Posted by Jerry Stuckle on 09/28/07 11:21

Onideus Mad Hatter wrote:
> Okay, so here's the deal...I'm tired of the shitty user data tracking
> stuff that my server comes with and so I want to make my own. Peachy.
> I want to track the following variables:
>
> ip_address
> time
> day
> month
> year
> referring_url
> current_url
> language
> browser
> browser_version
> operating_system
> screen_width
> screen_height
> cookies_enabled
> java_enabled
> flash_enabled
> flash_version
> color_depth
>
> Now, with PHP I can get about half of 'em. But the rest I can only
> get through javascri-
>
> *checks something*
>
> Huh, never mind.
>
> I was gonna ask how to transfer javascript variables to php without
> having to reload the page, but then I remember I already went through
> this with the perfect liquid site.
>
> Solution is simple, just call a php file as if it were an image, like:
> <img src='blah.php?details=whatever'>
>
> You can construct the image tag and such with document writes to get
> the javascript variables into it. After which, when the page loads,
> it'll simultaneously launch that php page with the transferred
> javascript variables (done via post). That php page can then write
> the relevant data to the database and can even spit back out an image
> for the original site.
>
> ...hrmmm...*contemplates on how such a form could be exploited*
>
> I wonder if that's how a lot of those browser exploits operate.
> *shrugs*
>
> --
>
> Onideus Mad Hatter
> mhm ¹ x ¹
> http://www.backwater-productions.net
> http://www.backwater-productions.net/hatter-blog
>
>
> Hatter Quotes
> -------------
> "You're only one of the best if you're striving to become one of the
> best."
>
> "I didn't make reality, Sunshine, I just verbally bitch slapped you
> with it."
>
> "I'm not a professional, I'm an artist."
>
> "Your Usenet blinders are my best friend."
>
> "Usenet Filters - Learn to shut yourself the fuck up!"
>
> "Drugs killed Jesus you know...oh wait, no, that was the Jews, my
> bad."
>
> "There are clingy things in the grass...burrs 'n such...mmmm..."
>
> "The more I learn the more I'm killing my idols."
>
> "Is it wrong to incur and then use the hate ridden, vengeful stupidity
> of complete strangers in random Usenet froups to further my art?"
>
> "Freedom is only a concept, like race it's merely a social construct
> that doesn't really exist outside of your ability to convince others
> of its relevancy."
>
> "Next time slow up a lil, then maybe you won't jump the gun and start
> creamin yer panties before it's time to pop the champagne proper."
>
> "Reality is directly proportionate to how creative you are."
>
> "People are pretty fucking high on themselves if they think that
> they're just born with a soul. *snicker*...yeah, like they're just
> givin em out for free."
>
> "Quible, quible said the Hare. Quite a lot of quibling...everywhere.
> So the Hare took a long stare and decided at best, to leave the rest,
> to their merry little mess."
>
> "There's a difference between 'bad' and 'so earth shatteringly
> horrible it makes the angels scream in terror as they violently rip
> their heads off, their blood spraying into the faces of a thousand
> sweet innocent horrified children, who will forever have the terrible
> images burned into their tiny little minds'."
>
> "How sad that you're such a poor judge of style that you can't even
> properly gauge the artistic worth of your own efforts."
>
> "Those who record history are those who control history."
>
> "I am the living embodiment of hell itself in all its tormentive rage,
> endless suffering, unfathomable pain and unending horror...but you
> don't get sent to me...I come for you."
>
> "Ideally in a fight I'd want a BGM-109A with a W80 250 kiloton
> tactical thermonuclear fusion based war head."
>
> "Tell me, would you describe yourself more as a process or a
> function?"
>
> "Apparently this group has got the market cornered on stupid.
> Intelligence is down 137 points across the board and the forecast
> indicates an increase in Webtv users."
>
> "Is my .sig delimiter broken? Really? You're sure? Awww,
> gee...that's too bad...for YOU!" `, )

As long as you know that many users (current estimate about 10%) run
with JS turned off. And even if it's on, anything supplied by the
browser (i.e referer, browser/system info, etc.) is questionable.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]