Page 1 of 1

myspace tracking

Posted: Fri Apr 21, 2006 1:57 pm
by mrn
hello all.

i'm trying to write a tracking script for myspace, but i'm affraid myspace is outsmarting me.

database saving is easy. it's a bit of work but nothing i can't do.
anyway, that's not the chalenge so for now, i'm using files to log.

but here's the thing:
how to get the info from myspace?
right now, i named my php script image.jpg and use it as an image on my myspace page.

basicly this is what it does:

Code: Select all

<?php

$handle = fopen("log.txt","a");
fwrite($handle,"myspace name: " . $_SESSION["ME"] . ", ip: " . $_SERVER["REMOTE_ADDR"] . ", ref: ". $_SERVER["HTTP_REFERER"]."\n");
fclose($handle);
header('Content-type: image/gif');
@readfile("pixel.gif");

?>
(oh yeah, my htaccess does a forcetype, it works :)

so, when the myspace page loads, the image is loaded and a line is added to the log

first thing is stupid, i know it won't work because that would be a huge security problem, but i couldn't resist trying it anyway, hehe.

so anyway, i can save the ip and the url of the page, but that doesn't really contain any info i can use.

i checked and the mail addres of the user is saved in the session under the name "ME" (that's why i tried saving that)

so i need a way to get the content of that value. once i have that, i can run a search for that emailaddres and i'll be able to find the profile of the user visiting my page...

any ideas?

Posted: Fri Apr 21, 2006 2:40 pm
by SURF NY 1

Posted: Fri Apr 21, 2006 3:07 pm
by mrn
doesn't work. it only counts the users and gives the names of users that are on who's on my page too.

i'm starting to get the annoying feeling that it's impossible.

Posted: Fri Apr 21, 2006 6:01 pm
by timvw
I wouldn't name my script image.jpg... i prefer something like image.php...

And in my html i add <img src='image.php?real_image=rubber_duck_for_bathtub' alt='' />.. For the rest, it seems like your script should work.. Might want to test if $handle isn't null/false when you try to open it (meaning: not enough access rights on the file)

Posted: Sat Apr 22, 2006 1:07 am
by mrn
hey tim. that's not really the point.
log.txt file is on my own server, so i know it's writable. and if the file access is locked every now and then, so be it, i'll be changing that to a database anyway later on. that's not important

the extension of the php file isn't important either. it works, wether i make the extension jpg or php. myspace doesn't accept images with a php extension. however, you can use a rewriterule or a forcetype rule in .htaccess to solve this problem, which i did

the problem is that i have to get a value which is in the session of the visitor, but that value is only visible for myspace.com.

i guess i'll have to look into client side scripting to solve my problem...

Posted: Sat Apr 22, 2006 3:46 am
by R4000
i hate to tell you this, but $_SESSION values stored on myspace, will only be accesible from myspace... i suggest some clientside stuff :)

Posted: Sat Apr 22, 2006 3:50 am
by mrn
yeah, i know :D. i don't know why i even tried it. something like "you never know..." haha.

anyway. myspace doesn't allow javascript or any other script.

am i stuck? maybe this topic should be moved to cliend side scripts?

Posted: Sat Apr 22, 2006 5:49 am
by timvw
I wouldn't appreciate myspace it gave away my session data (or the session_id that references to it) since in most cases that would allow anyone with access to it to perform requests on myspace in my name...

Posted: Sun Apr 23, 2006 9:11 am
by nickman013
if you find a way to do this.. you can probly sell it.

Posted: Sun Apr 23, 2006 12:53 pm
by timvw
<off-topic>
I'd sent them an e-mail to notify them about the problem, and after a week or so i'd rant about them on my blog :p

Selling the exploit is lame and probably illegal. (Reminds me that i have to check the status of the frappr exploit :p)
</off-topic>