Hello I'm looking for one time clicking solution , i want javascript to load only one time in life for every member of my website
when member of my website will interact with javascript for example by clicking yes or no in browser i want this script not to load again in his browser
This is something that's best to do on the server side. For example, if you have a database field for users that is something like "Last Login" and you only load the script if that value is null.
It depends on the info you have on your users. This is not advisable to solve in js.
I would use cookies, however clunky that may seem. Create a cookie when he presses the button in the form and just test for that cookie when he visits each page. Do remember that people with cookies turned off will keep receiving it though.
You can use cookies or local/session Storage for this...something along these lines
if(!localStorage.getItem('isNewUser')) {
localStorage.setItem('isNewUser', false);
alert('new user');
//insert whatever you want to do the first time a user visits your page
}
There is no reliable way to do what you are asking. How are you going to uniquely identify your users? What's gonna happen if your users access the page from within another browser, another IP etc.?
The only somewhat reliable way of doing it is through a registration system which would require your users to log in before using your one-time functionality. Once they log in the functionality (button) should only be available through a server-side request or an asynchronous (ajax) request through JavaScript.
Even then its usually a lost battle to prevent people from creating multiple accounts etc.
Related
I'm new to web development and I'm trying to make small projects to better understand how javascript works and how interactive websites are made. So I wanted to make a simple website that would save links that you would enter using input/form submission. but what are the ways which I can use to store it on the server so when I open the page next time the website retrieves the saved information and displays it?
I know this question is pretty open, but I'm really lost in this part of web development because I'm seeing too many completely different things on the internet like PHP, ASP.net and what not. Can someone help me out?
It would be very thankful if someone can send me a link to a related tutorial or some similar resource, as well.
If you to do that, you will need a server side program with a Database.
Here is a tutorial for PHP, a popular language to do web pages http://www.w3schools.com/php/
When you submit your data in the form, That data will be sent to the file mentioned in the action attribute of the form. Now, each input element of your form will have a name attribute which you can use to refer as a key in your GET or POST super global array depending on the method attribute of your form tag.
I know it may sound confusing without example. But, This is explained at many links on the web. Try searching for form submission with post.
Decide on which technologies that you want to work with. I prefer you to use ajax with instead of just using javascript.
Link for flask tutorial http://www.fullstackpython.com/flask.html
Store the data in the client side is much simple I think. While storage in client, you can use localStorage sessionStorage and cookie.
localStorage you can storage whatever you want and it has no expiration time
sessionStorage the difference between localStorage is that it has a expiration time, A page session lasts for as long as the browser is open and survives over page reloads and restores
Cookie is much simple and can store limited value in string format
I have a website where your able to advertise things on my website. The problem is that people are able to do it more than once. Is there a way that people are allowed to visit the website and when they join back they will be redirected to another page saying you have already advertised. People are still able to use vpn's but i have a way to stop that.
How can i use javascript or php to record the users ip first when the visit the website, But if they leave the website or reload the page they will be redirected to another page saying you have already advertised. Is this to much work?
Technically yes, you could use JS and PHP to grab a user's IP address and work with it in a database but proxies and dynamic IPs would make it a very easy check to circumvent. You can also use PHP to create a persistent cookie to identify the user and his/her actions and see if you're getting a returning visitor who posted an ad, but cookies can easily be deleted.
So it's not that what you're trying to do is too much work, it's that it's fairly easily circumvented and not very reliable. Your best bet is an authentication system that requires a valid login to post an ad, logging what the advertisers do, and creating logic which will disallow spammy behavior based on your logs.
You won't be able to stop abuses by very, very determined users but you can make it harder and make them think twice about whether it's worth investing all that time and effort into spamming on your site when there are bound to be much softer targets, giving you the time to deal with the most egregious cases personally instead of trying to stop a torrent of spammy ads.
You cannot stop people doing that 100% for sure.
if you block their IPs they use proxy.
if you use session they change their browsers or reset it to default.
if you block their hardware like in facebook block hard disk serial again they use vpn servers.
if ..
there is no way bro.
Ask for paying instead of making it for free.
What do you recommend to use as "website sessions settings": I have few notifications (about using my web site functions) and I show them to user when he open the page first time. However, I do not want to show him everytime that he navigates the page.
My idea is to use some variable that is valid through session on my web site and terminates when user leaves it.
I am thinking of using php server settings and then use AJAX to set them, but it looks a little complicated. What do you think? Client session settings (if such exist) or global variables, or something else?
There are many ways to do so.
You can achieve that using HTML and Javascript using a cookie. (Take a look at [jQuery Cookie])1.
