Is it possible to connect a server to a website, where I can access the server from another website and if I click submit, it programmatically clicks a button on the website connected to the server?
Is this possible to do in Javascript(if not, any idea on how to implement this?)
Based on the comments you've provided, your question seems to be specific to gmail. If that is the case, google offers an API that will let you perform operations from your code that would normally be performed by a user.
https://developers.google.com/gmail/api/
From the site:
What is the Gmail API?
The Gmail API gives you flexible, RESTful access to the user's inbox,
with a natural interface to Threads, Messages, Labels, Drafts, and
History. From the modern language of your choice, your app can use the
API to add Gmail features like:
Read messages from Gmail
Send email messages
Modify the labels applied to messages and threads
Search for specific messages and threads
This is possible on any development environment I used this in C# Asp.net and in python. Simply you can use a WebClient object in asp.net. You can click any button and you can set any area on target machine like for user login name and password. Even robot control on logins is exist just for this reason
http://www.codeproject.com/Tips/488939/Get-page-HTML-from-URL-using-WebClient-Strip-HTML
Can't login into asp.net website with WebClient
Related
From our web application running in company network, I'm looking for an alternative way of "mailto" approach (since "mailto" supports plain text only for the body section and has no attachment support) for opening up a new message (email) popup in Outlook (company uses Outlook). I'm trying to implement this by JavaScript.
After some search, I think I have 2 options available:
Handling mail sending operation via our web application by opening a send mail popup, including attachment and nice looking html body template,
Trying to integrate our web application with an Outlook office add-in
This web application is for purchasing department and Outlook usage of them is high.
If option 1 has been chosen, I think there will be a need to present previous mail recipient suggestions and sent mail history page.
I'm not exactly sure that option 2 can be implemented, or provided by Outlook.
Any suggestions will be highly appreciated. Many thanks in advance.
IMHO the only reliable way to show a new message in Outlook from a browser other than IE is to dynamically create an EML (MIME) file with HTML body and attachments populated. Just make sure to add "X-Unsent: 1" MIME header to show the message as draft and avoid populating From/Sender MIME headers.
None of the options described are valid. And I will explain why:
The web application can use Graph API if you deal with O365 or EWS if you have Exchange on-premise profiles. In that case you could compose and send emails programmatically from your web application. But you need to handle all requests for the message history and etc. in the code. That's a lot of work I suppose! But if you don't need to show a list of messages like Outlook does, just to submit emails you could Graph API on the server to send emails.
Web add-ins are run under the context of currently selected mail/calendar items in Outlook. So, they don't have anything to help there.
I have got a 3rd party website, which my customer wants to me to login into in order to download some data periodicaly.
The data is customer specific, and password protected.
I have the username/password, and I have searched for ways to do the login automatically so that I can pull data, but so far with no success.
This is a method that I have tried:
http://crunchify.com/automatic-html-login-using-post-method-autologin-a-website-on-double-click/
When I look into the login page of the website which I am trying to login to (view source), I don't see the login form, but if I click on "inspect element" in chrome on the fields of the page it does show that there is a login form hiding in there.
Any suggestions
Edit:
Here is the website which I need to autologin to: http://portal.dorad.co.il/#/Login unfortunatlly it's not in english. The first field is the username, the second field is the password and the button is the login
Edit2:
Taking pomeh's advice, I was able to find the jQuery code that is being triggerted when the text boxes are being modified. Now I want to run this script manually using element.DomContainer.Eval
(function(n,t){function vi(n){var t=n.length,r=i.type(n);return i.isWindow(n)?!1:1===n.nodeType&&t?!0:"array"===r||"function"!==r&&(0===t||"number"==typeof t&&t>0&&t-1 in n)}function ne(n){var t=li[n]={};return i.each(n.match(s)||[],function(n,i){t[i]=!0}),t}function uu(n,r,u,f){if(i.acceptData(n)){var s,h,c=i.expando,a="string"==typeof r,l=n.nodeType,o=l?i.cache:n,e=l?n[c]:n[c]&&c;if(e&&o[e]&&(f||o[e].data)||!a||u!==t)return e||(l?n[c]=e=tt.pop()||i.guid++:e=c),o[e]||(o[e]={},l||(o[e].toJSON=i.noop)),("object"==typeof r||"function"==typeof r)&&
...
(t=n(this);r=r.not(t),t.removeData(f),r.length||clearTimeout(c)},add:function(t){function s(t,u,e){var s=n(this),o=n.data(this,f);o.w=u!==i?u:s.width(),o.h=e!==i?e:s.height(),r.apply(this,arguments)}if(!u[o]&&this[e])return!1;var r;if(n.isFunction(t))return r=t,s;r=t.handler,t.handler=s}}}(jQuery,this)
I am not sure how to activate it and give it the relevant data.
If you have the right mix of technical requirements then you want Single-Site-Sign-On (SSSO).
Not all of my clients have SSL and I don't want my user name and password on all of their sites. They are however all on the same server. Since my site supports SSL I can log in to my own site securely.
What you need to do conceptually speaking is log the IP of the administrator account along with the data/time stamp. Then if you visit your client's website (again, on the same server) from that same IP you can have your scripting language check the file. I require a short time-span (anywhere between 30 seconds to two minutes tops) and the same IP address. You can add additional technical requirements to strengthen security of course though your options will be limited as the domain name will be different. If the IP matches the criteria emulate the user being authenticated (static obviously since you likely won't/shouldn't have your administrative account information on their site) and you can be automatically signed in.
Maybe you could do this using a web scraping framework like:
Goutte for PHP (https://github.com/fabpot/goutte)
Scrapy for Python (http://scrapy.org/)
node.io for Node.js (https://github.com/chriso/node.io)
request for Node.js (https://github.com/mikeal/request)
WatiN for .Net (http://watin.org/)
In any case, I think a client side solutions will bring a lot of problems to do this. Maybe you can login into it using a form tag which points to the page, but you won't be able to manipulate the page afterwards. Also, you may not be able to use AJAX due to CORS restriction. You could embed the target page as an iframe but you can't either manipulate the page because of differents domains used (you can do that under certains conditions but it's hard to achieve this imho). So a server side solutions sounds better to me.
On my webpage I need to check if given user is available on Cisco Jabber Client. I have both number and user name.
I am already able to send chat messages and start voice conversations, but it would be nice to check if user is online, and for example show cool icon or something.
Is there a simple way to do that in JavaScript/jQuery?
Or is it possible to check it by server side of web application (Spring/Java) and use AJAX?
The service can be accessed using the REST Api's. Below URL can provide some information on this.
https://developer.cisco.com/site/collaboration/call-control/unified-presence/overview/presence-web-service/index.gsp
Honestly, I haven't tried this.
I know we can get online users, but this online is not what I want, I want to know the online users who are currently on my web page, but not facebook. I want to get the user list who is now using my web page after log in using their facebook account, and then I don't care whether they are still active on their facebook.
Is there any methods that I can get this information? Please help! I am using Javascript!
There isn't anything in the API that lets you know whether one user is active/online on your app.
You would need to record connections by yourself. But you are using Javascript, which is a client-side language. It means that it is executed on the client's browser and that you won't be able to manage incoming connections.
Are you using PHP (server-side) in the background? That would make it possible for you to display the connected people for the last 5 minutes!
According to the Facebook API documentation, most of the work is handled through javascript.
That means that all the processing is done, and then the front end checks if the user is connected to Facebook/authorized. right?
My question is:
Suppose a user goes to my site for the first time ever.
He clicks on "facebook connect". The javascript verifies him as authentic, and it "redirects" to another page on my server. From then on, how do I know that the user is actually authenticated to my website, since everything is done on frontend?
I think this is correct, but aren't there some security issues..:
-After user clicks Login, Facebook redirects to a page on my site. AND they also create a cookie with a specific "Facebook ID" that is retrieved only from this user. My backened will "read" the cookie and grab that ID...and then associate it to my userID.
If that is correct...then it doesn't make sense. What if people steal other people's "facebook ID" and then forge the cookie? And then my backend sees the cookie and thinks it's the real user...?
Am I confused? If I am confused, please help me re-organize and tell me how it's like.
Facebook Connect uses a clever (or insane, depending on your point of view) hack to achieve cross-site communication between your site and Facebook's authentication system from within the browser.
The way it works is as follows:
Your site includes a very simple static HTML file, known as the cross-domain communications channel. This file is called xd_receiver.htm in the FB docs, but it can be named anything you like.
Your site's login page includes a reference to the Javascript library hosted on Facebook's server.
When a user logs in via the "Connect" button, it calls a function in Facebook's JS API which pops up a login dialog. This login box has an invisible iframe in which the cross-domain communications file is loaded.
The user fills out the form and submits it, posting the form to Facebook.
Facebook checks the login. If it's successful, it communicates this to your site. Here's where that cross-domain stuff comes in:
Because of cross-domain security policies, Facebook's login window can not inspect the DOM tree for documents hosted on your server. But the login window can update the src element of any iframe within it, and this is used to communicate with the cross-domain communications file hosted on your page.
When the cross-domain communications file receives a communication indicating that the login was successful, it uses Javascript to set some cookies containing the user's ID and session. Since this file lives on your server, those cookies have your domain and your backend can receive them.
Any further communication in Facebook's direction can be accomplished by inserting another nested iframe in the other iframe -- this second-level iframe lives on Facebook's server instead of yours.
The cookies are secure (in theory) because the data is signed with the secret key that Facebook generated for you when you signed up for the developer program. The JS library uses your public key (the "API key") to validate the cookies.
Theoretically, Facebook's Javascript library handles this all automatically once you've set everything up. In practice, I've found it doesn't always work exactly smoothly.
For a more detailed explanation of the mechanics of cross-domain communication using iframes, see this article from MSDN.
Please someone correct me if I'm wrong - as I am also trying to figure all this stuff out myself. My understanding with the security of the cookies is that there is also a cookie which is a special signature cookie. This cookie is created by combining the data of the other cookies, adding your application secret that only you and FB know, and the result MD5-Hashed. You can then test this hash server-side, which could not easily be duplicated by a hacker, to make sure the data can be trusted as coming from FB.
A more charming explaination can be found here - scroll about halfway down the page.
Same issues here, and I think Scott is closer to the solution.
Also Im using "http://developers.facebook.com/docs/?u=facebook.jslib-alpha.FB.init" there open source js framework. So things are a little different.
For me, via the opensource js framework, facebook provides and sets a session on my site with a signature. So what I am thinking is to recreate that signature on my side. - if they both match then the user is who he says he is.
So basically if a user wanted to save something to my database, grab the session signature set up by facebook and recreate that signature with php and validate it against the one facebook gave me?
if($_SESSION['facebookSignature'] == reGeneratedSignature){
// save to database
}else{
// go away I don't trust you
}
But how do you regenerate that signature? preferably without making more calls to Facebook?