The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 18, 2019, 11:07:57 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: This is pretty hot.  (Read 4310 times)
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« on: January 23, 2008, 07:04:24 AM »

So I thought I'd share my method here, because I'm pretty proud of how it turned out.

This has to do with the ajaxish thing I've been working on. What I decided to do was serialize the object used to create the gmail accounts and store it in HTML on the page, send it back on the post portion and unserialize it and use it. Pretty awesome because it lets me keep everything I need to know right there in the gmail object. This is probably old hat to a lot of you, but I thought it was cool and had not thought of doing it this way until now. The object is small and lightweight so the requests don't really take any longer, I do a lot of garbage collection (for instance unsetting the retrieved page once I have all the hidden values) so that the class does not become bloated between requests.

I'll post code if anyone's interested.
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: January 23, 2008, 08:31:46 AM »

Essentially keeping your state/session information at the client - a strong and uncomplicated methodology in a *private* application of course... anyone with access to that and nefarious intentions could have his evil way with you.

What was that URL again?  Devilish

Side note - I love the [un]serialize() functions and keep stuff in DBs that way as well when readability is not an issue. Makes for a damn fast load when that's important.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« Reply #2 on: January 23, 2008, 09:13:55 AM »

What format did you store the serialized object in vs ? I think Nop mention JSON in another post, but I've never attempted it.

However it was done, sounds like an awsome technique. Its interesting that you guys mention the technique being quite fast, I've seen quite alot of talk about serializing objects being resource intensive - I guess this could be down to scaling.

DM
Logged
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #3 on: January 23, 2008, 09:40:24 AM »

All I do is set the value of a hidden input element to the serialized object, then I give it as an argument to an AJAX function when it's time to use that data.

Code:
<?php
require_once("xajax_core/xajaxAIO.inc.php");
require_once(
'class.gmail.php');
$xajax = new xajax();
$xajax->registerFunction("prepCap");
$xajax->registerFunction("getCap");
$xajax->registerFunction("doPost");
$xajax->processRequest();
$xajax->printJavascript();
$main = <<<HTML
<script type="text/javascript">
xajax.callback.global.onRequest = function() {xajax.$(\'loading\').style.display = \'block\';}
xajax.callback.global.beforeResponseProcessing = function() {xajax.$(\'loading\').style.display=\'none\';}
</script>
<style type="text/css">
#loading {
    background: white;
    padding: 20px;
    border: 0px solid green;
    display: none; /* hidden */
    position: absolute;    
    left: 50%;
    margin-left: -100px;
    top: 25%;
    width: 200px;
    font-weight: bold;
    font-size: large;
    }
#capAnswer {
position: absolute;
left: 50px;
top: 100px;
}
#prefetched {
position: absolute;
left: 50px;
top: 125px;
}
#response {
position: absolute;
left: 50px;
top: 200px;
}
</style>
<html>
<div id="loading"><img src="ajax-loader.gif" alt="loading..." /></div>
<body onload="xajax_prepCap('SHOW'); document.getElementById('capAnswer').focus();">
<div id="capImg" class="capImg"><img src="loading.jpg"></img></div>
<form onsubmit="xajax_getCap(storedGmailObject.value); xajax_doPost(gmailObject.value, capAnswer.value); capAnswer.value = ''; return false;">
<input type="text" name="capAnswer" id="capAnswer" />
<div id="prefetched"></div>
<input type="hidden" name="gmailObject" id="gmailObject" />
<input type="hidden" name="storedGmailObject" id="storedGmailObject" />
</form>
<div id="response" class="response"></div>
</body>
</html>
HTML;
echo(
$main);
function 
prepCap($flag)
{
$objResponse = new xajaxResponse();
$GC = new gmail;
    
$GC->doGet();
if($flag == 'SHOW')
{
$objResponse->assign('capImg','innerHTML','<img src="'.$GC->captchaURL.'" onload="xajax_prepCap(\'NOSHOW\');"></img>');
$objResponse->assign('gmailObject','value',serialize($GC));
}
else
{
$objResponse->assign('storedGmailObject','value',serialize($GC));
$objResponse->assign('prefetched','innerHTML','New session prefetched.');
}
return $objResponse;
}
function 
getCap($storedGmailObject)
{
$objResponse = new xajaxResponse();
$GC unserialize($storedGmailObject);
$objResponse->assign('capImg','innerHTML','<img src="'.$GC->captchaURL.'" onload="xajax_prepCap(\'NOSHOW\');"></img>');
$objResponse->assign('gmailObject','value',serialize($GC));
//$objResponse->assign('capAnswer','onkeyup','xajax_prepCap(\'NOSHOW\'); capAnswer.onkeyup = \'\';');
$objResponse->assign('prefetched','innerHTML','');
return $objResponse;
}
function 
doPost($gmailObject,$capAnswer)
{
$GC unserialize($gmailObject);
$GC->postString.='&newaccountcaptcha='.$capAnswer;
$GC->doPost();
$objResponse = new xajaxResponse();
$objResponse->assign('response','innerHTML',$GC->responsePage);
return $objResponse;
}
?>


It's very nice, because all the settings like proxy, name prefix, cookies, can be stored in the object and I need to make no further storage of them or anything.

Perk tell me how I could make this code a little more security-conscious? This is my first foray into this sort of thing.
Logged

hai
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« Reply #4 on: January 23, 2008, 01:57:38 PM »

nice.
Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #5 on: January 23, 2008, 06:56:47 PM »

What you've got going on is tight and I think you're on the right track for a private application like you're working on.

What I was hinting at is that if you push state information, or specifically, programmatically influential code between you and the client, then a bonehead could send up stuff that you are not necessarily expecting... particularaly since you are sending a serialized object ie., when it is unserialized then it "is" whatever the serialized string defines... ergo, someone that knew of your IP could theoretically push up a serialized version of an object that sends a completely different message to a completely different recipient, for example. This is a rather silly example, but I was just pointing out that keeping programmatically influential code out at the client rather than internal to you is potentially dangerous.

But if it's all private then it's all good - and I really didn't want to rain on your parade man.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #6 on: January 23, 2008, 07:03:36 PM »

Actually the concerns of cross browser compatibility and security have realized themselves. I'm going to be offering this whole thing free (and possibly GPLed) in exchange for a double-opt-in to an email list. My plan is to put all the new players in this gmail game out of biz and build a list of potential customers for future applications.

I can't elaborate yet because I must talk to the illustrious Earl Grey of Syndk8 first.
Logged

hai
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #7 on: January 23, 2008, 07:56:05 PM »


I can't elaborate yet because I must talk to the illustrious Earl Grey of Syndk8 first.

We talkin' about the same Earl Grey here?  ROFLMAO

What format did you store the serialized object in vs ? I think Nop mention JSON in another post, but I've never attempted it.


Here's an example using JSON DM.

Code:
    function fillInfoWindow( marker, id )
    {
        clickedMarker = marker;
        req.open( "GET", "http://www.xxxxxxxxxx.com/dev/jsonprodinfo.php?id=" + id, true );
        req.onreadystatechange = responseHandler;
        req.send( null );
    }

    function responseHandler()
    {
        if( req.readyState == 4 ) // Complete
        {
                var product = eval('(' + req.responseText + ')');
                clickedMarker.openInfoWindowHtml( "<b>" + product.id + ": " + clickedMarker.getTitle() + "</b>" );
        }
    }



req is a XMLHttpRequest (AJAX) object.

http://www.xxxxxxxxxx.com/dev/jsonprodinfo.php returns data like this;
Code:
{"lat": "0.0000000", "lng": "0.0000000", "title": "TD's Burger Barn", "id": "57"}

so product becomes an object that has member variables of "lat","lng","title", and "id"

This is for a Google maps app. that I'm using in my global takeover :-P

It looks like VS is using PHP's built in serialize/unserialize functions.

Cheers,
td
« Last Edit: January 23, 2008, 07:58:56 PM by thedarkness » Logged

"I want to be the guy my dog thinks I am."
 - Unknown
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #8 on: January 23, 2008, 08:46:31 PM »

That's an interesting notion - the documentation seems to imply that an object would be just fine to encode, since the json_encode() takes a mixed type (anything except a resource, like a file handle) - so it should be workable to encode, but I am less sure about decode. Also, when you use serialize() and unserialize() against an object, then the __sleep and __wakeup functions are automatically called (if defined) which would not happen with the json_encode and _decode.

I can't see any benefit at all to using json_encode() over serialize() in this instance.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!