I am willing to get a json response whether an administrator is registered or not. So I made this get function with these parameters shown below:
$app->get('/admin/:email/:password', function($email, $password){
$password = md5($password);
$databaseObject = new DatabaseLayer();
$isRegistered = $databaseObject->isAdminExist($email, $password);
$app = \Slim\Slim::getInstance();
if ($isRegistered){
$app->response->setStatus('200');
$app->response->headers->set('Content_Type', 'application/json');
echo json_encode(Array('isLogin' => '1'));
} else {
echo json_encode(Array('isLogin' => '0'));
}
});
My problem is when I add a point to the email parameter, it doesn't work.
Here is a screenshot with no point in the email param:
Here is a second screenshot with a point in the email param:
Please can I get some help, this is for a project I am making.
Thank you.
For more further information, I am using Slim version 2.*
Your route should be like this:
$app->get('/admin/{email}/{password}', function($email, $password){
Related
I just started developing with simplesamlPHP. I installed simpleSamlPhp and I followed the steps given in https://simplesamlphp.org/docs/development/simplesamlphp-sp-api to integrate my php application with simpleSAMLPhp and I am using the simpleSaml APIs given in the document.
Below is the code:
require_once('/var/simplesamlphp/lib/_autoload.php');
$auth = new \SimpleSAML\Auth\Simple('default-sp');
if($auth->isAuthenticated()){
$attributes = $auth->getAttributes();
}else{
echo "Not authenticated";
$auth->requireAuth();
}
$auth->isAuthenticated() is always returning false. Do I need to do anything else? or am I missing something?
Before calling isAuthenticated(), you need to call requireAuth(). The idea is that you request authentication against an entity and later on you are able to check if the user is authenticated or not.
require_once('/var/simplesamlphp/lib/_autoload.php');
$auth = new \SimpleSAML\Auth\Simple('default-sp');
$auth->requireAuth();
if($auth->isAuthenticated()){
$attributes = $auth->getAttributes();
}else{
echo "Not authenticated";
}
I wanted to know if anyone can assist me on this, how do I set a Password grant type callback?
I have a working OAuth2.0 provider server running on my localhost and I just need to validate the user's credentials when requesting an access token.
I believe I just need to set a callback function. Herewith my code :
$app->setService('oauth', function() use ($config) {
$oauthdb = new \Twm\Db\Adapter\Pdo\Mssql(
$config
->database
->oauth
->toArray()
);
$server = new \League\OAuth2\Server\Authorization(
new \Oauth2\Server\Storage\Pdo\Mssql\Client($oauthdb),
new \Oauth2\Server\Storage\Pdo\Mssql\Session($oauthdb),
new \Oauth2\Server\Storage\Pdo\Mssql\Scope($oauthdb)
);
$request = new \Oauth2\Server\Storage\Pdo\Mssql\Request();
$server->setRequest($request);
// do i set a callback here???
$server->setAccessTokenTTL(86400);
$server->addGrantType(new League\OAuth2\Server\Grant\Password($server));
return $server;
});
If anybody can help I appreciate it, thanks!
UPDATE
So I read up on this subject here : https://github.com/thephpleague/oauth2-server/issues/97
It looks like that I indeed have to setup some kind of callback function to verify the user. I just need a little more help on this.
UPDATE
Thanks to Alex, I implemented the Password verify routine below, and it works.
$app->setService('oauth', function() use ($config, $app) {
$oauthdb = new \Twm\Db\Adapter\Pdo\Mssql(
(array) $config->database->oauth
);
$server = new \League\OAuth2\Server\Authorization(
new \Oauth2\Server\Storage\Pdo\Mssql\Client($oauthdb),
new \Oauth2\Server\Storage\Pdo\Mssql\Session($oauthdb),
new \Oauth2\Server\Storage\Pdo\Mssql\Scope($oauthdb)
);
# Not required as it called directly from original code
# $request = new \League\OAuth2\Server\Util\Request();
# add these 2 lines code if you want to use my own Request otherwise comment it
$request = new \Oauth2\Server\Storage\Pdo\Mssql\Request();
$server->setRequest($request);
$server->setAccessTokenTTL(86400);
$grant = new League\OAuth2\Server\Grant\Password();
$grant->setVerifyCredentialsCallback(function($username, $password){
//echo "it works! ". $username . ' : ' . $password;
// if verified, then return true
// else return false
});
$server->addGrantType($grant);
return $server;
});
You need to call the setVerifyCredentialsCallback($callback) method on the grant.
