkLogInMail() {
var mailET = document.getElementById("mailID");
var mailIdError = document.getElementById("mailIdErr");
mailID = mailET.value;
var regex = /^(([^<>()\[\]\.,;:\s#\"]+(\.[^<>()\[\]\.,;:\s#\"]+)*)|(\".+\"))#(([^<>()[\]\.,;:\s#\"]+\.)+[^<>()[\]\.,;:\s#\"]{2,})$/i;
if (!regex.test(mailID)) {
mailIdError.innerHTML = "Enter a valid Email id";
//loginFlag = 1;
}
else{
checkmailPass();
}
}
function checkmailPass() {
var passET = document.getElementById("psw");
var passError = document.getElementById("pswErr");
psw = passET.value;
console.log(mailID);
console.log(psw);
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function () {
console.log(this.readyState);
if(this.readyState == 4 && this.status == 200)
{
console.log(this.status);
var response = xhttp.responseText;
alert(response);
if(!response.localeCompare( "success" )){
document.getElementById("loginErr").innerHTML = "Mail or Password is correct";
//alert("Successfully logged in :)");
//window.location.href = "index.html";
}
else{
document.getElementById("loginErr").innerHTML = response;
}
}
}
xhttp.open("GET", "passwordChecker.php?psw="+psw+"&mailID"+mailID, true);
xhttp.send();
}

you miss = in your get request in mailID
xhttp.open("GET", "passwordChecker.php?psw="+psw+"&mailID="+mailID, true);

You missed an equal sign '=' in your javascript at your mailid parameter.

Uncaught SyntaxError: Unexpected token < (anonymous function) on console

I am creating an upload file application. I wrote it using AJAX and PHP.
It is working fine on the localhost but when I uploaded it to my web server. It returns the error:
Uncaught SyntaxError: Unexpected token <
It is pointing to the line
uploaded = JSON.parse(this.response);
This line is in my upload.js script file
upload.js
var app = app || {};
(function (obj) {
"use stricts;"
var ajax, getFormData, setProgress;
ajax = function(data){
var xmlhttp = new XMLHttpRequest(), uploaded;
xmlhttp.addEventListener('readystatechange', function(){
if (this.readyState === 4) {
if (this.status === 200) {
uploaded = JSON.parse(this.response);
if (typeof obj.options.finished === 'function') {
obj.options.finished(uploaded);
}
}else{
if (typeof obj.options.error === 'function') {
obj.options.error();
}
}
}
});
xmlhttp.upload.addEventListener('progress',function(){
var percent;
if (event.lengthComputable === true) {
percent = Math.round((event.loaded / event.total) * 100);
setProgress(percent);
}
});
xmlhttp.open('post', obj.options.processor);
xmlhttp.send(data);
};
getFormData = function(source){
var data = new FormData(), i;
for(i=0; i<source.length; i = i+1){
data.append('file[]',source[i]);
}
data.append('ajax', true);
return data;
};
setProgress = function (value){
if (obj.options.progressBar !== undefined) {
obj.options.progressBar.style.width = value ? value + '%': 0;
}
if (obj.options.progressText !== undefined) {
obj.options.progressText.innerText = value ? value + '%' : 0;
}
};
obj.uploader = function(options){
obj.options = options;
if (obj.options.files !== undefined) {
ajax(getFormData(obj.options.files.files));
}
}
}(app));
Here are the other codes for reference
upload.php
<?php
header('Content-Type: application/JSON');
$uploaded = [];
$allowed = ['jpg'];
$succeeded = [];
$failed = [];
if (!empty($_FILES['file'])) {
foreach ($_FILES['file']['name'] as $key => $name) {
if($_FILES['file']['error'][$key] === 0){
$temp = $_FILES['file']['tmp_name'][$key];
$ext = explode('.', $name);
$ext = strtolower(end($ext));
$file = md5_file($temp) . time() .'.'.$ext;
if (in_array($ext,$allowed) === true && move_uploaded_file($temp, "uploads/{$file}") === true) {
$succeeded [] = array('name' => $name, 'file' => $file);
# code...
}else{
$failed[] = array('name' => $name );
}
}else{
echo "Error";
}
}
}
if (!empty($_POST['ajax'])) {
echo json_encode(array(
'succeeded' => $succeeded,
'failed' =>$failed
));
}
?>
and here's my html form
index.php
<form action="upload.php" method="post" enctype="multipart/form-data" id="upload" class="upload">
<fieldset>
<legend>Upload Files</legend>
<input type="file" id="file" name="file[]" required multiple>
<input type="button" id="submit" value="Upload">
</fieldset>
<div class="bar">
<span class="barfill" id="pb"><span class="barfilltext" id="pt">40%</span></span>
</div>
<div id="uploads" class="uploads">
</div>
<script type="text/javascript" src="upload.js"></script>
<script type="text/javascript">
document.getElementById('submit').addEventListener('click', function(e){
e.preventDefault();
var f = document.getElementById('file'),
pb = document.getElementById('pb'),
pt = document.getElementById('pt');
app.uploader({
files:f,
progressBar:pb,
progressText:pt,
processor: 'upload.php',
finished: function(data){
var uploads = document.getElementById('uploads'),
succeeded = document.createElement('div'),
failed = document.createElement('div'), anchor, span, x;
if (data.failed.length) {
failed.innerHTML = '<p>The following files failed to upload</p>'
}
uploads.innerText = '' ;
anchor = document.createElement('p');
anchor.innerText = "Upload Completed!";
anchor.target = '_blank';
succeeded.appendChild(anchor);
for(x=0;x<data.failed.length; x=x+1){
span = document.createElement('span');
span.innerText = data.failed[x].name;
failed.appendChild(span);
}
uploads.appendChild(succeeded);
uploads.appendChild(failed);
},
error: function (){
console.log("Error");
}
});
});
</script>
</form>
This code works on the localhost. It is uploading the files to my localhost server and shows the loading progressbar.
But when I deploy this to my web server it shows the progressbar loading slowly until it reaches 100%. But when I look into the uploads directory in my server nothing was uploaded.

