I'm trying use websocket to my project.
to implement I've used this code http://www.sanwebe.com/2013/05/chat-using-websocket-php-socket.
this chat works good, but in my project I must get statistics about visited user on webpage, so I need user IP, User_Agent, user referrer to recognize user.
My question is, how to get all this necessary data (user IP,browser user agent, refferer) via websocket?
And one more: to improve performance will better to use move code from php websocket to node.js with nginx server?
Use JavaScript at the client side, which will send this info using websocket.sendMessage() after the upgrade handshake.
And then you can maintain some data struture that would store that info w.r.t the session id of the client at the server side if you want to.
Try this
<script type="text/javascript">
function getip(json) {
alert(json.ip); // alerts the ip address
}
</script>
<script type="application/javascript" src="http://jsonip.appspot.com/?callback=getip">
</script>
The getip() method alerts the client IP as soon as the page is loaded.
You can now store the IP in a variable and send it to the server using websocket's send() method.
For browser UA, please read this.
Related
How one can communicate with Mettler toledo IND780 device for reading weight through browser application through javascript. I know ActiveXObject will work with only Internet explorer . But is there any documentation or API to do this via javascript.
First, You need to contact the developers of the Mettler toledo IND780 device and confirm with them, whether this product can interact with any Web application or not. As other community member already informed you that this kind of devices can not be accessible from any web app.
I try to visit their site and I find that this product can work like below.
Reference:
IND780 Advanced Weighing Terminal
They can give you the proper idea or any example to interact with this device.
If they deny you that this device cannot work with Web app then try to store the data from that device to any Excel file and then try to import the data from that Excel file to your web app may help you to solve the issue.
You need to use a TelNet client to communicate with the device. Currently i'm using C# to connect and read information. I think you can use a similar library from JavaScript side.
Old thread but maybe this answer can help someone, best way around is to code a back-end application to get the data you need from the Shared Data of the IND780 (Shared Data Reference manual), example in Python3:
import socket
import time
# Create a TCP/IP socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# Connect the socket to the port where the server is listening
server_address = ('172.16.40.98', 1701)
print('connecting to {} port {}'.format(*server_address))
sock.connect(server_address)
try:
time.sleep(0.1)
data = sock.recv(2048)
print('1 received {!r}'.format(data))
message = b'user admin\n'
print('2 sending {!r}'.format(message))
sock.sendall(message)
data = sock.recv(2048)
print('3 received {!r}'.format(data))
print(len(message))
print('')
message = b'read wt0101\n'
# wt--01 Displayed Gross Weight
print('4 sending {!r}'.format(message))
sock.sendall(message)
data = sock.recv(2048)
print('5 received {!r}'.format(data))
I am already connected in an organisation in an Active Directory (LDAP). After that, I want to connect with Meteor to a MongoDB etc... I have to get the user name (Me in occurrence who is already connected) from Active Directory. But first of all, how do I get my user in js. or ajax,json call in meteor.js(node.js or others?).
I have look a lot at different things, like if you are in server side with asp.net you can do this : Page.User.Identity.Name So maybe create a web service that return your user?
Would
<script language="javascript">var username =
'<HttpContext.Current.User.Identity.Name %>';
</script>
work?
But if I follow the link it explain it's for Razor.
How to get the user's username in my intranet web application in a windows network
Maybe the solution is to get an API with Meteor to do call json to get username like JSonAuth? Or to use node.js with passport.js but now new version of Meteor use oAuth it seems..
or to call the IIS Server to know the current user?
How to get the profile of current user in node js
I am using openfire as an XMPP server and using converse as client library. I want to send a chat message from my chat window to openfire. For this I want to send the text to a converse method which will send the message to the XMPP server.
I am trying to send the message using the following:
var msg = converse.env.$msg({
from: 'a1#localhost',
to: 'a6#localhost',
type: 'chat',
body: "Hi"
});
converse.send(msg);
But this sends the following frame in network of console in websocket:
message from='a1#localhost' to='a6#localhost' type='chat' body='Hi' xmlns='jabber:client'/>
This does not transfer message to the other user neither it stores it in the table. I am pretty much sure I am calling a wrong function. Can anyone povide any help.
You are calling the right function.
What you'll probably miss:
Listener of messages in "a6#localhost" client: as I read in documentation there are few functions
Probably, the right name of server. "localhost" has problem. You can
check Openfire for real service name on his own web panel
To check if a message it's delivered in Openfire you'll can check
OF's log (check debug one, but probably you'll have to enable it).
