vsloathe

So I thought I'd share my method here, because I'm pretty proud of how it turned out.

This has to do with the

ajax

 ish thing I've been working on. What I decided to do was serialize the object used to create the gmail accounts and store it in HTML on the page, send it back on the post portion and unserialize it and use it. Pretty awesome because it lets me keep everything I need to know right there in the gmail object. This is probably old hat to a lot of you, but I thought it was cool and had not thought of doing it this way until now. The object is small and lightweight so the requests don't really take any longer, I do a lot of garbage collection (for instance unsetting the retrieved page once I have all the hidden values) so that the class does not become bloated between requests.

I'll post code if anyone's interested.

perkiset

Essentially keeping your state/session information at the client - a strong and uncomplicated methodology in a *private* application of course... anyone with access to that and nefarious intentions could have his evil way with you.

What was that URL again?  Applause

Side note - I love the [un]serialize() functions and keep stuff in DBs that way as well when readability is not an issue. Makes for a damn fast load when that's important.

DangerMouse

What format did you store the serialized object in vs ? I think Nop mention JSON in another post, but I've never attempted it.

However it was done, sounds like an awsome technique. Its interesting that you guys mention the technique being quite fast, I've seen quite alot of talk about serializing objects being resource intensive - I guess this could be down to scaling.

DM

vsloathe

All I do is set the value of a hidden input element to the serialized object, then I give it as an argument to an

AJAX

  function when it's time to use that data.


<?

php

 
require_once("x

ajax

 _core/x

ajax

 AIO.inc.

php

 ");
require_once('class.gmail.

php

 ');
$x

ajax

  = new x

ajax

 ();
$x

ajax

 ->registerFunction("prepCap");
$x

ajax

 ->registerFunction("getCap");
$x

ajax

 ->registerFunction("doPost");
$x

ajax

 ->processRequest();
$x

ajax

 ->print

Javascript

 ();
$main = <<<HTML
<script type="text/

javascript

 ">
x

ajax

 .callback.global.onRequest = function() {x

ajax

 .$('loading').style.display = 'block';}
x

ajax

 .callback.global.beforeResponseProcessing = function() {x

ajax

 .$('loading').style.display='none';}
</script>
<style type="text/css">
#loading {
    background: white;
    padding: 20px;
    border: 0px solid green;
    display: none; /* hidden */
    position: absolute;   
    left: 50%;
    margin-left: -100px;
    top: 25%;
    width: 200px;
    font-weight: bold;
    font-size: large;
    }
#capAnswer {
position: absolute;
left: 50px;
top: 100px;
}
#prefetched {
position: absolute;
left: 50px;
top: 125px;
}
#response {
position: absolute;
left: 50px;
top: 200px;
}
</style>
<html>
<div id="loading"><img src="

ajax

 -loader.gif" alt="loading..." /></div>
<body onload="x

ajax

 _prepCap('SHOW'); document.getElementById('capAnswer').focus();">
<div id="capImg" class="capImg"><img src="loading.jpg"></img></div>
<form onsubmit="x

ajax

 _getCap(storedGmailObject.value); x

ajax

 _doPost(gmailObject.value, capAnswer.value); capAnswer.value = ''; return false;">
<input type="text" name="capAnswer" id="capAnswer" />
<div id="prefetched"></div>
<input type="hidden" name="gmailObject" id="gmailObject" />
<input type="hidden" name="storedGmailObject" id="storedGmailObject" />
</form>
<div id="response" class="response"></div>
</body>
</html>
HTML;
echo($main);
function prepCap($flag)
{
$objResponse = new x

ajax

 Response();
$GC = new gmail;
    $GC->doGet();
if($flag == 'SHOW')
{
$objResponse->assign('capImg','innerHTML','<img src="'.$GC->captchaURL.'" onload="x

ajax

 _prepCap('NOSHOW');"></img>');
$objResponse->assign('gmailObject','value',serialize($GC));
}
else
{
$objResponse->assign('storedGmailObject','value',serialize($GC));
$objResponse->assign('prefetched','innerHTML','New session prefetched.');
}
return $objResponse;
}
function getCap($storedGmailObject)
{
$objResponse = new x

