|
PHP - Invalid Request To Service File Falls Through
My app just found an error in my login.php file on accident. The app is supposed to get credentials from the user then submit them to my server for verification. I accidentally submitted null credentials (empty strings) and the server returned auth=true. I can't figure out why. Server code:
<?php
require_once '../../includes/db_connect.inc';
require_once 'user.php';
$header = "Content-Type: application/json";
$_SESSION['error'] = array();
if (!isset($_GET['secureSubmit']) || $_GET['secureSubmit'] != true){
die(header("Location: ../access_denied.php"));
}
// check requirements
$required = array('username', 'password');
foreach ($required as $requiredField){
if (!isset($_GET[$requiredField]) || $_GET[$requiredField] == ""){
$_SESSION['error'][] = $requiredField . " is incomplete or missing.";
}
}
if (count($_SESSION['error']) > 0){
$errors = array();
for ($i = 0; $i < count($_SESSION['error']); $i++){
$errors[]=array(
'num' => $i,
'desc' => $_SESSION['error'][$i]
);
}
print json_encode($errors);
exit;
}else{
$user = new User;
if ($user->authenticate($_GET['username'], $_GET['password'])){
print json_encode(array(
'auth' => true,
'call' => "login",
'sid' => session_id(),
'credits' => $_SESSION['credits']
)
);
}else{
print json_encode(array('auth' => false,));
}
}
?>
I went to my browser and entered http://localhost:10509/login.php?secureSubmit=true&username=%22%22&password=%22%22 and recieved
{auth":true,"call":"login","sid":"29e81981a4709407e2fd8a8f734ad9bc","credits":null}
as a response, can anyone find where the invalid positive is coming from? The initial check for empty username or password should be failing before it ever gets to the check. Edited March 19, 2019 by KaraethonCode cleanup for readability Similar TutorialsOkay, On my original problem, I have been able to authenticate with the web service login service, and extract a cookie as follows from the web-service: $s_Cookie = $agLoginService->agGetCookie(); $s_Cookie = AGSESSION=oxhbjcKtPw5sOymAD8m8KcKR6JL4i+TIE5mZxwOrXLwCRr8iTOvPxA==; Now, I create data access soapclient: $agDataService = new SoapClient($s_DataURL, $a_SoapOptions); //yes I know I should build my own class wrapper around soapClient, but I am trying to make sure I know what to build before I do next in the process I need to set the cookie for the data access service. I tried using: <b>$agDataService->__setCookie('cookie', $s_Cookie);</b> but I don't think it's right because when I call any of the service's functions, I get no data back. This is what their engineer had to say ( he is no help in php at all) This is a question referring the http headers. He needs to set the cookies as given in the examples on the wiki page. The cookie is specified in a response http header as: Set-Cookie. So the http headers he got back are correct. The cookie he has to set is AGSESSION=oxhbjcKtPw5sOymAD8m8KcKR6JL4i+TIE5mZxwOrXLwCRr8iTOvPxA==; There should be an api for setting the cookie if not there is one for setting the http header. Set the http header name for the request (cookie - notice that is different than what you get back from an http response - read the rfc spec for http for all of the details) then set the value. The semi colon at the end is the delimiter for http headers (in the rfc). That is all he needs to do if he gets back some login error that means the cookies did not get set correctly. Any ideas or help will be great. Thank you. Following on from a discussion in the IRC #help chat I wanted to open a discussion on the best method to upload an file to a remote server through a web service. It is a little more complex than that simple explanation so let me go into more detail. You have the client accessing a website which is hosted on ServerA, through their computer which is the files origin. The web service is housed on ServerB and the remote upload target server is ServerC. I'm looking to upload the file through the web service on ServerB. The purpose of this is to prevent ServerA from knowing the target location for the upload, ServerC. ServerA must be able to take the file from the computer, pass it to the web service on ServerB which streams it through to ServerC. The file shoul not be saved on any one of the hops through to ServerC, it should be streamed straight through. Computer (file) ---> ServerA (Apache) ---> ServerB (Web Service) ---> ServerC (File target location) If youn think this is possible, what is your best suggested method of uploading the file. Currently, I'm looking at using cURL and the SoapClient to access the web service and upload the file. I'm yet to research if this is possible and would like to know if anyone else has a better method/suggestion? Regarding my job, I just need to connect ServerA with ServerB and stream the file somehow for the clients computer... putenv('GDFONTPATH=C:\Windows\Fonts') ; I've added this code (below) to a file called uploader.php (attached).