Real time messages are not stored on database, only groupchat's ones
and not everytime AND offline messages. To not find them on db means nothing
https://conversejs.org/docs/html/development.html
converse.chats.open('buddy#example.com');
converse.chats.get('buddy#example.com');
converse.listen.on('message', function (event, messageXML) { ... });
The syntax is wrong. conversejs uses strophe plugin to construct and send messages. It exposes the strophe $msg message builder for constructing stanzas. It has to be in the following format:
converse.env.$msg({from: 'a1#localhost', to: 'a6#localhost', type: 'chat'}).c('body').t('Hi');
You need to add a body node and within it a text node for the message.
You can also create and add your own api method and internally create a method that sends your custom stanza, and expose it using the api.
I have built a browser game and now I'm working on making it a bit more secure. Since all server requests are initiated from javascript even kids could tamper data on the server. I've been reading through questions on stackoverflow and implemented sending/receiving a token in my requests however I am regenerating this token on every request to the server and send the new one back to the client for the next call. Requests are made through https and are of type POST.
Here's the token flow on client side:
var token = 'abcd1234';
$.ajax({
url: "index.php",
type: "post",
data: {
method: "score",
value: 50
}
});
$(document).ajaxSend(function(e, xhr, o){
o.data += '&token=' + token;
});
$(document).ajaxComplete(function(e, xhr, o){
var data = JSON.parse(xhr.responseText);
token = data.token;
});
And on server side:
if (!isset($_POST['token']) || ($_POST['token'] != $_SESSION['token']))
{
die();
}
else
{
// generate new token and send it back along with the response
}
So my question would be if this token increases the security of my server requests or not and what can be done to further increase the security?
EDIT This is a facebook game, all code is javascript and the server side simply handles updating the database.
I dont really think tokens do alot when using Ajax.
You should just validate all your forms and data server sided with the users session because the login itself is the most realiable way to identify a user.
A token an merely help to make session stealing/riding harder but if you code your session handle to logout the user on changed IP adress this should be fair secure enough.
I have an online game aswell and I dont do more but validate all forms and values against injection, valid data and check the login/session every time correctly and never had any bad experience with that.
One more thing I do is security issue is that you should flag your admin accounts with a special attribute that it requires a special IP range to login, then I fetch the ip range with a whois lookup on ripe.net and enter it into the database and look if the users actual IP is inside the min and max ip, this way maybe 1 of 1000 attackers would have the correct IP adress to login with the admin account even if they achive the login data.
Remember that the generated token will be received and send with every normal ajax request and someone who want to harm you and your page will analyse your form and request data and then simply copy that process.
It will make it harder for script kiddies, but not for professional intruders.
Its all just a matter about how paranoid you are about security issues and how skilled your possible attackers are.
As Steini already stated the ONLY reliable login system is done with session. The client side solution has got infinity security issues.
You can for example make the system using session and than use Javascript to ask php if the user is logged, and which privilege it has.
This said you can use PDO to increment the security, you can also fetch all the data from all the form and all variables that are passed through browser alone to exclude some issues.
Without a secure login system your game will be a security bomb and will create you trouble soon or later.
we have an application where button click in flex side restarts the server and makes the client logged out. once after logout, If user logs in it gives error since the server is not up by the time. In our scenario the server takes time to restart because of the stuff(like back up). I want the user to be notified of the webserver status if he tries to log in.
is there any way to monitor the status of server in Flex side. or Will javascript help in finding whether the server is up or not?.
Also I tried redirecting to html page using external interface but I am not sure how to automatically redirect it again to the swf file when the server becomes active.the server downtime is not known(may be 2 or 5 or 10 minutes.)
So what would be the best approach.Any help would be of greatly appreciated.
Using URLLoader you can try to download a file on the server and listen to ioError or httpStatus.
private var testLoader:URLLoader;
private var testRequest:URLRequest;
...
testRequest = new URLRequest("http://server/testFile");
testLoader = new URLLoader(request);
testLoader.addEventListener(HTTPStatusEvent.HTTP_STATUS, onStatus);
private function onStatus(HTTPStatusEvent:event):void
{
//test the status, if the server is up, reconnect, else...
testLoader.load(testRequest);
}
Interesting problem. When you mean restart, do you mean just a specific service like Apache or like an actual reboot of the server? I ask because it would mean different scenarios. I'm not exactly sure what you're doing, but I'll assume that you're rebooting the server.
One of the problems here is that the client logs out, which is something we do not want. What I would do is have a second server which it's sole purpose would be authentication and giving status on the other server. This is a 'man in the middle' approach where this server doesn't log you out, but all calls are redirected to the other server.
From the Flex side, you can have it calls the 'man in the middle' to see what's the status. Depending on the technology you're using (polling vs pushing), you can get the data needed and show the user the status.