I know that this will seem like a duplicate, but I honestly have not been able to find any answer that solves this.
I have two iPads set up with static IP addresses on a network that can only access www.example.com (network restriction, not iPad restriction). example.com is an eCommerce site and I want to fill in a coupon field whenever either of these two iPads visit the site.
The only way I can think of doing this is getting the local IP addresses of the iPads (e.g. 192.168.0.x) and creating a whitelist array. But my problem is trying to detect the browsing device's local IP.
I cannot use any resources outside of the example.com domain and I can't use the network's public IP as there will be lots of other devices connected.
Also, I've tried WebRTC but it's Chrome and Firefox only, and I am limited to the iPad's native Safari browser.
Help me Overflow Kenobi, you're my only hope!
EDIT
Conditions have changed. I found out that no other devices will be using the checkout service, so I can now target the external IP. Details about how I did this are below.
OK, I've found a solution to my problem.
One correction first to my original question:
I just found out that none of the other devices on the network will actually be used for purchasing on the website, so the iPads are the only two devices that will enter the checkout.
Knowing this now, I am able to target the public IP of the network. I've done this using two scripts, one in an external PHP file (our server isn't setup to run PHP in HTML files) and one in an external JavaScript file (easier management as there are multiple versions of the checkout page, so if I need to change the discount code I just have to update the JS file.)
PHP file:
// Declare content as JavaScript
Header("content-type: application/x-javascript");
// Declare variables for IP adress requests
$http_client_ip = $_SERVER['HTTP_CLIENT_IP'];
$http_x_forwarded_for = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remote_addr = $_SERVER['REMOTE_ADDR'];
// Request for most accurate IP address
if (!empty($http_client_ip)) {
$ip_address = $http_client_ip;
} else if (!empty($http_x_forwarded_for)) {
$ip_address = $http_x_forwarded_for;
} else {
$ip_address = $remote_addr;
}
// Add results to array - multiple IP addresses may be returned
$list = explode(',', $ip_address, 2);
// Write the first IP address in array as JavaScript
echo 'document.write(\'<div class="myIP" style="display:none;">' . $list[0] . '</div>\')';
JS file:
// Array of allowed IP addresses
var allowedIP = ['x.x.x.x'];
// Coupon code
var couponCode = "CODE001";
// Run script when page is loaded
$(document).ready(function () {
// Get device IP from 'myIP' div loaded by php
var ipAddress = $('.myIP').text();
// Check if device IP matches any of the IPs in the Allowed array
for (var i = 0; i<allowedIP.length;i++) {
if (ipAddress == allowedIP[i]) {
// If it matches, write to console
console.log("Your external IP is allowed");
// Add coupon code to input field
$('input[name="coupon"]').val(couponCode);
} else {
// If it does not match, write to console
console.log("Sorry buddy, you're not on the list.");
}
};
});
Related
I found hundreds of cloned versions of my website.
Whoever is doing that are using some code that clones my web pages, changes my website name mydomain.com to clone1.com, clone2.com, clone3.com etc and this makes it impossible to use a simple JS or PHP to check if the header URL is = to mysite.com then redirect.
It also does not work using the .htaccess
For this reason I have created this code:
<script type="text/javascript">
if (window.location.href== "http://clone1.com/cat1/{{{ $title->id }}}-{{ (Str::slug($title->title)) }}/cat2/{{ $se->n }}/cat3/{{ $episode->ep_n }}")
{
window.location.href = 'http://google.com/';
}
</script>
This script completes its purpose but is too long and is also very restrictive because it must contain the exact URL.
I'm looking to do this:
<script type="text/javascript">
if (window.location.href== "http://
//contains this part in its URL
clone1.com , clone2.com , clone3.com , clone4....
}}")
{
window.location.href = 'http://google.com/';
}
</script>
How can I create a global JS (JavaScript), that would detect if the current page is not on my domain and then redirect the reader to my domain and the same page?
Many thanks
1. Best Solution - Early Detection
Depending on your main traffic source, it is possible to detect who is scrapping you and block them based on their IP, Headers, number of page views and other data, using PHP & HTACCESS.
I really like this answer on the StackOverflow, that discusses almost all the options available for early detection.
How to detect fake users ( crawlers ) and cURL
2. Plugins & Extensions for Open Source Content Management Systems
Wordpress
If using Wordpress CMS, you can try some plugins, like WordFence, that can detect and block fake Google Crawlers, block based on the number of page views etc.
Other CMS
If you can't find a similar solution for your CMS of choice, consider to ask a community for a help with creating the solution like that, as I believe many people could benefit from it.
