1,234
edits
Changes
→Spy on User Example
It's nasty stuff (don't do this for your clients) but shows you how much power Ajax gives you as the website owner.
My PHP script looks like this:
<pre><?php
if (isset($_GET["k"]) && isset($_GET["v"]))
{
$file = fopen("logs/log.txt", "a");
if ($file === FALSE)
{
echo "Failed to open file for writing\n";
return;
}
fwrite($file, date(DATE_RFC822) . ": " . $_SERVER['REMOTE_ADDR'] . ": " . $_GET["k"] . ":" . $_GET
["v"] . "\n");
echo "Log done\n";
}
else
echo "Wrong parameters given";
?>
</pre>
Note that none of the echos will show up anywhere in the calling webpage if it's done by an Ajax call, unless the javascript that made the call decides to do something with the returned data. In this case I don't need to.
And my client-side code:
<pre>
<script type="text/javascript">
function setup()
{
document.onmousedown = mousedown;
//~ document.onmousemove = mousemove;
document.onmouseup = mouseup;
document.oncopy = copy;
//~ document.onkeydown = keydown;
}
function mousedown(event)
{
//~ alert("down at" + event.clientX + "x" + event.clientY);
logStuff("mousedown", event.clientX + "x" + event.clientY);
}
function mousemove(event)
{
//~ alert("move to " + event.clientX + "x" + event.clientY);
logStuff("mousemove", event.clientX + "x" + event.clientY);
}
function mouseup(event)
{
//~ alert("up at" + event.clientX + "x" + event.clientY);
logStuff("mouseup", event.clientX + "x" + event.clientY);
}
function copy(event)
{
//~ alert("copied " + window.getSelection());
logStuff("copy", window.getSelection());
}
function keydown(event)
{
if(event.ctrlKey && event.keyCode == 67)
alert("ctrl+c " + window.clipboardData);
}
function logStuff(event, data)
{
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function()
{
//alert(xmlhttp.readyState + " " + xmlhttp.status);
if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
{
alert(xmlhttp.responseText);
}
}
// This won't work on newer browsers because of a security restriction:
xmlhttp.open("GET", "http://littlesvr.ca/spy/spy.php?k=" + event + "&v=" + data);
// But this will:
xmlhttp.open("GET", "spy.php?k=" + event + "&v=" + data);
xmlhttp.send();
//alert('sent ' + "spy.php?k=" + event + "&v=" + data)
}
</script>
</pre>
== Resources ==
= Lab =