I have implemented Google reCaptcha on a site, for the newsletter subscription form, and it does not stop spam. I got up to 20 spam subscribers per day!
What am I not doing correct? Please have a look at the code:
HTML
<form method="post" action="databasepage.php" id="formid" >
<div id="g-recaptcha-answer"></div>
<input name="email" placeholder="Email..." type="email" required>
<button class="g-recaptcha" data-sitekey="my_key" data-callback='onReturnCallback'>Submit</button>
</form>
jQuery
<script>
var onReturnCallback = function(response) {
document.getElementById('g-recaptcha-answer').innerHTML = '';
var url='proxy.php?url=' + 'https://www.google.com/recaptcha/api/siteverify';
$.ajax({ 'url' : url,
dataType: 'json',
data: { response: response },
success: function( data ) {
var res = data.success.toString();
if (res == 'true') {
document.getElementById('g-recaptcha-answer').innerHTML = 'Please wait for a redirect.';
document.getElementById("formid").submit();
}
else {
document.getElementById('g-recaptcha-answer').innerHTML = 'Verification incorrect.';
grecaptcha.reset();
}
}
});
};
</script>
proxy.php
<?php
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
header('HTTP/1.0 403 Forbidden');
die('You are not allowed to access this file.');
}
header('Content-type: application/json');
$url=$_GET['url'];
$response=$_GET['response'];
$secret = "secret_key";
$params = array('secret'=> $secret, 'response'=> $response);
$json=file_get_contents( $url . '?secret=' . $secret . '&response=' . $response);
echo $json;
?>
I have tested this with Incognito Mode, I get the step when I have to verify pictures, if I am not logged in Gmail etc., in reCaptcha admin area I have no errors, but I STILL RECEIVE SPAM EMAILS IN MY DATABASE!!!
What is wrong in my approach?
Related
I need help in my code, I'm trying to send a FormData from Angular to PHP and later send a mail, always appears the PHP vars empty, I'm doing something wrong and doesn't see what
On the HTML use formGroup and ngSubmit
My HTML code:
<form [formGroup]="form"
(ngSubmit)="onSubmit()">
<div class="form-boxes">
<div class="row">
<div class="col-12 col-md-6">
<div class="form-floating mb-3">
<input type="text"
class="form-control"
id="name"
formControlName="name"
placeholder="Name"
required>
<label for="name">Name</label>
<div *ngIf="showErrorMessages && name.invalid"
class="text-end text-danger my-1">
You must fill the name
</div>
</div>
</div>
<div class="text-center">
<input [disabled]="isLoading"
class="btn btn-page"
type="submit"
value="Send">
</div>
<input [formControl]="honeypot"
class="d-none"
type="text" />
</form>
</div>
On the Ts use the FormControl Validators and the http.post to pass the data to PHP
My .ts code:
export class ContactComponent
implements OnInit
{
form: FormGroup;
name: FormControl = new FormControl("", [Validators.required]);
showErrorMessages: boolean = false; // flag to show error messages
submitted: boolean = false; // show and hide the success message
honeypot: FormControl = new FormControl(""); // we will use this to prevent spam
isLoading: boolean = false; // disable the submit button if we're loading
responseTitle: string = ''; // the response title message to show to the user
responseMessage: string = ''; // the response message to show to the user
serverUrl: string = "./assets/scripts/mailer.php" //Start php via the built in server
constructor(
private formBuilder: FormBuilder,
private http: HttpClient
)
{
this.form = this.formBuilder.group({
name: this.name,
honeypot: this.honeypot
});
}
ngOnInit(): void
{
}
onSubmit()
{
if (this.form.status == "VALID" && this.honeypot.value == "")
{
this.form.disable(); // disable the form if it's valid to disable multiple submissions
var formData: any = new FormData();
formData.append("name", this.name.value);
this.isLoading = true; // sending the post request async so it's in progress
this.submitted = false; // hide the response message on multiple submits
const httpOptions = {
headers: new HttpHeaders({
'Content-Type': 'application/json'
})
};
this.http.post(this.serverUrl, formData, httpOptions).subscribe(