So altering your code slightly:
$request = new \Oauth2\Server\Storage\Pdo\Mssql\Request();
$server->setRequest($request);
$server->setAccessTokenTTL(86400);
$grant = new League\OAuth2\Server\Grant\Password($server);
$grant->setVerifyCredentialsCallback(function ($username, $password) {
// your logic here - must return a user ID if credentials are valid or false if not
});
$server->addGrantType();
return $server;
I have two one question about the Fat Free Framework.
First of all, how can i use multiple parameters(tokens in fat free framework) in a GET request?
Or, is there only 1 token possible per REST GET request, and should one handle additional
arguments as a regular GET request, for example:
domain/rest/somedata/5231?param1=value1¶m2=value2
where the ?param1=value1¶m2=value2 should be 'manually' parsed, not by a framework?
Is it at all possible to build a RESTful API with Fat Free Framework and also have some area's or routes needing authentication? if so, how?
I just stumbled upon this related question: REST API Best practices: Where to put parameters?
[edit]: i've found out that it is indeed possible to have authentication with fat free framework using several methods. However, they seem not very well documented (at least not on their github wiki).
[edit2] Since it's only very basic authentication, for now i'm using this:
function beforeRoute($f3,$params) {
$url = $params[0];
$parsed_key = parse_str(parse_url($url, PHP_URL_QUERY));
if (isset($apikey)){
// check if apikey is in database
$authenticated = false;
foreach(R::find('apikey') as $key_bean) {
if($key_bean->key == $apikey) {
$authenticated = true;
break;
}
}
if($authenticated == false) $f3->error(403);
} else {
$f3->error(403);
}
}
I'm looking for documentation on the basic http authentication method!
The auth class always authenticates you against a mapper. Feel free to use F3's Jig, Mongo or SQL.
$db = new DB\SQL('mysql:host=localhost;dbname=mydb', 'dbuser', '1234');
$mapper = new DB\SQL\Mapper($db, 'users');
$auth = new Auth($mapper, array('id'=>'username','pw'=>'password'));
if($auth->basic())
return true;
password and username are field names in the database. id and pw are internal used by the auth class. I recommend checking the auth class code and the unit tests in the dev branch on Github.
An simple example would be something like...
Username: admin, Password: 123
// Create users table using Jig.
$db = new \DB\Jig('data/');
$users = array(
0 => array('username' => 'admin', 'password' => '202cb962ac59075b964b07152d234b70'),
);
$db->write('users', $users);
$db_mapper = new \DB\Jig\Mapper($db, 'users');
$auth = new \Auth($db_mapper, array('id' => 'username', 'pw' => 'password'));
// Callback function because of md5 stored password.
function chkauth($pw) {
return md5($pw);
}
$auth->basic('chkauth');
I have created one application in YiiFramework which has two functionalities.
1. Login to google
For login to google, I have followed the tutorial on below website.
Tutorial : https://github.com/Nodge/yii-eauth
Tutorial Demo : http://nodge.ru/yii-eauth/demo/login
2 Get calendar using Zend_Gdata Library
Tutorial : http://www.bcits.co.in/googlecalendar/index.php/site/install
Tutorial Demo : http://www.bcits.co.in/googlecalendar/index.php/site/page?view=about
[1st Step] I get successfully login to my application using yii-eauth.
[2nd Step] when I need to use calendar, I am giving hard coded gmail Id and password.
I am accessing calendar in this way.
<?php
$user = 'your gmail username';
$pass ='your gmail password';
Yii::app()->CALENDAR->login($user, $pass);
?>
login() in googlecalendar.php file.
public function login($user, $pass) {
$service = Zend_Gdata_Calendar::AUTH_SERVICE_NAME;
$client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, $service);// It uses hard-coded gmail/password to get login again
$calenderlist = $this->outputCalendarList($client);
$events = $this->outputCalendar($client);
$calendardate = $this->outputCalendarByDateRange($client, $startDate = '2011-05-01', $endDate = '2011-06-01');
.........
}
Does Zend_Gdata library contain any function which automatically gets calendar of current user without again logging in(hard-coded here).
