I am desperately trying to make my form works.
But I am having issue with validating the recaptcha server side.
I have been looking around and going over my form a thousand times making tests, I know it doesn't pass the step of the recaptcha, but can't figure it out.
Here is my piece of code :
//variable :
$recaptcha = $_POST['g-recaptcha-response'];
//test captcha
if($recaptcha != '')
{
$secret = " MY KEY HERE";
$ip = $_SERVER['REMOTE_ADDR'];
$var = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$recaptcha."&remoteip=".$ip);
$array = json_decode($var,true);
//check if captcha ok then check fields empty
if($array['success'])
Please let me know if you can find anything wrong.
Thank you.
(indeed I removed my security key)
In my testing, I ran into two problems that you might be having.
The remoteip argument is optional. When I removed it, everything worked. Here's why: I was testing with both client and server machines on private IP's behind a firewall, so the $_SERVER['REMOTE_ADDR'] value on my server was 192.168.x.x. Google saw the public IP of my NAT firewall, so that is what siteverify tried to match against.
You can only check a given response once. If you try to check it again, it will always fail. So during testing you need to use a fresh one each time.
Also, you can simplify your PHP code a bit by using:
"...siteverify?secret=$secret&response=$recaptcha");
Try this:
$secret = "YOUR-SECRET-KEY";
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $secret . '&response=' . $_POST['g-recaptcha-response']);
$googleResponse = json_decode($verifyResponse);
if ($googleResponse->success)
{
$captchaVerified = true;
}
Related
I saw a couple of days ago this tutorial on youtube.
It was very interesting, so I decided to make a own bot.
I used the code from the tutorial as a template:
<?php
$bottoken = "*****";
$website = "https://api.telegram.org/bot".$bottoken;
$update = file_get_contents('php://input');
$updatearray = json_decode($update, TRUE);
$length = count($updatearray["result"]);
$chatid = $updatearray["result"][$length-1]["message"]["chat"]["id"];
$text = $updatearray["result"][$length-1]["message"]["text"];
if($text == 'hy'){
file_get_contents($website."/sendmessage?chat_id=".$chatid."&text=hello");
}
elseif($text == 'ciao'){
file_get_contents($website."/sendmessage?chat_id=".$chatid."&text=bye");
}
The script worked if I execute the script manually. However when I use the webhook it doesn't work anymore. The tutorial said that $update = file_get_contents('php://input'); is the right way, to be used before $update = file_get_contents($website."/getupdates");. My question how can I use php://input to execute my script automatically? The script is on a server from "one.com" and the certificate is also from "one.com".
If you use selfsigned ssl you have to point to the ssl path ,,
use the ssh to run this command after filling it with your real data ,,
curl -F "url=https://example.com/myscript.php" -F "certificate=#/etc/apache2/ssl/apache.crt" https://api.telegram.org/bot<SECRETTOKEN>/setWebhook
After change to WebHook method, you need to put as follows, since now we are going to handle one message at time. For me works perfectly.
instead
$chatId = $updateArray["result"][0]["message"]["chat"]["id"];
to
$chatID = $update["message"]["chat"]["id"];
this is the answer for all of your problems.
follow this step after you got a secret token for your bot:
create file in your website https://yourdomain.com/secret-folder/index.php
create your php file like this :
<?php
$website = 'https://api.telegram.org/bot123456789:1234567890ABCDEF1234567890ABCDEF123/';
$content = file_get_contents("php://input");
$update = json_decode($content, true);
if (isset($update["message"])){
$chatID = $update["message"]["chat"]["id"];
$text = $update["message"]["text"];
if ( $text == '/start' ) {
// send welcome message
file_get_contents($website."sendMessage?chat_id=".$chatID."&text=Welcome to my bot");
}else{
// send another message or do your logic (up to you)
file_get_contents($website."sendMessage?chat_id=".$chatID."&text=some text here");
}
}
?>
Set Your Webhook from this bot #set_webhookbot
choose command or type ' ست وب هوک '
reply with your secret bot token ex: ' 123456789:1234567890ABCDEF1234567890ABCDEF123 '
reply with your webhook address 'https://yourdomain.com/secret-folder/index.php'
reply with /setwebhook
if you follow step by step its will work.
enjoy it !!
