I want to know if there is a way to detect if javascript is enabled when these hooks are run:
newreply_start
newreply_do_newreply_start
newthread_start
private_send_start
I am looking for a method to execute PHP code when javascript is disabled. I really suck at javascript so any assistance is appreciated.
There's really no way to detect whether the user has Javascript enabled or not (especially since it can be enabled/disabled after a page is loaded).
Most of the time, you generate a fallback for users with Javascript disabled (and perhaps chuck it between <noscript> tags).
Yeah...coming t realize this after spending all day with it. I found one method but it's not perfect...creates an error in my plugin with certain hooks and browsers but works for others.
http://www.inspirationbit.com/php-js-det...-settings/
If you wanna know what I am attempting it's to check for proxy users. I have a great method I worked out myself with javascript however...if the member turns off javascript then of course it's useless. So I want to find a way so that when users go to post and if javascript is disabled then it errors.
I already have a very good method to detect proxies in signup but it would require too much load if it was for other pages. On the signup page it's fine since that's really only hit a few dozen times a day for most sites.
I don't know...I gotta weight the options but it's not looking great. Web proxies suck.
What annoys me is PHP's inability to work client side and javascripts inability to work server side. How crappy.
If you have a previous page to leverage something off (ie, someone filling in a form), then yes, you can use Javascript to send some extra information. It's only really good as a basic check though, and shouldn't be used for any security related application (easy to forge).
O_o, detecting proxies through Javascript? That's a first...
From my testing over at proxy.org a LOT of proxies by default have javascript enabled. Anything to annoy proxy users is a good thing. I don't error with any that says javascript...so for most script kiddies they will probably just move on or disable the proxy. On registration I do a sock check common proxy ports. If I find one open...I block registration. Not foolproof but again...better than nothing.
Found this too:
http://proxy.org/tor_blacklist.txt
It's a TOR blacklist ready for htaccess. Rather handy.
I don't see how you can check ports, since you're only going to get a connection from port 80 (or 443 if using SSL) at your end, regardless what goes on inbetween. (and even if you do manage to detect the presence of a proxy, how do you tell the difference between "valid" (ie school/work) proxies and ones just used for other purposes?)
I can see how Javascript can break webproxies though (never thought of that actually, mainly cause the only proxies I've used are HTTP/SOCKS ones).
Interesting blacklist, though blacklists do have their inherit issues, and I dunno what sort of load that places on mod_rewrite
My load appears slightly higher than normal.
And checking ports is very good..I have tested and the proxies that have been open connect. Many proxies use other ports too like 8080 or 1080. I would say there are about 5-8 very common ones used that would stop 95% of them.
The javascript...I will PM to you as I don't want to expose the method in public. It's something I haven't seen anyone use before.
(2008-07-16, 06:12 PM)labrocca Wrote: [ -> ]And checking ports is very good..I have tested and the proxies that have been open connect. Many proxies use other ports too like 8080 or 1080. I would say there are about 5-8 very common ones used that would stop 95% of them.
That's not how it works.
For example:
Client's computer ---connect through port 8080----> Proxy ---Forwards request through port 80---> Server
In the end, your server will only see a port 80 connection. To help clarify, basically all webservers are set up to only listen on ports 80 and 443, so if a proxy just passes a connection through port 8080, it's simply going to be dropped by practically every single webserver out there (and be a very useless proxy).
Right...and I check for port 80 too. The bulk of home computers do not have port 80 open. That's the point to drop signups from computers that are "likely" to be proxies. There won't be any 100% method. And false-positives will alwasy occur on any attempt. Heck IP banning members isn't effective as you can easily block an AOL proxy IP which might be used by hundreds or thousands of users.
When I am done with plugin I plan to have options to either block, log, or do nothing. So that each forum admin can tweak the settings to their liking.
So you mean you're doing a reverse check to port 80? Just hope that your site doesn't end up triggering firewall alerts on clients' side...