What I'm trying to do is simple. I have a read.html on the domain and it has a Javascript code in it that will read a php file on the same domain. I was able to get the code of another html file. But when I try to read a php file I only get what I see in the browser.
What I get as output:
admin
What I want:
<?
echo "admin";
?>
JavaScript, running in a browser, can only access data on a server in the same way that any other remote application can (with some additional limitations caused by it being run in a sandbox, since you don't want arbitrary websites to be able to run any old code on your computer).
Since web servers are usually configured to run PHP programs and serve their output to the client, it is the output that your JavaScript program can see. This is generally desirable, server side code often contains confidential business logic and data such as credentials that shouldn't be exposed to just anybody with a browser.
If you want the PHP source code then you will need to either:
provide a different URL that serves the source code instead of running the program (the easiest way to do this is to copy the PHP into a .txt file)
configure your server to serve the PHP script from where it is instead of running it
Related
I'm trying to run a PHP script directly on the client side rather than taking request from a client to server & receiving back processed output or file. I created a PHP script which is running properly on the server side. I want to run that same PHP script on the client side as well. The PHP is not installed on the client side, it is only on the server side. Using <object> method I somehow managed to execute a PHP script on the client side. But it's just window or small frame that is visible on the current browser or in a page on the browser of a local machine (or client machine). So whenever PHP functions are invoked, it is executed at the server side, not on the client side.
Is there a way to execute PHP functions actually on the client side as well?
OR
Is there a way to open that entire working PHP page on the client side rather than on small window or in a frame of server page on a client browser without PHP installation?
What I tried is:
I created PHP script as "SERVER.php" which displays the name of all the files of a current working directory of the SERVER machine.
<?php
exec('dir', $status, $result);
var_dump($status);
?>
I want to get name of all the files of a current working directory but of CLIENT machine.
I created a html file as "CLIENT.html" that consists of the following code:
<object type="text/html" data="http://192.168.0.110:81/file2v2.php" width="800px" height="600px" style="overflow:auto;border:5px ridge blue">
</object>
Basically, the object function used in html contains the ip address followed by the port no. (of the Apache Server) and the php file name of the server (where php is installed and located).
Can anyone please help me how to execute PHP functions or say entire PHP scripts on the client side, or the way it can get it done.
All clients where you want to execute PHP scripts need to have PHP installed, as well as a running webserver (if those scripts are accessed via http). There is no way around that.
One way to do it without client side code is to give your webserver SSH access to all the clients. (This means creating the user on each machine and giving it the necessary permissions). Then the server could read the visitor's IP, connect to it via SSH and read the filesystem of the client and display it in the browser. This would be a wild approach, but possible.
Check this out: https://kvz.io/blog/2007/07/24/make-ssh-connections-with-php/
It would also mean that if someone gets access to that server or can somehow exploit it, all clients are compromised as well.
To run a script, you need an interpreter installed, the browser can read js script, but cannot read php script, for example.
https://en.wikipedia.org/wiki/PHP
I think you should take a look at the difference between client-side and server-side. Take a look here, it explains a lot.
Quote from the above link:
Key Differences Between Server-side Scripting and Client-side Scripting
Server-side scripting is used at the backend, where the source code is not viewable or hidden at the client side (browser). On the other hand, client-side scripting is used at the front end which users can see from the browser.
When a server-side script is processed it communicates to the server. As against, client-side scripting does not need any server interaction.
The client-side scripting language involves languages such as HTML, CSS and JavaScript. In contrast, programming languages such as PHP, ASP.net, Ruby, ColdFusion, Python, C#, Java, C++, etc.
Server-side scripting is useful in customizing the web pages and implement the dynamic changes in the websites. Conversely, the client-side script can effectively minimize the load to the server.
Server-side scripting is more secure than client-side scripting as the server side scripts are usually hidden from the client end, while a client-side script is visible to the users.
If you want every logic done on the client-side, take a look at Angular, VueJS or just basic Javascript. But with Javascript (including Angular/VueJS/Etc.) you can not manipulate client-side files, which would be a major security issue if it was able to. To change things on the server-side, you will always need a back-end programming language like PHP, C#, Java etc.
Be aware that everything you do on the client-side, is visible for the client and can be changed by the client. Which makes your application vulnerable for attackers.
To answer your question: You can't.
Basically, no.
But you can read about C# Blazor approach (https://dotnet.microsoft.com/apps/aspnet/web-apps/blazor) and try to implement something like this.
I'm pretty new to web development, so bear with me if these questions seem pretty fundamental.
My use-case is as follows: I am hosting a server using ngrok which allows me to allow clients to securely tunnel to a server I host locally, using a public http(s) URL that ngrok generates.
Currently the server I am running locally is the simplest possible python web server (I literally just invoke 'python -m SimpleHTTPServer 8080').