Sorry for digging up this old question so enthusiastically, I had exactly the same question as you.
I think actually the answer may be easier yet less satisfying as we hoped: I don't think it's possible to get a list of previous messages to the bot while using the webhook.
Namely: what this does, is run the PHP script directly as soon as the bot receives a message. Nothing is stored in an accessible database, hence no updateArray is returned.
I came across this example, which shows how php://input works. I guess the solution to display a list of messages would be, let the php script store the message in a database everytime a message is 'forwarded' via the webhook.
If anyone found something else: I'm very interested.
As per my understanding from your code snippet above, you need to use php://input within double quotes instead of single quotes. In php, we are having bing difference in this use case.
I'm getting the "Configuration Failed" pop up after submitting my URL and Token in the WeChat sandbox environment. Could anyone suggest ways to debug or find a solution? Here are the details:
running a Heroku server and using the heroku generated URL.
pushed the sample code found in the documentation here
followed the youtube tutorial, copied the code and tried that as well.
<?php
$data[] = 'Test123';
$data[] = $_GET['timestamp'];
$data[] = $_GET['nonce'];
asort($data);
$strData = '';
$d = '';
$authString = '';
foreach($data as $d){
$authString .= $d;
}
//verify the signture
if(sha1($authString) == $_GET[signature]){
//check if the echostr
if(!empty($_GET['echostr'])){
echo $_GET['echostr'];
die();
}else{
//logic goes here
$return = '<xml>
<ToUserName><![CDATA['.$toUser.']]></ToUserName>
<FromUserName><![CDATA['.$fromUser.']]></FromUserName>
<CreateTime>'.time().'</CreateTime>
<MsgType><![CDATA[text]]></MsgType>
<Content><![CDATA['.$text.']]></Content>
<FuncFlag>0</FuncFlag>
</xml>';
echo $return;
}
}else{
die('You are not supposed to be here');
}
?>
checked the logs and found that its working fine but shows no activity when I submit the URL and token on WeChat sandbox.
have tried different variations of URL, from using the root URL to finishing with the php file ie xxxx/responder.php
Token submitted matches Token used in code.
Uploading raw php to the server, hijacked the heroku php hello world app with the documentation code or youtube code.
The code itself comes straight from the WeChat Docs or the Youtube Video. Please let me know if I could provide any additional information.
Any advice, tips or hints would be really appreciated.
Please check. The sandbox environment was broken for International. This should be resolved now. Please test again
How to upload videos using youtube api from localhost web application in codeigniter or php?
I followed the steps in youtube library as follows:
api key : 'my developer key'
consumer key : 'anonymous'
consumer secret : 'anonymous'
I am using the functions as follows and my site url is : http://localhost/ci-youtube/example/request_youtube
//CALL THIS METHOD FIRST BY GOING TO
//www.your_url.com/index.php/request_youtube
public function request_youtube()
{
$params['key'] = 'anonymous';
$params['secret'] = 'anonymous';
$params['algorithm'] = 'HMAC-SHA1';
$this->load->library('google_oauth', $params);
$data = $this->google_oauth->get_request_token(site_url('example/access_youtube'));
print_r($data);
$this->session->set_userdata('token_secret', $data['token_secret']);
redirect($data['redirect']);
//$this->load->view('welcome_message');
}
//This method will be redirected to automatically
//once the user approves access of your application
public function access_youtube()
{
$params['key'] = 'anonymous';
$params['secret'] = 'anonymous';
$params['algorithm'] = 'HMAC-SHA1';
$this->load->library('google_oauth', $params);
$oauth = $this->google_oauth->get_access_token(false, $this->session->userdata('token_secret'));
$this->session->set_userdata('oauth_token', $oauth['oauth_token']);
$this->session->set_userdata('oauth_token_secret', $oauth['oauth_token_secret']);
}
But it shows the error : 'Invalid Token'
Any idea ?