ajax

 Response();
$GC = unserialize($storedGmailObject);
$objResponse->assign('capImg','innerHTML','<img src="'.$GC->captchaURL.'" onload="x

ajax

 _prepCap('NOSHOW');"></img>');
$objResponse->assign('gmailObject','value',serialize($GC));
//$objResponse->assign('capAnswer','onkeyup','x

ajax

 _prepCap('NOSHOW'); capAnswer.onkeyup = '';');
$objResponse->assign('prefetched','innerHTML','');
return $objResponse;
}
function doPost($gmailObject,$capAnswer)
{
$GC = unserialize($gmailObject);
$GC->postString.='&newaccountcaptcha='.$capAnswer;
$GC->doPost();
$objResponse = new x

ajax

 Response();
$objResponse->assign('response','innerHTML',$GC->responsePage);
return $objResponse;
}
?>


It's very nice, because all the settings like proxy, name prefix, cookies, can be stored in the object and I need to make no further storage of them or anything.

Perk tell me how I could make this code a little more security-conscious? This is my first foray into this sort of thing.

jammaster82

nice.

perkiset

What you've got going on is tight and I think you're on the right track for a private application like you're working on.

What I was hinting at is that if you push state information, or specifically, programmatically influential code between you and the client, then a bonehead could send up stuff that you are not necessarily expecting... particularaly since you are sending a serialized object ie., when it is unserialized then it "is" whatever the serialized string defines... ergo, someone that knew of your IP could theoretically push up a serialized version of an object that sends a completely different message to a completely different recipient, for example. This is a rather silly example, but I was just pointing out that keeping programmatically influential code out at the client rather than internal to you is potentially dangerous.

But if it's all private then it's all good - and I really didn't want to rain on your parade man.

vsloathe

Actually the concerns of cross browser compatibility and security have realized themselves. I'm going to be offering this whole thing free (and possibly GPLed) in exchange for a double-opt-in to an email list. My plan is to put all the new players in this gmail game out of biz and build a list of potential customers for future applications.

I can't elaborate yet because I must talk to the illustrious Earl Grey of Syndk8 first.

thedarkness

quote author=vsloathe link=topic=728.msg5077#msg5077 date=1201140216


I can't elaborate yet because I must talk to the illustrious Earl Grey of Syndk8 first.


We talkin' about the same Earl Grey here?  Applause

quote author=DangerMouse link=topic=728.msg5066#msg5066 date=1201104835

What format did you store the serialized object in vs ? I think Nop mention JSON in another post, but I've never attempted it.



Here's an example using JSON DM.


    function fillInfoWindow( marker, id )
    {
        clickedMarker = marker;
        req.open( "GET", "http://www.xxxxxxxxxx.com/dev/jsonprodinfo.

php

 ?id=" + id, true );
        req.onreadystatechange = responseHandler;
        req.send( null );
    }

    function responseHandler()
    {
        if( req.readyState == 4 ) // Complete
        {
                var product = eval('(' + req.responseText + ')');
                clickedMarker.openInfoWindowHtml( "" + product.id + ": " + clickedMarker.getTitle() + "" );
        }
    }



req is a XMLHttpRequest (

AJAX

 Applause object.

http://www.xxxxxxxxxx.com/dev/jsonprodinfo.

php

  returns data like this;

{"lat": "0.0000000", "lng": "0.0000000", "title": "TD's Burger Barn", "id": "57"}


so product becomes an object that has member variables of "lat","lng","title", and "id"

This is for a Google maps app. that I'm using in my global takeover :-P

It looks like VS is using

PHP

 's built in serialize/unserialize functions.

Cheers,
td

perkiset

That's an interesting notion - the documentation seems to imply that an object would be just fine to encode, since the json_encode() takes a mixed type (anything except a resource, like a file handle) - so it should be workable to encode, but I am less sure about decode. Also, when you use serialize() and unserialize() against an object, then the __sleep and __wakeup functions are automatically called (if defined) which would not happen with the json_encode and _decode.

I can't see any benefit at all to using json_encode() over serialize() in this instance.


Perkiset's Place Home   Politics @ Perkiset's