Advanced Search

Results 1 to 10 of 10

Thread: Auto Update?

  1. #1
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    275
    Thanks
    3
    Thanked 17 Times in 17 Posts

    Default Auto Update?

    It loads the content the first time but when i change the content then it doesnt load anymore. Im not sure why it doesnt.

    Code:
    <html>
    <body>
    <p id="demo"></p>
    
    <script>
    setInterval(document.getElementById("demo").innerHTML='<?php echo file_get_contents("chat.txt") ?>',1000);
    </script>
    </body>
    </html>

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Are you sure it doesn't load it on subsequent attempts?

    (After all, you're reloading the same content, so it would not appear to change. If you're trying to read the file again, you would need to use an ajax request [or similar] to run the PHP script again.)
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  3. #3
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    275
    Thanks
    3
    Thanked 17 Times in 17 Posts

    Default

    I dont think I am. However, I may have to close to txt file. i think that may be the problem:
    Code:
    <?php
    
    $file_name = 'chat.txt';
    
    if(isset($_POST['send'])){
    	if($_POST['message'] != NULL && $_POST['message'] != ''){
    		$current = '<div class="box"><div class="name">Something</div><div class="message">'.$_POST['message'].'</div></div>';
    		$current .= file_get_contents($file_name);
    		file_put_contents($file_name, $current);
    	}
    }
    
    
    
    ?>
    
    <html>
    <head>
    <link rel="stylesheet" href="main.css" />
    
    
    
    </head>
    <body>
    
    <div id="chat_outer">
    
    <div id="chat">
    
    <iframe src="chat_info.php" frameborder="0" width="100%" height="100%"></iframe>
    
    </div>
    <div id="content">
    <form action="chat.php" method="POST">
    Message: <input type="text" name="message" autofocus="autofocus" autocomplete="off" />
    <button type="submit" name="send" value="0">Send</button>
    </form>
    </div>
    
    </div>
    
    </body>
    </html>
    I know there are other things that can go wrong with this but im just checking something.

    It does change but lets say if i open two pages and do one of these the other doesnt change.

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by Crazykld69 View Post
    I dont think I am. However, I may have to close to txt file. i think that may be the problem:
    PHP Code:
    <?php

    $file_name 
    'chat.txt';

    if(isset(
    $_POST['send'])){
        if(
    $_POST['message'] != NULL && $_POST['message'] != ''){
            
    $current '<div class="box"><div class="name">Something</div><div class="message">'.$_POST['message'].'</div></div>';
            
    $current .= file_get_contents($file_name);
            
    file_put_contents($file_name$current);
        }
    }
    I know this isn't part of your original question, but this code is vulnerable to XSS attacks. Let me know if you would like me to explain.

    Quote Originally Posted by Crazykld69 View Post
    It does change but lets say if i open two pages and do one of these the other doesnt change.
    Right - that is as expected. Let me explain what I meant earlier:

    PHP Code:
    <html>
    <body>
    <p id="demo"></p>

    <script>
    setInterval(document.getElementById("demo").innerHTML='<?php echo file_get_contents("chat.txt"?>',1000);
    </script>
    </body>
    </html>
    This is a PHP script. When it runs, it gets the contents of your chat.txt file, as a string. The script's output will look something like this:
    HTML Code:
    <html>
    <body>
    <p id="demo"></p>
    
    <script>
    setInterval(document.getElementById("demo").innerHTML='<div class="box"><div class="name">Something</div><div class="message">Message #1</div></div>
    <div class="box"><div class="name">Something</div><div class="message">Message #2</div></div>
    <div class="box"><div class="name">Something</div><div class="message">Message #3</div></div>
    <div class="box"><div class="name">Something</div><div class="message">Message #4</div></div>',1000);
    </script>
    </body>
    </html>
    Once it gets to the browser, the javascript will run, and add that string to your p#demo. However, there's no point in doing it again, since the contents of the paragraph will be replaced by the same string.

    The "one page" (the page where you submit the new comment) is updated because it is reloaded after you submit the form.

    - - - - -- - - - -- - - - -- - - - -- - - - -

    If you used ajax instead, you could get the *current* version of the chat.txt file. For example:
    Code:
    setInterval( 
        function(){
            var xmlhttp = window.XMLHttpRequest? new XMLHttpRequest(): new ActiveXObject( 'Microsoft.XMLHTTP' );
            xmlhttp.onreadystatechange = function() {
                if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
                    document.getElementById("demo").innerHTML = xmlhttp.responseText;
                }
            }
            xmlhttp.open("GET", "/path/to/chat.txt", true);
            xmlhttp.send();
        }
       ,1000
    );
    consider, however, that if you have a significant number of users and a typical shared hosting setup, you could quickly shut your own site down with so frequent requests.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  5. #5
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    275
    Thanks
    3
    Thanked 17 Times in 17 Posts

    Default

    There wont be many people that actually know about the website xD So that wont be a problem. Also the length of the file would be a problem but ill prolly make it delete itself after a certain size.
    For some weird reason i cant get your thing to actually load either. Ive tried that set up before and it work for some reason. It freezes then when i try inputting new data it doesnt want the do anything with the data. Unless i have to be on a server then that would explain it. Also, if you wanna explain XSS attacks to me that would be great but send it in a message since its not part of the OP.