Thanks in advance for quick reply.
I think you still haven't got an API key from YouTube yet. Is that so?
I haven't published this yet but I'm about to release a PHP based Youtube autouploader, that allows you to run uploads from a NAS box, spare PC etc.
https://github.com/Danack/Youtube-Autouploader
It has a complete example for how to upload videos to Youtube in there, in particular the function "uploadVideo($filename, $videoInfo)"
https://github.com/Danack/Youtube-Autouploader/blob/master/youtubeCurl.php
First make sure you are using the correct consumer key and consumer secret.
Second if you run into problems with either the Google_oauth library or the Youtube library make sure you set the DEBUG constant in those libraries to true. Doing that will dump a lot more logging information in to the PHP error log which should help you diagnose the problem.
Timestamp is too far from current time:
It seems like your server time is not correctly set. Please correct your server time, you may want to restart your web server after fixing the time. - Change Server time. Try restart Webserver first. If not work, restart your Computer ==> it work!.
I am trying to use Amazon Payment Services, and they require me to do something like this:
Here is the complete signature so you can see I added the signature method:
$string_to_sign = "GET\n
authorize.payments-sandbox.amazon.com\n
cobranded-ui/actions/start?
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=my_key&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fyourwebsite.com%2Freturn.html&transactionAmount=4.0";
and then I encrypt it like below.
$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));
I do that, but then I get an error from them saying:
Caller Input Exception: The following input(s) are either invalid or absent:[signatureMethod]
Any idea what might be going wrong here?
Here is the entire code for this: (the variables are assigned values above)
<?php
$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com/cobranded-ui/actions/startSignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=AKIAJENBYSJCJX2IDWDQ&callerReference=YourCallerReference&paymentReason=donation&pipelineName=SingleUse&returnUrl=http%3A%2F%2Fproblemio.com&transactionAmount=4.0';
$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, 'my_secret_key')));
$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl='.$return_url.'&paymentReason='.$payment_reason.'&callerReference=YourCallerReference&callerKey='.$my_access_key_id.'&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature='.$encoded_string_to_sign;
//echo $amazon_request_sandbox; - use this if you want to see the resulting request and paste it into the browser
header('Location: '.$amazon_request_sandbox);
?>
Thanks!!
Check if you included &SignatureMethod=HmacSHA256 on the request
This kind of errors has 3 basic natures:
Missing Keys/Values
Typos on Keys/Values
Incorrect encoding or spaces on Keys/Values
Hope that helps!
Regards
The only piece that wasn't suggested was that you need to use rawurlencode() on the transactionAmount that's part of the $string_to_sign.
Most other answers are a piece of the problem. For instance, you need to add a new line to the $string_to_sign after the GET (which you have), after the authorize.payments-sandbox.amazon.com, and after the /cobranded-ui/actions/start. You also need to set the $raw_output parameter to true in the hash_hmac() function.
