0

I have a couple of clients that hire me for hosting and maintenance of their site. To facilitate my work , I 'm adding a js that put their site down* when they do not pay me. Now I do it manualy by ftp.

*(By css y put all the divs in display none)

This is the js that goes on the page:

$(document).ready(function() {
    getOutput();
});

function getOutput() {
  getRequest(
  'http://www.mypage.com/test.php', 
   drawOutput  
);
return false;
}  

function drawOutput(responseText) {

var script = document.createElement('script');
script.type = 'text/javascript';
script.src = responseText;
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(script, s);

}
function getRequest(url, success) {
var req = false;
try{
    req = new XMLHttpRequest();
} catch (e){
    try{
        req = new ActiveXObject("Msxml2.XMLHTTP");
    } catch (e) {
        try{
            req = new ActiveXObject("Microsoft.XMLHTTP");
        } catch (e){
            return false;
        }
    }
}
if (!req) return false;
if (typeof success != 'function') success = function () {};
if (typeof error!= 'function') error = function () {};
req.onreadystatechange = function(){
    if(req .readyState == 4){
        return req.status === 200 ? 
            success(req.responseText) : error(req.status)
        ;
    }
}
req.open("GET", url, true);
req.send(null);
return req;
}

this is the php:

$array = array(
    "test"  => "up",
    "test2"     => "down",
    "test3" => "down",
);

if(isset($_SERVER['HTTP_REFERER'])) {

    $sitio = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST); //i get the url

    $verifico = explode(".", $sitio); // divide the url

    if ($verifico[0] == "www"){ //i check if it has www or not
        $sitio = $verifico[1];
    }
    else {
        $sitio = $verifico[0];
    }
}

if ($array[$sitio] == "down"){
    echo 'my.js';
}

This is the js code that print after the php request:

$(document).ready(function() {
var jodita = '<style type="text/css">body,div{display:none!important;}</style>'; 
document.getElementsByTagName('head')[0].innerHTML = jodita;
});

This is how it works, the js makes a request to the php. The php take the url and verify if the site must be up or down and return the url of a js depending the result. I make it this way because in the future I can change the second js without touching all the sites.

This works fine when I use it in the same domain, but when I use a diferent one give me this error:

XMLHttpRequest cannot load http://domain.com/myfile.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.theotherdomain.com' is therefore not allowed access.

I´ve try some solutions like CORS, but it is to dificult and I don´t get it. There is another option?

Francisco
  • 254
  • 3
  • 9

1 Answers1

0

Like the error messages says, you need to add the Access-Control-Allow-Origin header to your PHP script:

//Allow Ajax requests from any domain
header("Access-Control-Allow-Origin: *");
cOle2
  • 4,725
  • 1
  • 24
  • 26