(response) =>
{
this.responseTitle = "Thanks!";
this.responseMessage = "Thanks for send a message";
this.form.enable(); // re enable the form after a success
this.submitted = true; // show the response message
this.isLoading = false; // re enable the submit button
Swal.fire({
title: this.responseTitle,
text: this.responseMessage,
icon: 'success'
});
},
(error) =>
{
this.responseTitle = "Sorry!";
this.responseMessage = "Some issues happens";
this.form.enable(); // re enable the form after a success
this.submitted = true; // show the response message
this.isLoading = false; // re enable the submit button
Swal.fire({
title: this.responseTitle,
text: this.responseMessage,
icon: 'error'
});
}
);
} else
{
this.showErrorMessages = true;
this.responseTitle = "Sorry!";
this.responseMessage = "Some issues happens";
Swal.fire({
title: this.responseTitle,
text: this.responseMessage,
icon: 'error'
});
}
}
}
On tje PHP retrieve the JSON from Angular with this
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
My PHP code:
<?php
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$name = $request->name;
$to = "example#mail.com";
$title = "From: $name";
$body = "test";
$body = wordwrap($body, 70);
$header = "MIME-Version: 1.0\r\n";
$header.= "Content-Type: text/plain; charset=utf-8\r\n";
$header.= "X-Priority: 1\r\n";
mail($to, $title, $body, $header);
?>
You don't need FormData to send JSON to your API. Even if you force the content type to application/json, I'm not sure it will be properly formatted.
Plain JavaScript objects can be sent as JSON using the angular HTTP client. To do so, pass a plain object to the post method:
this.http.post(this.serverUrl, this.name.value, httpOptions)
I've made a contact form for a website that works - so well that bots spam the company using it. Not good.
I've looked into adding a google recaptcha validation system.
I've succesfully added the widget to the website as well as gone so far as:
Website returns an error to the user if captcha isn't verified when they click submit.
Website shows correct affirmation message when captcha is verified and they press submit.
So far so good.
The issue:
The form sends regardless of the captcha. So regardless if it actually shows the error to the user about the captcha being verified or not, it still submits the message - ultimately making this bot stopping recaptcha worthless. It looks nice... but is it really? Not yet.
I suspect it's the .js validation script I have that does this. I've tried a few things like changing order of code around etc, but my newbie status really makes it hard and I'm close to giving up.
My form uses php, ajax for instant verification if form is sent, js and the good old html and css.
.PHP:
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
require 'vendor/autoload.php';
$firstname = ($_POST['firstname']);
$lastname = ($_POST['lastname']);
$phone = ($_POST['phone']);
$email = ($_POST['email']);
$message = ($_POST['message']);
$msg = ($_POST['msg']);
$okMessage = ' SUCCESS ';
$errorMessage = ' ERROR';
$secretKey = " EXAMPLE ";
$responseKey = $_POST['g-recaptcha-response'];
$userIP = $_SERVER['REMOTE_ADDR'];
$mail = new PHPMailer(true);
try {
$mail->SMTPDebug = 0;
$mail->isSMTP();
$mail->Host = ' EXAMPLE ';
$mail->SMTPAuth = true;
$mail->Username = ' EXAMPLE ';
$mail->Password = ' EXAMPLE ';
$mail->SMTPSecure = 'ssl';
$mail->Port = 465;
$mail->WordWrap = 50;
$mail->Priority = 1;
$mail->CharSet = 'utf-8';
$mail->setFrom(' EXAMPLE ', ' EXAMPLE ');
$mail->addAddress(' EXAMPLE ');
$mail->addReplyTo($email);
$mail->isHTML(true);
$url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";
$response = file_get_contents($url);
$response = json_decode($response);
$mail->Subject = 'NY BESKED - EXAMPLE';
$mail->Body = (' EXAMPLE ');
$mail->AltBody = (' EXAMPLE ');
if (!$mail->send() || !$response->success) {
throw new \Exception('ERROR TRY AGAIN' . $mail->ErrorInfo);
} else {
$responseArray = array('type' => 'success', 'message' => $okMessage);
}
} catch (\Exception $e) {
$responseArray = array('type' => 'danger', 'message' => $e->getMessage());
}
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
$encoded = json_encode($responseArray);
header('Content-Type: application/json');
echo $encoded;
} else {
echo $responseArray['message'];
}
JS PART:
$(function ValidateEmailForm() {
window.verifyRecaptchaCallback = function (response) {
$('input[data-recaptcha]').val(response).trigger('change')
};
window.expiredRecaptchaCallback = function () {
$('input[data-recaptcha]').val("").trigger('change')
};
$('#contact-form').validator();
$('#contact-form').on('submit', function (e) {
if (!e.isDefaultPrevented()) {
var url = "contact.php";
$.ajax({
type: "POST",
url: url,
data: $(this).serialize(),
success: function (data) {
var messageAlert = 'alert-' + data.type;
var messageText = data.message;
var alertBox = '<div class="alert ' + messageAlert + ' alert-dismissable"><button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>' + messageText + '</div>';
if (messageAlert && messageText) {
$('#contact-form').find('.messages').html(alertBox);
$('#contact-form')[0].reset();
grecaptcha.reset();
}
}
});
return false;
}
});
});
and the HTML part:
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="col-12 d-flex justify-content-center">
<div class="g-recaptcha" data-sitekey="6Lf80bUUAAAAADrnadBM_GYs0PY8p4QqP7ol45ac"></div>
</div>
What's the issue here? Thank you in advance!
Your conditions are backwards. You should check the captcha first:
if (!$response->success || !$mail->send()) {
I have an api which sends arabic string data and needs to display in html web form using jquery $.ajax method but unfortunately ajax receives only a single character i.e 'a' in response as shown below
{code: 200, status: "error", msg: "a", msg_en: "Invalid Username!!"}
but when i execute the api in postman it shows me this
{"code":200,"status":"error","msg":"اسم المستخدم موجود بالفعل","msg_en":"Username already exists!!"}
this is my code in check_user_name.php
<?php
require_once "../admin/utils/config.php";
require_once "../admin/utils/dbClass.php";
$objDB = new MySQLCN;
require_once "../admin/utils/functions.php";
$fun = new mFunctions;
require_once "lang.confg.php";
$response = array();
if( isset($_POST['user_name']) && $_POST['user_name'] != null){
$user = $objDB->_get_user(null,$_POST['user_name'],null,null,null,null,array('visitor','lawyer','admin'));
if( !empty($user) ){
$response['code'] = 200; // successfull request
$response['status'] = 'error';
$response['msg'] = $_lang['user_name_exists'];
$response['msg_en'] = 'Username already exists!!';
}else{
$response['code'] = 200; // successfull request
$response['status'] = 'success';
$response['msg'] = $_lang['user_name_available'];
$response['msg_en'] = 'Username available!!';
}
}else{
$response['code'] = 200; // invalid paramters
$response['status'] = 'error';
$response['msg'] = $_lang['invalid_requests'];
$response['msg_en'] = 'Invalid Username!!';
}
end:
echo json_encode($response);
exit();
this is ajax request
$(document).on("change", 'input[name=user_name]', function(e) {
/* Act on the event */
var user_name = $ (this).val();
if(user_name.length >= 6 || !user_name.length <=1 ){
$.ajax({
type: 'POST',
url: HOST_URL_API+'/check_user_name.php',
dataType: "json",
contentType: "application/json; charset=utf-8",
data : { 'user_name':user_name }, // our data object
success: function(data) {
console.log(data);
if (data.status == "error") {
$('input[name=user_name]').parent().addClass('has-error');
$('input[name=user_name]').parent().find('.help-block').html(data.msg);
$('input[name=user_name]').focus();
// alert(data.msg);
}else{
$('input[name=user_name]').parent().removeClass('has-error');
$('input[name=user_name]').parent().addClass('has-success');
$('input[name=user_name]').parent().find('.help-block').html('');
}
},
error: function(jqXHR, textStatus, errorThrown, data) {
alert(errorThrown);
},
});
event.preventDefault();
}else{
// alert("Username must be at least 6 characters");
}
});
kindly please if anyone have the solution, will be great help , thanks in advance ;)
Try adding below line in php code which may solve issue while rendering unicode characters.