When I simply open the corresponding html page, I see "Invalid upload file" in the top left corner of the page. When I remove this code from uploader.php the "Invalid upload file" disappears. Any ideas on how to resolve this will be appreciated.
$allowedExts = array("gif", "jpeg", "jpg", "png");
$temp = explode(".", $_FILES["file"]["name"]);
$extension = strtolower( end($temp) ); // in case user named file ".JPG" etc.!!!
if ( $_FILES["file"]["size"] < 200000
&& in_array($extension, $allowedExts) )
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
} else {
$length = 20;
$randomString = substr(str_shuffle(md5(time())),0,$length);
$newfilename = $randomString . "." . $extension;
move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $newfilename);
$file_location = '<a href="http://www.-----.com/upload/' . $newfilename . '">' . $newfilename . '</a>';
}
} else {
echo "Invalid upload file";
}
$description = $description . " \n " . $newfilename;
I am trying to retrieve an xml file from a webservice. I cant use the original server since it gags on non latin characters, unicode?, that is what the LOC says. The other server does work with non latin characters BUT it is too slow with file_get_contents, takes a minute to get anything, so slow you cant even use it in the program. YET, retrieves the xml fast in the browser window. So, what can I do that will work fast like it should? Code: [Select] //original database server, file_get_contents is faster, about 3 to 10 seconds //$request= 'http://z3950.loc.gov:7090/voyager?version=1.1&operation=searchRetrieve'.$query.$test2.'&startRecord='.$offset.'&maximumRecords=20'; //new one that can handle non latin characters //file_get_contents is SLOW, so slow to be unusable, about a minute or more $request='http://lx2.loc.gov:210/LCDB?version=1.1&operation=searchRetrieve'.$query.$test2.'&startRecord='.$offset.'&maximumRecords=20'; $raw_xml = file_get_contents($request); $filename = dirname(__FILE__)."/loc.xml"; $fp = fopen($filename, "w"); fwrite($fp, $raw_xml); fclose ($fp); First thanks for any help that you can provide. I am somewhat new to PHP and this is the first "Web Service" I have had to create. THE GOAL: I need to pull XML data from another server. This company's API is setup so that you must give an IP and so you can only pull data from server to server instead of client to server. The data is pulled from the API using HTTP requests...very similar to YQL. (in essence the structured query is located in the URL). This API also requires that my server only ping's their server every 10-15 mins, in order to cut down on server requests. The logical thought in my head was to setup: a cron job to run a PHP script every 10 mins. The PHP scripts would then do the following: 1. Make the HTTP request 2. Open an existing file or create one (on my server) 3. Take the returned XML data from the API and write to the newly opened file. 4. Convert that XML to JSON. 5. Save the JSON 6. Cache the JSON file 7. STOP My thought was to use curl and fopen for the first 3 steps. I found a basic script that will do this on PHP.net (as shown below). After that I am pretty much lost on how to proceed. Code: [Select] <?php $ch = curl_init("http://www.example.com/"); $fp = fopen("example_homepage.txt", "w"); curl_setopt($ch, CURLOPT_FILE, $fp); curl_setopt($ch, CURLOPT_HEADER, 0); curl_exec($ch); curl_close($ch); fclose($fp); ?> I would REALLY appreciate any help on this. Also, if you have the time to please comment and explain what you are doing in any code examples and why....that would HELP out a lot. I truly want to learn not just grab a snippet and run. So, your comments are vital for me. thank!!! Doing something wrong, but don't see it. How should one retrieve a POST parameter? My $request->toArray()['html'] works, but I am sure it is not the "right way".