Check for the cookie when the user opens the page; if not found, show him the message and create the cookie.
I am working with rails applications since some couple of months. Now I am supposed to add a feature to show the welcome message for the first time when user visits the site home page, and not for second time even the user reloads the same page.
How can I achieve this by using jQuery or Javascript?
Simply set a cookie and check for it. If you use one of the usual jQuery cookie plug-ins, then put this script at the bottom of the page:
(function($) {
if (!$.cookie("yourcookiename")) {
$("selector for the message").show();
$.cookie("yourcookiename", "x");
}
})(jQuery);
That looks for the cookie and, if not found, shows content that you've defaulted to being hidden.
It's not perfect, because the user can clear cookies, but it's usually good enough.
Not sure how you define first time, if you just mean registered user then you can record something on your server side.
If you mean anyone, you need firstly define who is this guy, writing a cookie to client browser might work but if they change a browser your message will show up again, record IP on server side might work but if some people sharing internet connection then only one person can really see it in that sub net.
Most of the case using cookie should be fine, or to with HTML5 local storage
I've been looking for better ways to secure my site. Many forums and Q/A sites say jquery variables and HTML attributes may be changed by the end user. How do they do this? If they can alter data and elements on a site, can they insert scripts as well?
For instance I have 2 jquery scripts for a home page. The fist is a "member only" script and the second is a "visitor only" script. Can the end user log into my site, copy the "member only" script, log off, and inject the script so it'll run as a visitor?
Yes, it is safe to assume that nothing on the client side is safe. Using tools like Firebug for Firefox or Developer Tools for Chrome, end users are able to manipulate (add, alter, delete):
Your HTML
Your CSS
Your JS
Your HTTP headers (data packets sent to your server)
Cookies
To answer your question directly: if you are solely relying on JavaScript (and most likely cookies) to track user session state and deliver different content to members and guests, then I can say with absolute certainty that other people will circumvent your security, and it would be trivial to do so.
Designing secure applications is not easy, a constant battle, and takes years to fully master. Hacking applications is very easy, fun for the whole family, and can be learned on YouTube in 20 minutes.
Having said all that, hopefully the content you are containing in the JS is not "mission-critical" or "sensitive-data". If it is, I would seriously weigh the costs of hiring a third party developer who is well versed in security to come in and help you out. Because, like I said earlier, creating a truly secure site is not something easily done.
Short Answer: Yes.
Anything on the users computer can be viewed and changed by the user, and any user can write their own scripts to execute on the page.
For example, you will up vote this post automatically if you paste this in your address bar and hit enter from this page:
javascript: $('#answer-7061924 a.vote-up-off').click();
It's not really hacking because you are the end user running the script yourself, only doing actions the end user can normally do. If you allow the end user on your site to perform actions that affect your server in a way they shouldn't be able to, then you have a problem. For example, if I had a way to make that Javascript execute automatically instead of you having to run it yourself from your address bar. Everyone who came to this page would automatically upvote this answer which would be (obviously) undesired behavior.
Firebug and Greasemonkey can be used to replace any javascript: the nature of the Browser as a client is such that the user can basically have it do anything they want. Your specific scenario is definitely possible.
well, if your scripts are public and not protected by a server side than the Hacker can run it in a browser like mozilla.
you should always keep your protected content in a server side scripting and allow access by the session (or some other server side method)
Yes a user can edit scripts however all scripts are compiled on the user's machine meaning that anything they alter will only affect their machine and not any of your other visitors.
However, if you have paid content which you feed using a "members-only" script then it's safest if you use technology on the server to distribute your members-only content rather than rely on the client scripts to secure your content.
Most security problems occur when the client is allowed to interact with the server and modify data on the server.
Here's a good bit on information you can read about XSS: http://en.wikipedia.org/wiki/Cross-site_scripting
To put it very simply:
The web page is just an interface for clients to use your server. It can be altered in all possible ways and anyone can send any kind of data to your server.
For first, you have to check that the user sending that data to your server has privileges to do so. Usually done by checking against server session.
Then you have to check at your server end that you are only taking the data you want, and nothing more or less and that the data is valid by validating it on your server.
For example if there is a mandatory field in some form that user has to fill out, you have to check that the data is actually sent to server because user may just delete the field from the form and send it without.
Other example is that if you are trying to dynamically add data from the form to database, user may just add new field, like "admin", and set it to 1 and send the form. If you then have admin field in database, the user is set as an admin.
The one of the most important things is to remember avoid SQL injection.
There are many tools to use. They are made for web developers to test if their site is safe. Hackbar is one for example.