header("Content-Type : application/json; charset=ISO-8859-1");
Please check this solution hope this will solve your problem i simple create index.php and run this i include header("Content-type: application/json; charset=ISO-8859-1"); this solve the problem.
if (isset($_GET['dataa'])) {
$res['code'] =200;
$res['status'] = 'error';
$res['msg'] = (string) "اسم المستخدم موجود بالفعل";
$res['msg_en'] = 'Username already exists!!';
// header ("Content-Type: text/html; charset=utf-8");
header("Content-type: application/json; charset=ISO-8859-1");
echo json_encode($res);die;
}
in same page html and get req for test resonse and append text to body
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title></title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<script type="text/javascript">
$(document).ready(function(){
$.ajax({
url: "index.php",
type: 'GET',
data : {dataa : 'ss'},
success: function(res) {
console.log(res);
$('body').append(res.msg);
}
});
})
</script>
</body>
</html>
cheers good luck
Problem is solved guys, thanks for your efforts , actually it was the code mistake, there is an another array with same key name was replacing the array key's value, still thanks for your all efforts.
I am trying to retrieve data from AngularJS file to PHP file, but I get the error that it's empty.
I can't find any good examples that are dealing with posting data from angularJS to php file and so I need help.
Angularjs file:
angular.module('myApp', ['ajoslin.promise-tracker'])
.controller('help', function ($scope, $http, $log, promiseTracker, $timeout) {
$scope.ph_numbr =/[0-9]+/;
// Form submit handler.
$scope.submit = function(form) {
// Trigger validation flag.
$scope.submitted = true;
// If form is invalid, return and let AngularJS show validation errors.
if (!$scope.toggle || $scope.toggle.length <= 0 || form.$invalid) {
return;
}
// Default values for the request.
$scope.progress = promiseTracker('progress');
var config = {
params : {
//'callback' : 'JSON_CALLBACK',
'name' : $scope.name,
'email' : $scope.email,
'toggle' : $scope.toggle,
'phone' : $scope.phone,
'comments' : $scope.comments
},
tracker : 'progress'
};
$http({
method : 'POST',
url : 'js/contact.php',
data: config,
headers : {'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'}
})
.success(function(data, status, headers, config) {
if (data.success) {
$scope.name = null;
$scope.email = null;
$scope.toggle = null;
$scope.phone = null;
$scope.comments = null;
$scope.messages = 'Your form has been sent!';
$scope.submitted = false;
} else {
$scope.messages = 'Oops, we received your request, but there was an error processing it.';
$log.error(data);
}
})
.error(function(data, status, headers, config) {
$scope.progress = data;
$scope.messages = 'There was a network error. Try again later.';
$log.error(data);
});
// Hide the status message which was set above after 3 seconds.
var promise = $timeout(function() {
$scope.messages = null;
}, 3000);
$scope.progress.addPromise(promise);
};
});
php file:
<?php
/*error_reporting(E_ALL);
ini_set('display_errors', '1');
require_once 'js/PHPMailerAutoload.php';*/
ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
$data = file_get_contents("php://input");
$postData = json_decode($data);
if (isset($_POST['name']) && isset($_POST['email']) && isset($_POST['toggle']) && isset($_POST['comments'])) {
//check if any of the inputs are empty
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['toggle']) || empty($_POST['comments'])) {
$data = array('success' => false, 'message' => 'Please fill out the form completely.');
echo json_encode($data);
exit;
}
$email = trim($_POST['email']);
$subject = trim($_POST['toggle']);
//email address settings
$my_address = "*#yahoo.com";
$headers = "From: ".$email;
$message = "Name: " . $_POST['name'] . "\r\n\r\nMessage: " . $_POST["phone"] . "\r\n\r\nMessage: " . stripslashes($_POST['comments']);
$to = $my_address;
if (isset($_POST['ref'])) {
$mail->Body .= "\r\n\r\nRef: " . $_POST['ref'];
}
if(!$mail->send()) {
$data = array('success' => false, 'message' => 'Message could not be sent. Mailer Error: ' . $mail->ErrorInfo);
echo json_encode($data);
exit;
}
mail($to, $subject, $message, $headers);
$data = array('success' => true, 'message' => 'Thanks! We have received your message.');
echo json_encode($data);
} else {
$data = array('success' => false, 'message' => 'Please fill out the form completely.');
echo json_encode($data);
}
?>
The error message that I get is: "Please fill out the form completely" - which means it doesn't get the values.