I've included a complete working rewrite of your code (replace <Your_Access_Key> and <Your_Secret_Key>):
$return_url = rawurlencode('http://problemio.com');
$payment_reason = 'donation';
$transaction_amount = rawurlencode('4.0');
$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';
$string_to_sign = 'GET
authorize.payments-sandbox.amazon.com
/cobranded-ui/actions/start
SignatureMethod=HmacSHA256&SignatureVersion=2&callerKey=' . $my_access_key_id . '&callerReference=YourCallerReference&paymentReason=' . $payment_reason . '&pipelineName=SingleUse&returnUrl=' . $return_url . '&transactionAmount=' . $transaction_amount;
$encoded_string_to_sign = URLEncode(Base64_Encode(hash_hmac("sha256", $string_to_sign, $secret_key, true)));
$amazon_request_sandbox = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start?SignatureVersion=2&returnUrl=' . $return_url . '&paymentReason=' . $payment_reason . '&callerReference=YourCallerReference&callerKey=' . $my_access_key_id . '&transactionAmount=4.0&pipelineName=SingleUse&SignatureMethod=HmacSHA256&Signature=' . $encoded_string_to_sign;
However, I strongly suggest that you use the PHP library provided by the FPS community which can be downloaded here. I use this in production code and have never had an issue. Using the FPS library, your code would look like the following:
<?php
require_once 'CBUISingleUsePipeline.php';
require_once 'CBUIPipeline.php';
$secret_key = '<Your_Secret_Key>';
$my_access_key_id = '<Your_Access_Key>';
$return_url = 'http://problemio.com';
$transaction_amount = '4.0';
$caller_reference = '<Your_Caller_Reference>';
$payment_reason = 'donation';
$base = 'https://authorize.payments-sandbox.amazon.com/cobranded-ui/actions/start';
$pipeline = new Amazon_FPS_CBUISingleUsePipeline($my_access_key_id, $secret_key);
$pipeline->setMandatoryParameters($caller_reference, $return_url, $transaction_amount);
$pipeline->addParameter('paymentReason', $payment_reason);
$uRL = $pipeline->getURL($base);
?>
Have you set your signature method? from the AWS documentation:
You must set the SignatureMethod request parameter to either
HmacSHA256 or HmacSHA1 to indicate which signing method you're using
I don't believe you need to base64 encode the hash (after all, it's already being urlencoded) -- try removing Base64_Encode.
Your $string_to_sign variable is missing a '?' between start and SignatureMethod for your encoded Signature.
Signature version 2 is an enhanced signing method for both Amazon
Simple Pay and Amazon Flexible Payments Service.
For inbound requests (from your application to Amazon Payments), it
uses the entire request URI as the basis for the signature, with
encryption based on the unique security credentials for your account.
For outbound requests (from Amazon Payments to your application),
Amazon signs the response which you can verify using the
VerifySignature API
EDIT:
As #Jonathan Spooner mentioned already and what I use is the function varifySignature() located in
/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/Client.php
which can be downloaded here. It also has an example as to how to use it in
/amazon-fps-2010-08-28-php5-library/src/Amazon/FPS/Samples/VerifySignatureSample.php
It makes the whole process much easier. It may be worth a shot...
Have you tried this
base64_encode(hash_hmac('sha256', $Request, $AmazonSecretKey, true));
Pass a boolean to pass it as a raw output.
You're most definitely missing the last parameter for hash_hmac which has to be set true to get RFC 2104-compliant HMAC signature:
base64_encode(
hash_hmac($hash, $data, $key, true)
);
And in the complete example you're missing new lines in $string_to_sign.
I have a question about the use off the http api from the company clickatell.
They actually have several api that you can use, amongst are xml and smtp also.
Does anyone have any experience with those, especially with the http api.
For the http api:
Does this php code actually doing the work in the background?
This line $ret = file($url); -
I am sorry, I haven't setup anything yet to test it. I am just trying to find out wich api I can start testing with -.
Also, is there a performance difference between using smtp api and http api?
// SMS gateway script
$user = "XXXX";
$password = "XXXXXX";
$api_id = "XXXXXX";
$baseurl ="http://api.clickatell.com";
$text = urlencode("HTTP://WWW.TIMES.COM/DOWNLOADS/SUGRAFREE.SISX");
$to = $_POST["phone number"];
// auth call
$url = "$baseurl/http/auth?user=$user&password=$password&api_id=$api_id";
// do auth call
$ret = file($url);
// split our response. return string is on first line of the data returned
$sess = split(":",$ret[0]);
if ($sess[0] == "OK") {
$sess_id = trim($sess[1]); // remove any whitespace
$url = "$baseurl/http/sendmsg?session_id=$sess_id&to=$to&text=$text";
// do sendmsg call
$ret = file($url);
$send = split(":",$ret[0]);
if ($send[0] == "ID")
echo "An Email with account details and SMS has been sent..
thanks, Richard
I have experience with clickatell API - a good one.
SMTP is slower - you need your email to get to the clickatell servers. which could take a second or a minute.
HTTP is much better and recommended, moreover you can create one session and send multiple sms in one go.
ps: i have not tested your code, but it should work, although i would recommend checking CURL library for HTTP connections.