<?php
namespace App\DataPersister;
use ApiPlatform\Core\DataPersister\DataPersisterInterface;
use Symfony\Component\HttpFoundation\RequestStack;
class ArchivePersister implements DataPersisterInterface
{
public function __construct(RequestStack $requestStack)
{
$request = $requestStack->getCurrentRequest();
syslog(LOG_ERR, '$request->getMethod(): '.$request->getMethod());
syslog(LOG_ERR, '$request->getContent(): '.$request->getContent());
syslog(LOG_ERR, '$request->request->get(html): '.$request->request->get('html'));
syslog(LOG_ERR, '$request->query->get(html): '.$request->query->get('html'));
syslog(LOG_ERR, '$request->get(html): '.$request->get('html'));
syslog(LOG_ERR, '$request->toArray(): '.json_encode($request->toArray()));
syslog(LOG_ERR, '$request->toArray()[html]: '.$request->toArray()['html']);
}
}
output
$request->getMethod(): POST
$request->getContent(): {"project":"/projects/1","description":"","html":"<p>{{ project_name }}</p>"}
$request->request->get(html):
$request->query->get(html):
$request->get(html):
$request->toArray(): {"project":"\/projects\/1","description":"","html":"<p>{{ project_name }}<\/p>"}
$request->toArray()[html]: <p>{{ project_name }}</p>
Start with: Saturday August 13 1978. What is the next year that August 13th falls on a Saturday? Couldn't find an answer to that anywhere! I have spent almost 2 days looking for solution to the strangest error I have ever meet. Whenever I do commenting and my php script, the sricpt falls running. Code: [Select] <?php error_reporting(E_ALL | E_STRICT); echo 'test1'; //echo 'testi2'; echo 'test3'; flush(); ?> trigger_error("Here we are!", E_USER_ERROR); This will output: test1. I have tried lot of things to find out the problem but I can't get any error message and whenever I remove the comments, the script works absolute fine. The script works also with comments in my local server, but whenever I download it on the other server, the problem appears. The file encoding is a UTF-8 format without BOM, and the file is one part of my Yii application. I haven't relasized similar behaving in other scripts. I wonder if someone has some idea what could cause this kind of behaving? I'm very thankful to man who can give me ideas... What is the easiest way of finding out in php what date a certain day falls on? ie: I want to know what date is the 3rd Thursday of every month. for example, this month would be " The third Thursday of this month falls on : 18th November " Whats the best way of doing that in php? Thanks,, Hey! I am trying to get a database table of users but am running into the error: Warning: file_get_contents(http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=68583) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 in get_user_from_parameter(nabble:utilities.naml:890) - <n.get_user_from_parameter.as_user_page.do/> - public v in C:\xampp\htdocs\website4js\stanford\loadUsernames.php on line 32 I have looked it up and it may be a security thing...The urls I am getting are http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=user_nodes&user=68583 but the error adds an nodes& part that screws it up. Any way around this? Code: [Select] <?PHP $maxPage = 0; $mainPage = "http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=app_people&node=136"; $mainContent = file_get_contents($mainPage); $pattern = "/(?<=\"Page )\d\d+/"; preg_match_all($pattern, $mainContent, $pageNumb); //find the max page for($i=0;$i<sizeof($pageNumb[0]);$i++) { if($pageNumb[0][$i] > $maxPage) { $maxPage = $pageNumb[0][$i]; } } //echo('Max page is: '.$maxPage.'\n'); //Get an array of all the pages $pages = array(); for($i=1;$i<$maxPage;$i++) { $pages[$i] = "http://protege-ontology-editor-knowledge-acquisition-system.136.n4.nabble.com/template/NamlServlet.jtp?macro=app_people&node=136&i=".($i*20); } //print_r($userPages); //Get personal page urls and add to MySQL mysql_connect("localhost" , "root") or die("Cant connect"); mysql_select_db("protegeusers") or die("Cant find database"); foreach($pages as $url) { $urlContents = file_get_contents($url); $pattern = "/http:\/\/protege-ontology-editor-knowledge-acquisition-system\.136\.n4\.nabble\.com\/template\/NamlServlet\.jtp\?macro=.+;user=\d+/"; preg_match_all($pattern, $urlContents, $personalPage); foreach($personalPage as $user) { for($i=0; $i<sizeof($user);$i++) { [color=green]$userContents = file_get_contents($user[$i]);[/color] $pattern1 = "/user\/SendEmail\.jtp\?type=user.+;user=\d+/"; $pattern2 = "/(?<=\">Send Email to ).+(?=<)/"; preg_match_all($pattern1, $userContents, $userEmail); preg_match_all($pattern2, $userContents, $username); [color=green]print_r($username); print_r($email);[/color] //$query = "INSERT INTO users (username, userurl) values ('$userName','$userUrl')"; //mysql_query($query); } } } ?> I'm getting the following result from a web service call. I'd like to pass it to another page, possibly using sessions, and then access specific values on that page, such as FirstName.
stdClass Object ( [GetProspectAsJSONResult] => [ { "ProspectId": xxxxxx, "Keycode": "Test", "FirstName": "Test", "LastName": "Test", "Company": "Test","Email": null } ] )
I'm not sure what the best way to do this is.