    Also i know one more thing i have to fix. If anyone tried to place html or another language in there i would have to remove it from the string. :3
    Last edited by Deadweight; 09-28-2013 at 10:30 PM.

  6. #6
    Join Date
    Jul 2008
    Location
    Derbyshire, UK
    Posts
    1,883
    Thanks
    16
    Thanked 288 Times in 287 Posts
    Blog Entries
    4

    Default

    Could I possibly request that the XSS attack information be posted here as its something that I think would be beneficial to other readers and it is in context of the thread.

    If not, that's ok - could you copy me in too traq?
    Focus on Function Web Design | Latest News RSS | Facebook | Twitter |
    Fast Edit (A flat file, PHP web page editor & CMS. Small, FREE, no database!) | Fast Edit BE (Snippet Manager) (Web content editor for multiple editable regions!) | Fast Apps |
    The only limit to creativity is imagination: JemCon.org

  7. #7
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    275
    Thanks
    3
    Thanked 17 Times in 17 Posts

    Default

    Sure he can post it here if he would like.

  8. #8
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by Crazykld69 View Post
    For some weird reason i cant get your thing to actually load either. Ive tried that set up before and it work for some reason. It freezes then when i try inputting new data it doesnt want the do anything with the data. Unless i have to be on a server then that would explain it.
    No, ajax won't work without a webserver. Also, the webpage and the file you're trying to load must both be on the same domain.

    The code I posted is slightly modified from another example - it should work, but I haven't tested it. I will test when I have a chance.

    Quote Originally Posted by Crazykld69 View Post
    Also i know one more thing i have to fix. If anyone tried to place html or another language in there i would have to remove it from the string. :3
    In where?

    If you're talking about ajax, then yes, responses are treated as text by default. You need to explicitly "do something" with that text if you want it treated as HTML, Javascript, etc.. Libraries (like jQuery) can be helpful in that regard.

    Quote Originally Posted by Crazykld69 View Post
    Also, if you wanna explain XSS attacks to me that would be great
    XSS (Cross-Site Scripting) is an attack where the attacker manages to put their own code onto your site, so it will be served to other users.

    In your example, you are taking the message the user submitted (which you assume is simply text, but could contain HTML or even Javascript), writing it directly to a file on your server, and then showing it to anyone that later views the page. The fact that you're saving it to a file makes it especially dangerous: the attack will persist as long as that file is served.

    Another risk (though less likely, but still possible depending on your server configuration) is if the attacker writes PHP code into their message. If the "chat" file is in a publicly accessible directory, and the server can be tricked into parsing it, the attacker can gain control of your entire site.

    The solution is simple: never trust user input. Sanitize and validate everything that comes from the user.

    There are two approaches:

    1) Sanitize user input when you receive it. For example, use strip_tags to remove all HTML or PHP tags from the chat message.

    2) Sanitize you output. Don't save HTML in the chat file - just the messages. Then, read the file and use something like htmlentities to make sure the messages display as text, and insert the messages into a template before you serve them.

    Just remember, everything that comes from the user should be treated as if it is either broken or malicious until proven otherwise. Even if you trust your users, never trust user input.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

  9. The Following User Says Thank You to traq For This Useful Post:

    Deadweight (09-29-2013)

  10. #9
    Join Date
    Mar 2010
    Location
    Florida
    Posts
    275
    Thanks
    3
    Thanked 17 Times in 17 Posts

    Default

    Actually, about your XSS problem is something i was gonna fix when i was explaining about the html and php problems xD
    Didnt know it was called XSS.

    SO assuming Ajax is needed directly from a website i cant use xampp to host it like PHP?
    -DW [Deadweight]
    Resolving your thread: First Post: => EDIT => Lower right: => GO ADVANCED => Top Advance Editor drop down: => PREFIX:Resolved

  11. #10
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,627
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    xampp == apache server, yes.

    BTW I tested my code example above; works fine.
    We Only Torture the Folks We Don't Like (You're Probably Gonna Be Okay)
    It's a Party in the CIA

Similar Threads

  1. Query results to auto-update
    By Foundas in forum Looking for such a script or service
    Replies: 0
    Last Post: 04-08-2012, 04:55 PM
  2. Auto Update File.lastModifed
    By Kylegar in forum ASP
    Replies: 0
    Last Post: 08-09-2007, 07:28 PM
  3. Auto HTML Update??
    By ubh in forum HTML
    Replies: 3
    Last Post: 09-20-2006, 09:46 PM
  4. Auto Update Table
    By Viperalus in forum JavaScript
    Replies: 0
    Last Post: 01-11-2006, 07:02 PM
  5. Auto Update Table
    By Viperalus in forum Dynamic Drive scripts help
    Replies: 0
    Last Post: 01-11-2006, 07:02 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •