Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221

    API alternative


    #Why can't I change the title?#


    Hello;

    I have seen shocking coding running million dollar businesses.

    For example, in Australia, I remember TPG used to use CodeIgniter and I several times saw SQL on screen. That gave me the balls to come up with this:

    I want to know about the potential flaws and dangers and if u think this is "good enough" to proceed. ( catacaustic, requnix, and kicken etc etc)

    If not please explain:

    ===========================================================================
    There is a very difficult task that small business owners in my niche community need to do when launching a product.

    There is 900 of them who want this along with my training so I see some potential.

    Most give up because they can't deploy.

    There are not many lessons on how to do this.

    You gotta know coding, database etc etc

    I made a system that does it for them.

    I am not gonna share many details but basically, this is how it works:

    1 - They sign up with my platform where they can build launch pages.
    2 - When they get an opt-in at their end, they pass the email, product_launch id etc to my system web hooking
    3 - I validate the data and store the emails into the database
    4 - At their end, they can send launch emails and send their prospects to:

    Hey

    I got a video that shows u how to cook pasta and cheesd.

    Check it out < a hrf = "website.com/video-1/test@test.com"> here </a>
    the code for that page is something like:
    PHP Code:
    <iframe src="http://my-website-with-the-database.com/launch/94bd21**29301668349352de430bb6d/1/test@test.com"
                    
    style="position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;">   
                    </
    iframe
    My page receives the request, validates, calcuates the data and generates the right sales page.

    I want to know about the potential flaws and dangers and if u think this is "good enough" to proceed. ( catacaustic, requnix, and kicken etc etc)



    Thanks
    Last edited by English Breakfast Tea; March 28th, 2018 at 03:25 PM.
  2. #2
  3. Backwards Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    16,904
    Rep Power
    9646
    Well for one your URL is http:// and that's bad. Especially if you're putting stuff like identifiers and email addresses into it.

    I would care if I saw my email address in the URL of a request, but not necessarily enough to do anything about it.

    Instead of giving people HTML for an iframe to embed, I would use Javascript. As in you give them code they can copy and paste like
    Code:
    <script type="text/javascript">
    window.somesortofnamespaceforyoursite={ref:"94bd21blah",id:1,email:"test@test.com"};
    </script>
    <script type="text/javascript" src="https://yoursite.example.com/embed.js"></script>
    or one of a billion other ways of doing the same thing. Seen the Javascript code that folks like Google and Amazon and whatever have people embed in their site? Like that.

    The advantage is that you can do whatever you want. Create and embed an iframe? Yeah okay. Or do something else. Whatever you want and you can change it as needed without site owners having to update their code.
  4. #3
  5. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by requinix
    Well for one your URL is http:// and that's bad. Especially if you're putting stuff like identifiers and email addresses into it.

    I would care if I saw my email address in the URL of a request, but not necessarily enough to do anything about it.

    Instead of giving people HTML for an iframe to embed, I would use Javascript. As in you give them code they can copy and paste like
    Code:
    <script type="text/javascript">
    window.somesortofnamespaceforyoursite={ref:"94bd21blah",id:1,email:"test@test.com"};
    </script>
    <script type="text/javascript" src="https://yoursite.example.com/embed.js"></script>
    or one of a billion other ways of doing the same thing. Seen the Javascript code that folks like Google and Amazon and whatever have people embed in their site? Like that.

    The advantage is that you can do whatever you want. Create and embed an iframe? Yeah okay. Or do something else. Whatever you want and you can change it as needed without site owners having to update their code.

    Hi thanks;

    Will do https for sure.

    Is js 100% reliable? As in sites with disabled js or something like that?

    I have to study to learn how to do the js part. What you wrote i am sure is simple but I have to ask you later how to do it.

    Thanks
  6. #4
  7. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    Most of the general public isn't going to know what the source to a page is or how to view it. So no, they don't care that much about the code behind a page so long as the page works. As far as the email, most people really only care whether you're going to spam them or if you're going to sell their email to someone who will. They won't care that you use it in a URL as an identifier.

