Revisions to Check if JavaScript is enabled with PHP

deleted 24 characters in body

edited Mar 3, 2016 at 14:22

2k
4
34
46

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)

UPDATED: I've develop this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)

//function to check for session after|before PHP version 5.4.0 function start_session() { if(version_compare(phpversion(), "5.4.0") != -1){ if (session_status() == PHP_SESSION_NONE) { session_start(); } } else { if(session_id() == '') { session_start(); } } } // starting the function start_session(); // create a script to run on the AJAX GET request from :P Javascript enabled browser echo '<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1")} </script>; // Ajax GET request handle if ($_REQUEST['sessionstart'] == 1){ $_SESSION['js'] = 1; // save into session variable } else { session_destroy(); // force reset the test. otherwise session } // If the session variable has not saved by the AJAX call, loads again. if (!isset($_SESSION['js'])){ header("Refresh: 1"); // thats only for the first load echo "Javascript is not enabled <br>"; // Return false } else { echo "Javascript is enabled <br>"; // Return true }

This solution do not need more files, just a iteration if you run a Javascript capable browser. The value is passed back to PHP using a GET with a simple variable but anyone can fake the output doing cURL to url + ?sessionstart=1. I don't protect that and dont know how unless you add more logic to do right nowit.

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)

UPDATED: I've develop this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)

//function to check for session after|before PHP version 5.4.0 function start_session() { if(version_compare(phpversion(), "5.4.0") != -1){ if (session_status() == PHP_SESSION_NONE) { session_start(); } } else { if(session_id() == '') { session_start(); } } } // starting the function start_session(); // create a script to run on the AJAX GET request from :P Javascript enabled browser echo '<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1")} </script>; // Ajax GET request handle if ($_REQUEST['sessionstart'] == 1){ $_SESSION['js'] = 1; // save into session variable } else { session_destroy(); // force reset the test. otherwise session } // If the session variable has not saved by the AJAX call, loads again. if (!isset($_SESSION['js'])){ header("Refresh: 1"); // thats only for the first load echo "Javascript is not enabled <br>"; // Return false } else { echo "Javascript is enabled <br>"; // Return true }

This solution do not need more files, just a iteration if you run a Javascript capable browser. The value is passed back to PHP using a GET with a simple variable but anyone can fake the output doing cURL to url + ?sessionstart=1. I don't protect that and dont know how to do right now.

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)

UPDATED: I've develop this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)

//function to check for session after|before PHP version 5.4.0 function start_session() { if(version_compare(phpversion(), "5.4.0") != -1){ if (session_status() == PHP_SESSION_NONE) { session_start(); } } else { if(session_id() == '') { session_start(); } } } // starting the function start_session(); // create a script to run on the AJAX GET request from :P Javascript enabled browser echo '<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1")} </script>; // Ajax GET request handle if ($_REQUEST['sessionstart'] == 1){ $_SESSION['js'] = 1; // save into session variable } else { session_destroy(); // force reset the test. otherwise session } // If the session variable has not saved by the AJAX call, loads again. if (!isset($_SESSION['js'])){ header("Refresh: 1"); // thats only for the first load echo "Javascript is not enabled <br>"; // Return false } else { echo "Javascript is enabled <br>"; // Return true }

This solution do not need more files, just a iteration if you run a Javascript capable browser. The value is passed back to PHP using a GET with a simple variable but anyone can fake the output doing cURL to url + ?sessionstart=1 unless you add more logic to it.

added 767 characters in body

Source Link

edited May 26, 2015 at 15:41

m3nda

2k
4
34
46

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)

UPDATED: I've develop a very simple script that does this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)

<?php//function to check for session after|before PHP version 5.4.0 function start_session() { if(version_compare(phpversion(), "5.4.0") != -1){  if (session_status() == PHP_SESSION_NONE) {  session_start(); } } else { if(session_id() == '') {  session_start();  } } } // starting the function start_session(); // create a script to run on the AJAX GET request from :P Javascript enabled browser echo '<script src="httpssrc="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1");} });</script>;  // Ajax GET request </script>'; handle if (@$_REQUEST['sessionstart']$_REQUEST['sessionstart'] == 1) {  $_SESSION['js'] = true;1; // save into session variable  }   else { if (@!$_SESSION['js'] == true session_destroy(); {// force reset the test. otherwise session } // If echothe "Javascriptsession isvariable has not detected";saved by the AJAX call, loads again. if (!isset($_SESSION['js'])){  header("Refresh: 0"1"); // thats only for the first load echo "Javascript is not enabled <br>"; // Return false } else { echo "I've succesfull"Javascript checkedis forenabled javascript<br>"; and// isReturn Running.";true }

On a schema of a browser w/o cookies, this willThis solution do not workneed more files, same asjust a writeiteration if you run a cookie and read from PHPJavascript capable browser. So, just saveThe value is passed back to PHP using a proof of the javascript GET call and check with PHP. (IE. write a file with the phpsessid, if you found itsimple variable but anyone can fake the javascript was fired, no real need of a cookie)output doing cURL to url + ?sessionstart=1. I don't protect that and dont know how to do right now.