My other question is how in the AngularJS do I retrieve the data.success value from the php file?
You seem to be getting the data here:
$data = file_get_contents("php://input");
$postData = json_decode($data);
but then you're using $_POST instead. Perhaps this would work:
if (empty($postData['name']) //etc
It looks like you're accessing data.success appropriately and the value should be set to false as your code currently is.
Additional code review:
If there are errors on the server, it's best to return a status code that indicates that. As is, the server is returning 200 (default), which means everything is OK, even though the request is actually failing. That would eliminate the need for data.success. If the server sends status 200, your .success function will fire. If it returns an error status, like 404, then your .error function would fire instead.
I have doubts about your need of the Content-Type header. You might want to reconsider if that's necessary.
On your Angular form, you ought to nest those $scope properties in an object:
$scope.formData = {
name: '',
email: '',
//etc
}
Then, you can simply pass that directly to your $http call and to reset the values you can simply do $scope.formData = {}.
example code from Google+ Sign-In for server-side apps
// Create a state token to prevent request forgery.
// Store it in the session for later validation.
$state = md5(rand());
$app['session']->set('state', $state);
// Set the client ID, token state, and application name in the HTML while
// serving it.
return $app['twig']->render('index.html', array(
'CLIENT_ID' => CLIENT_ID,
'STATE' => $state,
'APPLICATION_NAME' => APPLICATION_NAME
));
Question: How to server-side work without silex/twig ?
I use this Client Library(PHP)please test this codes it works fine
index.php
<?php
session_start();
$data['state'] = md5(uniqid(rand(), true));
$_SESSION['state'] = $data['state'];
?>
<html itemscope itemtype="http://schema.org/Article">
<head>
<!-- BEGIN Pre-requisites -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js">
</script>
<meta name="google-signin-scope" content="https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.moments.write https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.profile.agerange.read https://www.googleapis.com/auth/plus.profile.language.read https://www.googleapis.com/auth/plus.circles.members.read https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/userinfo.email" />
<script type="text/javascript">
(function () {
var po = document.createElement('script');
po.type = 'text/javascript';
po.async = true;
po.src = 'https://plus.google.com/js/client:plusone.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
})();
</script>
<!-- END Pre-requisites -->
</head>
<body>
<!-- Add where you want your sign-in button to render -->
<div id="signinButton">
<span class="g-signin"
data-scope="https://www.googleapis.com/auth/plus.login"
data-clientid="Your clientid"
data-redirecturi="postmessage"
data-accesstype="offline"
data-cookiepolicy="single_host_origin"
data-callback="signInCallback">
</span>
</div>
<button id="signoutButton" style="display:none" onclick="signout()">signout</button>
<div id="result"></div>
<script type="text/javascript">
function signInCallback(authResult) {
if (authResult['code']) {
// Hide the sign-in button now that the user is authorized, for example:
$('#signinButton').attr('style', 'display: none');
$('#signoutButton').attr('style', 'display: block');
var state = '<?php echo $_SESSION['state']; ?>';
var param = new Array();
var param = [authResult['code'],state];
// Send the code to the server
$.ajax({
type: 'POST',
url: 'plus.php?storeToken&state',
contentType: 'application/octet-stream; charset=utf-8',
success: function(result) {
// Handle or verify the server response if necessary.