you have a missing } at the end of the code in upload.php, before the php end (?>):
'failed' =>$failed
));
}
}
?>

Ajax calling is breaking my code

I'm trying to make a multiplayer turn-based browser game with Ajax, Javascript and Php and in order to actually play the game you have to type in a user's username and it searches for that player. But when I try to add that function in it breaks my code when repeats all the html. When I view the network via inspect element with Chrome, it show that it keeps sending requests to the jquery and then it get stuck on the pre-loader, but when i take the isset post out from the php it loads, but I can't search for a player. How would I go about fixing this issue? Here is my code
Javascript: var match = null;
function popUp(what){
if(!what) errorMessage('Error: params', 'params', 'none');
switch(what){
case 'search':
preLoad('Loading please wait . . .');
$('#main_container').prepend('<div id="popup"><div class="opacity"></div><div class="search"></div></div>');
$('.search').load('./?page=game&mode=search&type=private', function(){
$('#preloader').fadeOut('slow',function(){
$('#preloader').remove();
});
});
break;
case 'match':
$.ajax({
url : _path + "/core/ajax.php",
type : 'POST',
data : { f: 'checkMatch'},
dataType : 'text',
success : function(data) {
if(data){
$('#main_container').prepend(data);
match = setInterval(function(){
if(!$('.search').length){
$('#main_container').prepend('<div id="popup"><div class="opacity"></div><div class="search"></div></div>');
}
$('.search').load('./?page=game&mode=search&type=private', function(){
var meta = $('#stopMe').attr('content');
if(meta){
meta = meta.split("URL="), meta = meta[1];
window.location = meta;
}
});
},1000);
}
}
});
break;
case 'submit':
$.post('./?page=game&mode=search&type=private', $("#form-pb").serialize(), function(data){
var $response=$(data);
var error = $response.filter('h3').text();
$('.search').html(data);
if(!error){
match = setInterval(function(){
if(!$('.search').length){
$('#main_container').prepend('<div id="popup"><div class="opacity"></div><div class="search"></div></div>');
}
$('.search').load('./?page=game&mode=search&type=private', function(){
var meta = $('#stopMe').attr('content'); var meta = $('#stopMe').attr('content');
if(meta){
meta = meta.split("URL="), meta = meta[1];
window.location = meta;
}
});
},1000);
}
});
break;
}
}
Php: if (isset($_GET['mode'])) {
$mode = $secure->clean($_GET['mode']);
} else {
$mode = '';
}
if ($mode == 'selection') {
$page_title .=' > Character Selection';
$page_titles .= ' Character Selection - Power Bond';
} else if ($mode == 'search') {
if (isset($_GET['type'])) {
$type = $secure->clean($_GET['type']);
} else {
$type = '';
}
if ($type == 'private') {
if (isset($_POST['pbsubmit'])) {
$name = $secure->clean($_POST['name']);
}
}
}
if (isset($_POST['f']) && $_POST['f'] == 'checkMatch') {
$checkMatch = $db->query("SELECT * FROM accounts WHERE `id` = '".$account['id']."'");
while ($info = mysql_fetch_array($checkMatch)) {
$status = $info['status'];
$gameid = $info['gameid'];
}
$getGame = $db->fetch("SELECT * FROM Games WHERE `gameid` = '$gameid'");
$status = $info['status'];
$gameid = $info['gameid'];
if(!$getGame = 'NULL') {
$data = 'testaeta';
} else {
$data = '<h1> Who do you want to battle against? </h1>
<br />
<form action="" method="post" id="form-pb" name="pb" target="_self">
USERNAME:<input name="name" type="text" size="40" maxlength="40" />
<input name="pbsubmit" type="submit" value="Search"/>
</form>
<a class="goback" href="#">Cancel</a>';
}
echo $data;
}

Categories

Resources