Let's say I have a file "simplescript" located in the local directory where I instantiate the Python server. I would like to put in php code in "simplescript" so that when somebody fetches the file by using the browser to access "https://ngrokURL.ngrok.io/simplescript", then my server will execute the php code in the script directly and return the return value (if one is generated) to the client requesting my file.
Right now, when I try to do this, the client accessing my file only receives the actual text content of the script, and so it seems that the script is not being executed at all.
Question:
Is my use-case something that can be achieved using the Python simple HTTPserver, or do I need other tools?
How can I make my scripts executable for my server (if that is something I have to do)?
Thanks for the help!
What exactly is the difference between accessing a file through HTML (e.g. <img src="xxx.jpg">) or JavaScript, and using PHP to read a file. The file is still just on the server in both cases, isn't it?
What makes using PHP to access the server's file system different to someone just typing in the URL of the file (provided they know what it is)?
javascript is client side and runs in the browser.
php is server side and runs in the server.
note that there are now server side javascript interpreters like node.js or phantom.js
For static files like (images, HTML, etc) there is no difference, if you directly enter the file URI or read it internally and print the buffer through PHP (at this case the file URI will change for sure).
For dynamic files (PHP files), the same concept is true, if you enter the file URI directly you will get the output of that file, and if you read it internally (There are two types: include and read its source). but in most cases, PHP files are designed for execution not for printing the source, therefore, in both cases:
When you try to read static files by PHP its just resource wasting if there is no need to use PHP.
In the two cases you mentioned the file is on the server. If the file is static such as images, you can have its URL directly in the HTML.
In some cases you need to to have a dynamic URL for the content, for example a download service that generates a temporary URL for the content after authenticating the user. In such case you would serve the file using PHP since you do not have a fixed URL for the content
Like you are saying, php might really access the FILE SYSTEM, while a client just can access files the Server handles to them.
I have a chrome extension I've developed that reads and parses HTML contents into a CSV file.
This part works great, and the user is able to download the file.
What I want to do at this point, is find a way to send that data directly to a MySQL database.
I know that a chrome extension cannot run PHP (obviously). I do however have access to a hosted web server to which I can upload custom PHP scripts.
Is there any way to send my parsed data directly to a hosted PHP script which will process the data and then send the data to a MySQL database on the same server?
Everything I've researched thus far has resulted in "chrome extensions cannot run PHP scripts" . . .
Thanks for your help!
Edit: One option I was thinking of would be to inject HTML hidden fields with values of my data, and then use javascript to POST the data to the PHP URL . . . . Would that be an option? Can chrome extensions inject hidden fields?
You can absolutely make a POST method HTTP request to a server from a chrome extension. It doesn't require any kind of hack to accomplish this. With native JavaScript use the 'POST' method to an XMLHttpRequest or with a library like jQuery just make a $.post request.
A couple of things:
You're going to want to use HTTPS, so get an SSL certificate for your server/domain. If you are parsing any kind of website content on an HTTPS protected page and sending that in the clear text to your own server you are doing A Very Bad Thing. Do Not Do That.
Make sure you tell your users that you are doing this. Some/Most people may not want that.
Use a content script to grab the content from the DOM. Pass it to your extensions background script using postMessage message passing.
Make the POST request from your background script.
You will need to update your manifest.json to have permissions to the URLs you want to inject the content into, and permissions to make the POST request to your server's domain. Users will have to see and approve these permissions, but they will not know what you are doing, so be sure to tell them.
I have a series of JSON Objects I want to save locally on my server. I am attempting to avoid any server-side script like PHP as required per demand of whats being built. I know its a security risk, but that in this case is not a particular worry. So that said is it possible to actually write to a file and or get its contents via javascript with or without the help of a lib such as jquery?
I should mention I am attempting to avoid ActiveX as I know this is an IE only feature and the software we are developing is planned to be Cross Browser supported
So that said is it possible to actually write to a file and or get its contents via javascript with or without the help of a lib such as jquery?
Nope. You will need something running on server side that can receive your JavaScript input and write it to the server.
Internet Explorer's proprietary file writing functionality is for writing local (client-side) files only.
You can read a file using ajax, but without a server side language you cannot write a file to the server.
https://developer.mozilla.org/en/ajax
No. Javascript runs on the client. You need server-side code to access the server's file system.
Client-side JavaScript can only send data to a server, there's no way for it to tell the server what to do with the data.
To save data to a file or db on a server, you'll require a server-side script of some sort (could be server-side JS with Node.js). If all you need is persistent data, you could store some JSON strings in localStorage or in cookies as needed. They wouldn't be shareable that way though.
Yes, you can use AJAX requests in JavaScript without using jQuery. However, jQuery will save you an ungodly amount of time and cross-browser testing.
But, as others have already said, you can't write server files without server code.