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript.

I've develop a very simple script that does this because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f

<?php session_start(); echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); }); </script>';  if (@$_REQUEST['sessionstart'] == 1) { $_SESSION['js'] = true; }   if (@!$_SESSION['js'] == true) { echo "Javascript is not detected"; header("Refresh: 0"); } else { echo "I've succesfull checked for javascript and is Running."; }

On a schema of a browser w/o cookies, this will not work, same as a write a cookie and read from PHP. So, just save a proof of the javascript GET call and check with PHP. (IE. write a file with the phpsessid, if you found it the javascript was fired, no real need of a cookie)

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript. If javascript is disabled on the browser side it's not possible to check if the client is Javascript capable (like Dillo with it's default config or others)

UPDATED: I've develop this script because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f (updated)

//function to check for session after|before PHP version 5.4.0 function start_session() { if(version_compare(phpversion(), "5.4.0") != -1){  if (session_status() == PHP_SESSION_NONE) {  session_start(); } } else { if(session_id() == '') {  session_start();  } } } // starting the function start_session(); // create a script to run on the AJAX GET request from :P Javascript enabled browser echo '<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1")} </script>;  // Ajax GET request handle if ($_REQUEST['sessionstart'] == 1){  $_SESSION['js'] = 1; // save into session variable  } else {  session_destroy(); // force reset the test. otherwise session } // If the session variable has not saved by the AJAX call, loads again. if (!isset($_SESSION['js'])){  header("Refresh: 1"); // thats only for the first load echo "Javascript is not enabled <br>"; // Return false } else { echo "Javascript is enabled <br>"; // Return true }

This solution do not need more files, just a iteration if you run a Javascript capable browser. The value is passed back to PHP using a GET with a simple variable but anyone can fake the output doing cURL to url + ?sessionstart=1. I don't protect that and dont know how to do right now.

edited body

Source Link

edited Mar 19, 2015 at 3:42

m3nda

2k
4
34
46

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript.

I've develop a very simple script that does this because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f

<?php session_start(); echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); }); </script>'; if (@$_REQUEST['sessionstart'] == 1) { $_SESSION['js'] = true; } if (@!$_SESSION['js'] == true) { echo "Javascript is not detected"; header("Refresh: 1"0"); } else { echo "I've succesfull checked for javascript and is Running."; }

On a schema of a browser w/o cookies, this will not work, same as a write a cookie and read from PHP. So, just save a proof of the javascript GET call and check with PHP. (IE. write a file with the phpsessid, if you found it the javascript was fired, no real need of a cookie)

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript.

I've develop a very simple script that does this because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f

<?php session_start(); echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); }); </script>'; if (@$_REQUEST['sessionstart'] == 1) { $_SESSION['js'] = true; } if (@!$_SESSION['js'] == true) { echo "Javascript is not detected"; header("Refresh: 1"); } else { echo "I've succesfull checked for javascript and is Running."; }

On a schema of a browser w/o cookies, this will not work, same as a write a cookie and read from PHP. So, just save a proof of the javascript GET call and check with PHP. (IE. write a file with the phpsessid, if you found it the javascript was fired, no real need of a cookie)

Please despite all the people telling you cant check for a client-side scripting technology. If the target technology has http functions, you can do ALWAYS, just write out a verify step. That means literally, the way to check javascript is to run javascript.

I've develop a very simple script that does this because i test some of the examples here and seems that everybody does copypasting without any sort of tests. Code is also on the Gist https://gist.github.com/erm3nda/4af114b520c7208f8f3f

<?php session_start(); echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $.get(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); console.log(document.URL.substring(0, document.URL.length-1) + "?sessionstart=1"); }); </script>'; if (@$_REQUEST['sessionstart'] == 1) { $_SESSION['js'] = true; } if (@!$_SESSION['js'] == true) { echo "Javascript is not detected"; header("Refresh: 0"); } else { echo "I've succesfull checked for javascript and is Running."; }

On a schema of a browser w/o cookies, this will not work, same as a write a cookie and read from PHP. So, just save a proof of the javascript GET call and check with PHP. (IE. write a file with the phpsessid, if you found it the javascript was fired, no real need of a cookie)