    I'm not sure what you're worried about. iframes? The email in the URL? Neither should be a problem, though I'd replace the email with a token personally. iframes are a decent way to embed some content from an external site. A realtor friend of mine embed a property search widget on her website this way. Just make sure you host your iframe content using HTTPS for the best compatibility. The service my friend uses doesn't provide an HTTPS option for their iframe and so browsers won't load it on her site because she uses a fully HTTPS site. She has to proxy it in order for it to work.

    Another way is for the site to provide a javascript file that can rewrite the DOM. I do that with a request information form on some sites. The site owner just puts in <script src="https://example.com/requestInformation.js"></script> where they want the form to go. The javascript then loads a small form via ajax and replaces the script tag with that form.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  8. #5
  9. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Thank you, fellows, you answered almost exactly the same.

    Once I finish the site (a few days I guess), I'll have to figure out how to do this
    Code:
    window.somesortofnamespaceforyoursite={ref:"94bd21blah",id:1,email:"test@test.com"};
  10. #6
  11. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    I prefer to use data attributes to the script tag to specify details rather than an object in the global namespace. For example, my request info script can accept a referral source name and program option to pre-select, which would be specified as:

    Code:
    <script src="https://example.com/requestInformation.js" data-source="client A" data-program="MBA"></script>
    It lets users stay within the realm of familiar HTML rather than having to dabble in javascript and it keeps the global namespace clean.

    Code:
    (function ($) {
        var script = $(document.currentScript);
        var preselectProgram = script.data('program');
        var referralSource = script.data('source');
    
        //...
    }(jQuery));

    Comments on this post

    • requinix agrees
    Last edited by kicken; March 28th, 2018 at 07:21 PM.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  12. #7
  13. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Hi, Kicken I need more help with this, please.

    This is new to me.

    I am not sure what's data-program and data-source.

    They seem like variables you pass? But I have 3 variables.

    Hashed id, launch_id, and email.

    So basically I want them to load the send this EXACT request:
    Code:
    http://my-website-with-the-database.com/launch/94bd21**29301668349352de430bb6d/1/test@test.com
    So I make a pieace of code they can copy and paste at their end:
    Code:
    <script src="http://my-website-with-the-database.com/requestInformation.js" 
    data-source-1="94bd21**29301668349352de430bb6d"
    data-source-2="1"
    data-source-3="test@test.com"></script>
    And at my end:


    http://my-website-with-the-database....Information.js

    Code:
    (function ($) {
        var script = $(document.currentScript);
        var preselectProgram = script.data('data-source-1');
        var referralSource = script.data('source');
    
        //...
    }(jQuery));
    Thanks
    Last edited by English Breakfast Tea; April 1st, 2018 at 03:48 PM.
  14. #8
  15. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    They seem like variables you pass? But I have 3 variables.
    That's pretty much exactly what they are. How many you have isn't really that relevant.

    HTML 5 defines the ability to specify your own custom attributes on elements by prefixing them with data-, so you can do data-whatever-you-want as an attribute and put whatever value you want into them. DOM maps these attributes into an object on the element called element.dataset, so the previous example would be referenced as element.dataset.whateverYouWant.

    jQuery has a .data method that can be used to access such attributes easily.

    So put whatever variables you want as data attributes on your script tag with appropriate names. In your script, grab the current script element, wrap it in a jQuery object then read in those attribute values and do whatever you need to with them such as generate an iframe with the right URL or use AJAX to load some HTML.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  16. #9
  17. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    OK, first thing I am testing sending data and making sure it arrives there:

    I've got a problem with my "sender".