3. Solution for already stolen content with JavaScript
Sometimes the easiest road to hide something in JS, is to actually HIDE something by OBFUSCATING and by hiding in multiple important files. For example, obfuscate some important file on your website without which the website just wouldn't work properly.
For example, put an obfuscated version of the code below somewhere in JS file in the header, Obfuscate this code using any free services online or download your own library on Github:
Non-Obfuscated:
w='mysite.com'; // Current URL e.g. 'mysite.com/category1/page2/'
function check_origin(){
var check = 587;
if(window.location.hostname != w){
window.location.href = w;
}
return check;
}
var check = check_origin();
Obfuscated example:
var _0x303e=["\x6D\x79\x73\x69\x74\x65\x2E\x63\x6F\x6D","\x68\x6F\x73\x74\x6E\x61\x6D\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x72\x65\x66"];w= _0x303e[0];function check_origin(){var check=587;if(window[_0x303e[2]][_0x303e[1]]!= w){window[_0x303e[2]][_0x303e[3]]= w};return check}var check=check_origin()
Now put an additional code in some Footer JS File, to verify the code above wasn't modified in any way:
Non-Obfuscated example:
if(w!=='mysite.com'||check == false || typeof check == 'undefined' || check !== 587 ){
window.location.href = 'mysite.com';
}
Obfuscated:
var _0x92bb=["\x6D\x79\x73\x69\x74\x65\x2E\x63\x6F\x6D","\x75\x6E\x64\x65\x66\x69\x6E\x65\x64","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E"];if(w!== _0x92bb[0]|| check== false|| typeof check== _0x92bb[1]|| check!== 587){window[_0x92bb[3]][_0x92bb[2]]= _0x92bb[0]}
I have used free online service from Google's search results for the term "Free Online JS Obfuscator:
https://javascriptobfuscator.com/Javascript-Obfuscator.aspx
4. Fight thieves with available methods e.g. Request a Ban from Search Engines – The Digital Millennium Copyright Act of 1998
Here is a blog-post that describes what to do when someone is stealing your content.
https://lorelle.wordpress.com/2006/04/10/what-do-you-do-when-someone-steals-your-content/
You can investigate who is doing that and report them to their partners, search engines, advertisers - to disrupt their business.
Depending on their country of origin and yours, it is maybe even possible to sue them and win.
why not check if hostname is your ?
if(window.location.hostname != 'mysite.com'){
window.location.href = 'http://google.com/';
}
I am working on a mobile app, I build it using HTML 5, Ajax, jQuery and CSS.
I wrote the following codes to store loged-in user ID and name;
<script>
document.cookie = "id="+"1";
document.cookie = "name="+"Demo Name";
</script>
I have also written this function to read value of a cookie using its name;
function readCookie(name) {
name += '=';
for (var ca = document.cookie.split(/;\s*/), i = ca.length - 1; i >= 0; i--)
if (!ca[i].indexOf(name))
return ca[i].replace(name, '');
}
I call the following to read the name of the logged-in user into a variable called name;
var name = readCookie('name');
The codes above works fine while testing on a web browser but when i try to run it in the mobile app (compiled with Phonegap), the var name returns "undefined", which means that the script was not able to read the cookie value..
Please can anyone help me out here!
I cant figure out what i did or if am missing something.
I need to use cookie to validate logged in user in my mobile app.Thanks
On Phonegap document.cookie is empty, since index.html and all other files are loaded with file:// protocol. Phonegap manages cookies internally, but doesn't expose any function for clearing them.
You might want to have a look at the plugin:
https://github.com/bez4pieci/Phonegap-Cookies-Plugin
The plugin works like the following:
window.cookies.clear(function() {
console.log('Cookies cleared!');
});
I have found a solution after a long digging...
Cookie will not work on mobile app (using webview or similar), so I used local storage instead.
To store my data, i used
window.localStorage.setItem("key", "value");
To retrieve the data, i simply used
var data = window.localStorage.getItem("key");
That's it... it works fine on iOS, Android and windows Mobile.
I am mantaining a VB6 Windows application which digitally signs PDF documents by launching a JS file, located in the Javascripts subfolder of Acrobat 9.0. Now my Customer wants to plug another smart card reader to the PC which hosts the application, with its own smart card containing certificates related to a second person who will sign certain type of documents.
My question is: how can I programmatically choose, from my JavaScript code, the smart card reader I want?