console.log(result);
alert('connected');
},
processData: false,
data: param
});
} else if (authResult['error']) {
alert('Could not automatially log in the user');
console.log('There was an error: ' + authResult['error']);
}
}
function signout(){
gapi.auth.signOut();
$('#signoutButton').attr('style', 'display: none');
$('#signinButton').attr('style', 'display: block');
console.log('sign out');
}
</script>
</body>
</html>
plus.php
<?php
session_start();
require_once 'src/Google_Client.php';
require_once 'src/contrib/Google_PlusService.php';
$client = new Google_Client();
$CLIENT_ID = 'CLIENT ID';
$client->setClientId($CLIENT_ID);
$client->setClientSecret('Client Secret');
$client->setRedirectUri('postmessage');
$code = explode(",",file_get_contents('php://input'));
if (isset($code[1]) && $code[1] === $_SESSION['state'])
{
$plus = new Google_PlusService($client);
$client->authenticate($code[0]);
$token = json_decode($client->getAccessToken());
// Verify the token
$reqUrl = 'https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=' .
$token->access_token;
$req = new Google_HttpRequest($reqUrl);
$tokenInfo = json_decode(
$client::getIo()->authenticatedRequest($req)->getResponseBody());
$userId = $tokenInfo->user_id;
$userEmail = $tokenInfo->email;
// If there was an error in the token info, abort.
if (isset($tokenInfo->error)) {
print $tokenInfo->error;
}
// Make sure the token we got is for our app.
if ($tokenInfo->audience != $CLIENT_ID) {
print "Token's client ID does not match app's.";
}
print 'Token from result: ' . print_r($token, true);
print '<<<<<<<<<<< tokenInfo >>>>>>> ' . print_r($tokenInfo, true);
}
else
{
echo "Invalid state parameter";
}
don't forget to add your CLIENT ID and Client Secret.
Sign out not working in localhost.
There are two answers, as there are two libraries you're wanting to do without.
For the first (Silex):
// Create a state token to prevent request forgery.
// Store it in the session for later validation.
$state = md5(rand());
$app['session']->set('state', $state);
This is simply storing a session variable for later use. This can be done easily in PHP:
<?php
session_start();
$state = md5(rand());
$_SESSION['state'] = $state;
?>
Later on, you would verify the correct state value from the client by comparing what the client sends to $_SESSION['state'].
The second part (Twig):
// Set the client ID, token state, and application name in the HTML while
// serving it.
return $app['twig']->render('index.html', array(
'CLIENT_ID' => CLIENT_ID,
'STATE' => $state,
'APPLICATION_NAME' => APPLICATION_NAME
));
This is simply replacing values in the rendered HTML with known values. You could do this by replacing every instance of {{ VARIABLE_NAME }} in the sample index.html with a PHP variable (such as changing {{ CLIENT_ID }} to <?php echo $CLIENT_ID; ?>) and then, of course, setting that variable in your code.
You would then call your PHP script instead, and have your script read in and return the index.html file.
Edit
For Step 7: Confirm the anti-request forgery state token on the server
// Ensure that this is no request forgery going on, and that the user
// sending us this connect request is the user that was supposed to.
if ($request->get('state') != ($app['session']->get('state'))) {
return new Response('Invalid state parameter', 401);
}
Instead use:
if ($_REQUEST['state'] != $_SESSION['state'])) {
header("HTTP/1.1 401 Unauthorized");
echo "Invalid state parameter";
exit;
}
For Step 8: Initialize the Google API client library and start the Google+ service:
For every line that is return new Response('{Message}', {HTTP status code}); replace it with
header("HTTP/1.1 {HTTP status code});
echo "{Message}";
exit;
Then instead of
// Store the token in the session for later use.
$app['session']->set('token', json_encode($token));
$response = 'Succesfully connected with token: ' . print_r($token, true);
put
// Store the token in the session for later use.
$_SESSION['token'] = json_encode($token));
$response = 'Succesfully connected with token: ' . print_r($token, true);