Stuck with this. Appreciate helps. Thanks
From my understanding, Zend_Gdata_ClientLogin sets some parameters for $client which is the object returned. See the following excerpt from that function:
if ($loginToken || $loginCaptcha) {
if ($loginToken && $loginCaptcha) {
$client->setParameterPost('logintoken', (string) $loginToken);
$client->setParameterPost('logincaptcha', (string) $loginCaptcha);
} else {
require_once 'Zend/Gdata/App/AuthException.php';
throw new Zend_Gdata_App_AuthException(
'Please provide both a token ID and a user\'s response ' .
'to the CAPTCHA challenge.');
}
}
What you could do is store that token or that $client object (which is an instance of Zend_Gdata_HttpClient). Pretty much all of the Zend_Gdata components accept a $client argument.
Check out the __construct() method for Zend_Gdata_Calendar:
So anyway, you would want something similar to this logic (sorry I'm not familiar with Yii):
$client = Yii::app()->getClient();
if (!$client) {
$client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, $service);
Yii::app()->setClient($client);
}
Of course, you would have to then define that getClient() method somehow.
Hope this helps!
I want to read all birthdays of the friends from current user. I use the new Graph API of facebook. I request the authorization of the permissions (read_friendslist and friends_birthday) based on Facebooks insights example and php-sdk example. For reading the friendslist and the user details I used the Graph API with Facebook PHP SDK.
The upcoming code snippets are a short self contained correct example of my approach. If I try to use my app it requests login, then asks for permissions and then fails in printing all my friends due to the fact that no session is available. What's wrong here?
First is the birthday.php which is used by the following index.php, I removed some boilerplate code or code I think it's not causing this problem (identified by [...]). You can find the complete code on the end of this question.
<?php
function get_birthday_of_friends() {
$fbconfig['appid' ] = "MY_APP_ID";
$fbconfig['secret'] = "MY_APP_SECRET";
try{
include_once "facebook/src/facebook.php";
}
catch(Exception $o){
// [...] log error
}
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true,
));
$session = $facebook->getSession();
$fbme = null;
// Session based graph API call.
if ($session) {
// [...] return birthdays
} else {
echo "No session found";
}
}
?>
The required lib.php is identically with the insights example.
<?php
// [...] Include and define app-id etc.
function get_access_token($base_url) {
if (isset($_REQUEST['access_token'])) {
return $_REQUEST['access_token'];
}
$params = array();
$params['client_id'] = APP_ID;
$params['redirect_uri'] = $base_url;
if (!isset($_REQUEST['code'])) {
$params['scope'] = 'read_friendlists, friends_birthday';
$url = FacebookMethods::getGraphApiUrl('oauth/authorize', $params);
throw new RedirectionException($url);
} else {
$params['client_secret'] = APP_SECRET;
$params['code'] = $_REQUEST['code'];
$url = FacebookMethods::getGraphApiUrl('oauth/access_token');
$response = FacebookMethods::fetchUrl($url, $params);
$response = strstr($response, 'access_token=');
$result = substr($response, 13);
$pos = strpos($result, '&');
if ($pos !== false) {
$result = substr($result, 0, $pos);
}
return $result;
}
}
// [...] Call get_access_token() and get_birthday_of_friends()!
?>
Can you help me with that? I added the whole source code on pastebin.com if this helps you to identify my problem. Source code on pastebin.com for "index.php" and "birthday.php".
Thank you in advance!
I am not sure if the method that you are using is deprecated or not, but I know it's the old way and you should try with the new one in order to get the auth token.
Take a look at this link:
http://developers.facebook.com/docs/authentication/signed_request/
In a glance, you have to:
Get the signed_request parameter from $_REQUEST.
Use the sample function provided in
the link to decode it Once you decode
it, you will have an array in which
there is a parameter called
oauth_token.
With this parameter, you can start
making calls to the Graph by
appending it to the URL e.g.
*https://graph.facebook.com/PROFILE_ID/pictures/?access_token=OAUTH_TOKEN*
Make sure that you have Oauth 2.0 for Canvas enabled into the Configuration settings of your app (Advanced tab).
I think in some browsers there's a prblem with third party cookies. Are you testing in Safari? And also, try to add permissions to the loginUrl - it's a bit more simple than adding and requesting the permissions with oauth.
If no session is available, I had to redirect to the login page and require the extended permissions with the parameters. This did the trick to me, thanks to manuelpedrera for helping me out.
$facebook->getLoginUrl(array('req_perms' => 'read_friendlists, [...]'));