In my JavaScript code I do the following:
//Initialize the signature handler
var myEngine = security.getHandler("Adobe.PPKLite");
//Obtain the available certificates
var ids = myEngine.digitalIDs;
var myCerts = ids.certs;
//Find the certificate I want to use to sign
for(var j=0; j<myCerts.length; j++)
{
if(myCerts[j].subjectCN == "SMITH JOHN")
{
oCert = myCerts[j];
break;
}
}
//Log to the signature engine by passing the certificate I want to use
//and the slot where the corresponding smart card reader is plugged
myEngine.login( { oParams: { cDIPath: ACROSDK.sigDigitalIDPath,
cPassword: ACROSDK.sigUserPwd,
iSlotID: 1,
oEndUserSignCert: oCert
}
} );
//Digitally sign the document with the certificate I chose
sigField.signatureSign({oSig: myEngine,
bUI: false,
oInfo: { password: ACROSDK.sigUserPwd,
location: ACROSDK.sigLocation,
reason: ACROSDK.sigReason,
contactInfo: ACROSDK.sigContactInfo,
appearance: "FirmaRPPR"
}
});
Why do I receive a General Error when executing signatureSign? Which is the correct way to assign the iSlotID parameter when logging to the signature engine or, alternatively, the cTokenLabel parameter?
Thanks in advance for your help and suggestions!
Mind you, I have no experience in using Acrobat scripting, but in PKCS#11 slot id would refer to the id of the smart card reader connected to the computer, and token label would be assigned label to one of the smart carts in that slot/reader, which can vary from PKCS#11 implementation to another.
And the easiest way to find out the label of the PKCS#11 token would be to configure the PKCS#11 DLL you're using as a Security device in Firefox browser and see the label field in the configuration. But that would be just to get you going in the right direction.
You can write a short C program against the PKCS#11 and use C_GetSlotList and C_GetSlotInfo to find out the slot id's and token labels, here is an example of that. It should not be a problem to port that code over to VB. Also there is NCryptoki that you can use to interface the PKCS#11 DLL.
I have been researching this for a while. For the site static.etreeblog.com I would like to change a duv's class if a website is offline.
Ways I have researched:
-Using the onerror tag with an image to run a function.
-Problem: One of the sites i want to test uses an external image host, meaning even if the site was offline the image could be.
Example of what I want to do:
function checksite( site, url ){
if url == online {
document.getElementByClass('site').setClass('online')
}
}
checksite('site1', 'www.example.com')
checksite('site2, 'www.example2.com')
Thankyou in advance.
Extra information:
-The divs will be set to offline by default.
-I am using tumblr to host the status tester (If that helps).
Use PHP, Its a solid way to do this.
Host this script on your server (file name say test.php)
<?php
$url = $_REQUEST["url"];
$port = $_REQUESR["port"]; // Or make it default
$fp = fsockopen($url, $port, $errno, $errstr, 0.4); //(line 47)
if (!$fp) {
echo "OFFLINE";
}
else{
echo "ONLINE";
}
?>
Now loop AJAX to open this file and check whether it is echoing ONLINE or OFFLINE.
You will need help on the server side. You could do an AJAX call to your server and it will call the url and return with the site status. If it is that server your monitoring then the AJAX error code will tell you the status.
I want to get user machine name or any unique code instead of IP.
Two system on same network have same IP but I want unique Code/number/name of each System.
Please tell me How can I do this with php.
Thanks
EDITED......
I am using below code. This is working on localend. But this stop working on live server. May be its getting server mac address but I want local machine Mac address from where my web app is accessing.
ob_start();//Get the ipconfig details using system commond
system('ipconfig /all');
// Capture the output into a variable
$mycom=ob_get_contents();
// Clean (erase) the output buffer
ob_clean();
$findme = "Physical";
//Search the "Physical" | Find the position of Physical text
$pmac = strpos($mycom, $findme);
// Get Physical Address
$mac=substr($mycom,($pmac+36),17);
//Display Mac Address
echo '<h1>demo---> '.$mac.'</h1>';
Edited
If this is not possible in php then javascript can be used for this? How can I use javascript to get client machine Physical Address....
You should try the below code.
$ip = $_SERVER['REMOTE_ADDR'];
// don't miss to use escapeshellarg(). Make it impossible to inject shell code
$mac1 = shell_exec('arp -a ' . escapeshellarg($ip));
// can be that the IP doesn't exist or the host isn't up (spoofed?)
// check if we found an address
if(empty($mac1)) {
die("No mac address for $ip not found");
}
// having it
echo "mac address for $ip: $mac1";
Hope this will work for you.