Thanks!
Hi, guys. I just developed and published first version of 12framework for iOS which can call also PHP web services.
It is web service client which generates dynamic forms from web service results, and enables insert, update and delete of records. You can simply change result field type to text, memo, date, bool.
I also made some simple PHP web service to test functionallity of application, so I will really appreciate your feedback. iOS is locked platform, so 12framework provides possibility, to make some useful data forms that works as native application. Link: https://itunes.apple...88083?ls=1&mt=8
Hi Guys/Gals, I am new to PHP and when I say new, I mean I know a variable is $variable name... that is about it. I am a .Net developer, always was, now I have to learn some php. I have a .Net payment gateway service that I would like to reference from a php site. I was hoping anyone could point me in the right direction on how to go about adding a .Net Service and pointing to it in PHP. Please note this is a WPF service, thus it is a .svc page not a .asmx and it is hosted and running on iis on a server. Please some guidance? Any help would be appreciated. Hi everyone. I am looking at creating my application's back end with PHP, which returns all data with Jason or simplexml. I have tried Slim once, but think there should be something easier to use. Can anyone give me suggestions on what I can use which is easy to catch on, and maybe an example? Appreciate it. Kind regards I have service /usr/lib/systemd/system/socketserver.service defined as follows: [Unit] Description=Socket Server After=syslog.target [Service] ExecStart=/usr/bin/php /var/www/socket/server.php Restart=on-abort Restart=on-failure RestartSec=10s [Install] WantedBy=multi-user.target When hitting the following lines: $cmd="tshark -f 'port 1337' -i eno16780032 -a duration:4 -w /var/www/socket/tmp/test.pcap"; $status = exec($cmd, $output); syslog(LOG_INFO, 'results: '.json_encode($output).' status: '.($status?'success':'false')); I get the following: Jun 04 18:58:56 tapmeister.com php[43111]: Running as user "root" and group "root". This could be dangerous. Jun 04 18:58:56 tapmeister.com php[43111]: Capturing on 'eno16780032' Jun 04 18:58:56 tapmeister.com kernel: device eno16780032 entered promiscuous mode Jun 04 18:59:00 tapmeister.com kernel: device eno16780032 left promiscuous mode Jun 04 18:59:00 tapmeister.com php[43111]: 0 packets captured Jun 04 18:59:00 tapmeister.com Server[43111]: results: [] status: false Sure enough, exec('whoami') confirms I am running as root. Probably shouldn't be. How would you recommend configuring? PS. the three lines shown regarding tshark are executed via an asynchronous request and are not in the main loop. Hi, I'm new to PHP and wondered if anyone could help... I am consuming an asmx webservice using PHP code. (Later to make a widget for wordpress). I can receive all the data, but it is in one very big xml file. I want to be able to convert this data, so I can make it more readable. Could really do with help as I don't have a clue how to convert it. ANy ideas? Hi! I need to retrieve data from a WCF Web Service and don't seem to be connecting when the "new SoapClient" is called. I am using php version 5.2. The service requires 2 Parmameters, an account ID and a comma separated email list. Can someone please tell me what I am doing wrong? Thanks! Code: [Select] <?php header('Content-Type: text/xml'); $client = new SoapClient('http://www.zbestlistings.com/WCF/Primedia.svc?wsdl'); $response = $client->GetPropertyXML(array( "AccountID" => "12807175152", "eMailList" => "Sheryl@Rentingslc.com, Tenants@Rpmwestvalley.com, Tom@Rpmsouthernutah.com" )); echo $response; ?> Hello
I am looking for a way to log all incoming requests to a nusoap web service to a file.. any suggestions?
Thanks
HI, I need to know how to get the response objects from a webserve call. I call the following webservice: $params = array('mobiUser'=>"WJBASSON",'mobiPass'=>"83dop"); $soap = new SoapClient('http://172.18.22.182/csp/ampath/ReportGeneration.Mobi.Services.cls?WSDL'); $result = $soap->login($params); When I do var_dump($result) I receive the following: stdClass Object ( [loginResult] => stdClass Object ( [MobiRegUserID] => 34 [MobiRegUserName] => WJBasson ) ) I need to know how can I get the values of objects MobiRegUserID and MobiRegUserName ?? |
|||||||