    Code:
    <script src="https://webmoosh.com/data-receiver" 
    data-source-1="94bd21**29301668349352de430bb6d" 
    data-source-2="1" 
    data-source-3="test@test.com">
    </script>
    Here is the Screenshot

    You can see it live here at the Console in Inspector Uncaught SyntaxError: Unexpected token <


    And this is the receiver (which I can go through after we fix the sender):

    Code:
    <script src="https://webmoosh.com/bs_template/vendor/jquery/jquery.min.js"></script>
    			 <script>
    			 	
    			$( function() 
              		{
    				    alert(preselectProgram);
    				    console.log(preselectProgram);
    				    var script = $(document.currentScript);
    				    var preselectProgram = script.data('program');
    				    var referralSource = script.data('source');
    				});    
    
    			</script>
    Thanks for helping Kicken
  18. #10
  19. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    Your data-receiver url has to return javascript, not HTML. It's no different than when including any other javascript file.

    Get rid of your <script> tags. If you need to add an additional script library, use javascript to generate a new script tag and append it to <head>.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  20. #11
  21. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by kicken
    Your data-receiver url has to return javascript, not HTML. It's no different than when including any other javascript file.

    Get rid of your <script> tags. If you need to add an additional script library, use javascript to generate a new script tag and append it to <head>.
    Dude...

    I feel retarded. I know it' basic stuff but you're speaking alien to me.

    I don't how to get the page to return javascript! Not only that page, but any page.

    I can't have that page as js. I need PHP to interact with the DB.

    Yeh I can use ajax maybe to get stuff from the database but still this looks too hard for me.

    Trying...

    In your script, grab the current script element,
    wrap it in a jQuery object then read in those attribute values
    and do whatever you need to with them such as generate
    an iframe with the right URL or use AJAX to load some HTML.
  22. #12
  23. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    You can use PHP if you want, but whatever URL you point the script tag to has to return only Javascript code, no HTML code.

    That Javascript code can then use AJAX to load some HTML if you want, or you could just generate HTML as a javascript string or whatever. The exact process is up to you to figure out based on your needs.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  24. #13
  25. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Originally Posted by kicken
    You can use PHP if you want, but whatever URL you point the script tag to has to return only Javascript code, no HTML code.

    That Javascript code can then use AJAX to load some HTML if you want, or you could just generate HTML as a javascript string or whatever. The exact process is up to you to figure out based on your needs.

    Uncaught ReferenceError: $ is not defined

    Code:
    var script = document.createElement('script');
    script.src = 'https://code.jquery.com/jquery-3.3.1.min.js';
    script.type = 'text/javascript';
    document.getElementsByTagName('head')[0].appendChild(script);
    
    
    
    $( function() 
    
    	{
        var script = $(document.currentScript);
        var preselectProgram = script.data('program');
        var referralSource = script.data('source');
        alert(preselectProgram);
        console.log(preselectProgram);
    });
    Don't give up on me.
  26. #14
  27. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,274
    Rep Power
    4193
    You have to wait for jQuery to load before you can use it. You should also test if it's already loaded or not first by checking if the jQuery object exists in the window object.

    Example Fiddle
    Code:
    (function(window){
        var currentScript = document.currentScript;
        var apiUrl = currentScript.src;
    
        if (!('jQuery' in window)){
            loadJQuery(initialize);
        } else {
            initialize();
        }
    
        function loadJQuery(cb){
            var script = document.createElement('script');
            script.src = 'https://code.jquery.com/jquery-3.3.1.min.js';
            script.type = 'text/javascript';
            script.addEventListener('load', cb);
            document.getElementsByTagName('head')[0].appendChild(script);
        }
    
        function initialize(){
            var $currentScript = $(currentScript);
    
            var params = $.param({
                action: 'load-template'
                , token: $currentScript.data('token')
            });
    
            $.get(apiUrl, params).then(function(html){
                var div = $('<div>').html(html);
                $currentScript.after(div);
            });
        }
    }(this));
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  28. #15
  29. A Change of Season
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Mar 2004
    Location
    Next Door
    Posts
    3,558
    Rep Power
    221
    Thanks Kicken;

    It seems to be working well.

    Code:
    <?php 
    //Allow cross-origin requests 
    header('Access-control-allow-origin: *'); 
    
    $action = isset($_GET['action'])?$_GET['action']:null; 
    switch ($action){ 
        case 'load-template': 
            DoLoadTemplate(); 
            break; 
        default: 
            DoDefault(); 
    } 
    exit; 
    
    function DoDefault(){ 
        header('Content-type: text/javascript'); 
    
    ?>
    (function(window){ 
        var currentScript = document.currentScript; 
        var apiUrl = currentScript.src; 
    
        if (!('jQuery' in window)){ 
            loadJQuery(initialize); 
        } else { 
            initialize(); 
        } 
    
        function loadJQuery(cb){ 
            var script = document.createElement('script'); 
            script.src = 'https://code.jquery.com/jquery-3.3.1.min.js'; 
            script.type = 'text/javascript'; 
            script.addEventListener('load', cb); 
            document.getElementsByTagName('head')[0].appendChild(script); 
        } 
    
        function initialize(){ 
            var $currentScript = $(currentScript); 
    
            var params = $.param({ 
                action: 'load-template' 
                , launch_owner_email_hashed: $currentScript.data('launch_owner_email_hashed')
                , plc_id: $currentScript.data('plc_id') 
                , prospect_email: $currentScript.data('prospect_email') 
            }); 
            console.log(params);
    
            $.get(apiUrl, params).then(function(html){ 
                var div = $('<div>').html(html); 
                $currentScript.after(div); 
            }); 
        } 
    }(this)); 
    <?php 
    } 
    
    function DoLoadTemplate()
    	{ 
        	header('Content-type: text/html; charset=utf-8'); 
    		$launch_owner_email_hashed = htmlspecialchars($_GET['launch_owner_email_hashed']);
    		$plc_id = htmlspecialchars($_GET['plc_id']);
    		$prospect_email = htmlspecialchars($_GET['prospect_email']);
    	
    	if($_SERVER['SERVER_ADDR']=="::1")
    		{
    			$root = "http://local.site.com";
    		}
    	else 
    		{
    			$root = "https://site.com";
    		}	
    	?>
    <iframe src="<?php echo $root.'/launch/'.$launch_owner_email_hashed.'/'.$plc_id.'/'.$prospect_email;?>" style="position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;">    
    </iframe>
    
    <?php } ?>
    A couple questions though:

    This shows blank page

    Code:
    <script type="text/javascript" src="http://site.com/content.php" 
    data-prospect_email="<?php echo $_GET['email'];?>" 
    data-launch_owner_email_hashed="94bd214b329301668349352de430bb6d" 
    data-plc_id="2">
    </script>
    It seems like it places the code in the header!

    But this works:

    Code:
    <body><script type="text/javascript" src="http://site.com/content.php" 
    data-prospect_email="<?php echo $_GET['email'];?>" 
    data-launch_owner_email_hashed="94bd214b329301668349352de430bb6d" 
    data-plc_id="2">
    </script></body>
    How can I make the page work without having to do <body> tags?

    Maybe ask users to place this inside body tags?

    Second, how is this any different from using iframes directly?
    Code:
    <iframe src="<?php echo $root.'/launch/'.$launch_owner_email_hashed.'/'.$plc_id.'/'.$prospect_email;?>" style="position:fixed; top:0px; left:0px; bottom:0px; right:0px; width:100%; height:100%; border:none; margin:0; padding:0; overflow:hidden; z-index:999999;">    
    </iframe>
    Requnix mentioned
    The advantage is that you can do whatever you want. Create and embed an iframe? Yeah okay. Or do something else. Whatever you want and you can change it as needed without site owners having to update their code.
    I don't think it's a big difference.

    And finally, I have to ask users to create php page and pass the $_GET This is a turn off. I may lose clients on this one. Any tips there?

    Thanks
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo