I am uploading image on my signup page which is submitted by ajax and is send to ajaxcall.php where i add some headers to the request and send it to the register api which register the user
issue : i am receiving the $_POST and $_FILE in ajaxcall.php but on sending the curl request with the same parameters and few headers are added i do not recieve the post params on the server side
Below is the code for creating content deposition
function genereatePostFileVars($file,$rem=array(),$boundary)
{
$postvar="";
foreach($_POST as $key=>$val)
{
if($key!='endpoint')
{
if(!in_array($key,$rem))
{
if($key != 'uname')
{
$postvar.="\r\n$boundary\r\nContent-Disposition: form-data; name=\"$key\"\r\n\r\n$val";
}
else
{
$postvar.="\r\n$boundary\r\nContent-Disposition: form-data; name=\"name\"\r\n\r\n$val";
}
}
}
}
if(!empty($_FILES))
{
$filedata=array();
if(count($_FILES[$file]['name'])>1)
{
for($i=0;$i<count($_FILES[$file]['name']);$i++)
{
$fst='file'.($i+1);
$filedata[$fst]['name']=$_FILES[$file]['name'][$i];
$filedata[$fst]['error']=$_FILES[$file]['error'][$i];
$filedata[$fst]['tmp_name']=$_FILES[$file]['tmp_name'][$i];
$filedata[$fst]['size']=$_FILES[$file]['size'][$i];
}
}
else{
$filedata['file']=$_FILES[$file];
;
}
foreach($filedata as $name=>$value){
$postvar.="\r\n".$boundary."\r\nContent-Disposition: form-data; name=\"$name\"; filename=\"".$value['name']."\"\r\nContent-Type:".$value['type']."\r\n";
}
}
$postvar.="\r\n$boundary--";
return $postvar;
}
Output for above code:
-----1465984203238231624
Content-Disposition: form-data; name="name"
himanshi
-----1465984203238231624
Content-Disposition: form-data; name="username"
wvhxc
-----1465984203238231624
Content-Disposition: form-data; name="email"
wvhxc#gmail.com
-----1465984203238231624
Content-Disposition: form-data; name="password"
vdschh
-----1465984203238231624
Content-Disposition: form-data; name="file"; filename="10940545_822721561108202_6765172210735079451_n.jpg"
Content-Type:image/jpeg
-----1465984203238231624--
Headers that are send:
Array
(
[0] => Accept:application/json,image/*
[1] => Expect:
[2] => authToken: 72b5a44d3e9c50fc81dd196d75a1b375
[3] => timestamp: 2016-06-15 09:50:03
[4] => content-type: multipart/form-data; boundary=-----1465984203238231624
[5] => deviceType:Web
[6] => apiVersion:v0.1
)
Response i get:
HTTP/1.1 400 Bad Request
Date: Wed, 15 Jun 2016 09:50:03 GMT
Server: Apache/2.2.29 (Unix) mod_wsgi/3.5 Python/2.7.10 PHP/5.6.10 mod_ssl/2.2.29 OpenSSL/0.9.8zh DAV/2 mod_fastcgi/2.4.6 mod_perl/2.0.9 Perl/v5.22.0
X-Powered-By: PHP/5.6.10
Set-Cookie: PHPSESSID=5f784328aa7571352c1ba2e127a96ef6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Headers: Authorization
Allow: POST
Content-Length: 80
Connection: close
Content-Type: application/json; charset=UTF-8
{"status":false,"message":"Username or email is required for signup.","data":[]}
Please let me know what i am doing wrong,Thanks in advance
Related
I am trying to send yahoo calendars(caldav) a request to get "current-user-principal" But In response I am getting "401 Unauthorized" error. Before this request I am making another request to get "OPTIONS" which is giving "200 OK" response.
Request call is
PROPFIND / HTTP/1.1
Authorization: Basic XXXXXXXXXXXXXXXX=
Host: calendar.yahoo.com:443
Depth: 0
Prefer: return-minimal
Content-type: application/xml; charset=utf-8
Content-Length: 85
User-Agent: DAViCalClient
Connection: close
Request Response is:
string(613) "HTTP/1.1 401 Unauthorized
WSHost: tardis012.cal.bf1.yahoo.com
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 18-Feb-2021 03:44:03 GMT
WWW-Authenticate: Basic realm="YahooCalendar"
WWW-Authenticate: OAuth realm="YahooCalendar"
Content-Length: 0
Date: Fri, 19 Feb 2021 03:44:03 GMT
Age: 1
Server: ATS
Referrer-Policy: no-referrer-when-downgrade
Connection: close
Strict-Transport-Security: max-age=15552000
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
I am using a client library which has a function to make server request
function DoRequest( $relative_url = "" ) {
if(!defined("_FSOCK_TIMEOUT")){ define("_FSOCK_TIMEOUT", 10); }
$headers = array();
$headers[] = $this->requestMethod." ". $this->base_url . $relative_url . " HTTP/1.1";
$headers[] = "Authorization: Basic ".base64_encode($this->user .":". $this->pass );
$headers[] = "Host: ".$this->server .":".$this->port;
foreach( $this->headers as $ii => $head ) {
$headers[] = $head;
}
$headers[] = "Content-Length: " . strlen($this->body);
$headers[] = "User-Agent: " . $this->user_agent;
$headers[] = 'Connection: close';
$this->httpRequest = join("\r\n",$headers);
$this->xmlRequest = $this->body;
$fip = fsockopen( $this->protocol . '://' . $this->server, $this->port, $errno, $errstr, _FSOCK_TIMEOUT); //error handling?
if ( !(get_resource_type($fip) == 'stream') ) return false;
if ( !fwrite($fip, $this->httpRequest."\r\n\r\n".$this->body) ) { fclose($fip); return false; }
$rsp = "";
while( !feof($fip) ) { $rsp .= fgets($fip,8192); }
fclose($fip);
$this->headers = array(); // reset the headers array for our next request
$this->ParseResponse($rsp);
return $rsp;
}
Here is class init.
$cal = new CalDAVClient("https://calendar.yahoo.com/", "piyush138", "XXXXXXXXXXX", "calendar" );
Link to library
The following request gives "200 ok" response which runs before above request:
Request to server
OPTIONS / HTTP/1.1
Authorization: Basic cGl5dXNoMTM4OkQxZzF0YWxoZWw=
Host: calendar.yahoo.com:443
Content-Length: 0
User-Agent: DAViCalClient
Connection: close
Response from server
string(668) "HTTP/1.1 200 OK
WSHost: tardis030.cal.bf1.yahoo.com
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Thu, 18-Feb-2021 03:44:01 GMT
DAV: 1, 3, calendar-access
MS-Author-Via: DAV
Allow: HEAD, MKCOL, POST, PROPFIND, ACL, COPY, REPORT, OPTIONS, PUT, DELETE, MKCALENDAR, MOVE, GET, PROPPATCH
Content-Length: 0
Date: Fri, 19 Feb 2021 03:44:02 GMT
Age: 3
Server: ATS
Referrer-Policy: no-referrer-when-downgrade
Connection: close
Strict-Transport-Security: max-age=15552000
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
I also tried simplifying my password but that didn't work either
I have found the Solution.
I was using the conventional password in server call but in actual I had to use "APP Password" which you can create from
your yahoo account Under "Account security" tab.
I call an API and the response is like this:
HTTP/1.1 201 Created
Date: Tue, 12 Jun 2018 13:13:34 GMT
Server: Apache/2.4.x (Ubuntu)
Set-Cookie: PHPSESSID=id; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 114
Connection: close
Content-Type: application/json
{"id":"id_code|id_code|id_code","error":{"code":0,"message":"message"}}
What I want to do is take only the json part from final:
{"id":"id_code|id_code|id_code","error":{"code":0,"message":"message"}}
Can I do this using PHP?
Thank you!
You can get the contents of the response with $response->getBody()->getContent(), or you can cast the body to a string. From there if it is in JSON format you can decode it as normal:
// this works
$jsonResults = json_decode($response->getBody()->getContent(), true);
// so does this
$jsonResults = json_decode((string) $response->getBody(), true);
I am trying to communicate to an API using cURL. One of the methods require that I pass the value of the ININ-ICWS-CSRF-Token header (ie. WAhtYWxoYXlla1dBY2NvUkRJWCQxZmUxZWFhZS0xZTE0LTQyNGYtYjdhZS0zNmZjN2MxYWJmODBYCjEwLjAuNC4xNjA=) and the Set-Cookie (ie. icws_904586002=bf7c7783-6766-4c4f-862b-48f25a9a3741) so I need to extract them so I can pass them later in my code.
Here is what I did to extract the header and the body from the cURL/API respond:
$respond = curl_exec($ch);
//throw cURL exception
if($respond === false){
$errorNo = curl_errno($ch);
$errorMessage = curl_error($ch);
throw new ApiException($errorMessage, $errorNo);
}
list($header, $body) = explode("\r\n\r\n", $respond, 2);
echo '<pre>';
print_r($header);
echo '</pre>';
This is the content of the $header value:
HTTP/1.1 201 Created
ININ-ICWS-CSRF-Token: WAhtYWxoYXlla1dBY2NvUkRJWCQxZmUxZWFhZS0xZTE0LTQyNGYtYjdhZS0zNmZjN2MxYWJmODBYCjEwLjAuNC4xNjA=
ININ-ICWS-Session-ID: 904586002
Set-Cookie: icws_904586002=bf7c7783-6766-4c4f-862b-48f25a9a3741; Path=/icws/904586002
Location: /icws/904586002/connection
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Type: application/vnd.inin.icws+JSON; charset=utf-8
Date: Wed, 06 May 2015 17:13:44 GMT
Server: HttpPluginHost
Content-Length: 237
I would like to get in return results like this
the value of "ININ-ICWS-CSRF-Token" is "WAhtYWxoYXlla1dBY2NvUkRJWCQxZmUxZWFhZS0xZTE0LTQyNGYtYjdhZS0zNmZjN2MxYWJmODBYCjEwLjAuNC4xNjA="
the value of the "cookie" is "ININ-ICWS-CSRF-Token: WAhtYWxoYXlla1dBY2NvUkRJWCQxZmUxZWFhZS0xZTE0LTQyNGYtYjdhZS0zNmZjN2MxYWJmODBYCjEwLjAuNC4xNjA="
You can use the http_parse_headers function to parse the headers.
$hdr_array = http_parse_headers($header);
foreach ($hdr_array as $name => $value) {
echo "The value of '$name' is '$value'<br>";
}
If you don't have http_parse_headers, you can use the code in Pedro Lobito's answer.
<?php
$myHeader = <<< LOL
HTTP/1.1 201 Created
ININ-ICWS-CSRF-Token: WAhtYWxoYXlla1dBY2NvUkRJWCQxZmUxZWFhZS0xZTE0LTQyNGYtYjdhZS0zNmZjN2MxYWJmODBYCjEwLjAuNC4xNjA=
ININ-ICWS-Session-ID: 904586002
Set-Cookie: icws_904586002=bf7c7783-6766-4c4f-862b-48f25a9a3741; Path=/icws/904586002
Location: /icws/904586002/connection
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Content-Type: application/vnd.inin.icws+JSON; charset=utf-8
Date: Wed, 06 May 2015 17:13:44 GMT
Server: HttpPluginHost
Content-Length: 237
LOL;
preg_match_all('/(.*?Token): (.*?)\s+/', $myHeader, $matches, PREG_PATTERN_ORDER);
$tokenName = $matches[1][0];
$token = $matches[2][0];
echo <<< LOL
the value of "$tokenName" is "$token"
the value of the "cookie" is "$tokenName: $token"
LOL;
?>
This is the raw POST call that im sending to the server (I'm using Postman REST Client):
POST / HTTP/1.1
Host: ******
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
key=value
On the server side I want to read they key,value inside $_POST from my raw POST call, PHP source looks like this:
<?php
header('Access-Control-Allow-Origin: *');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header('Pragma: no-cache');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Content-Type: application/x-www-form-urlencoded');
print_r($_POST);
echo file_get_contents('php://input');
?>
This is the output that I get back from the server:
Array
(
)
POST / HTTP/1.1
Host: ******
Content-Type: application/x-www-form-urlencoded
Content-Length: 9
key=value
Update:
Also did same call to posttestserver.com with same result
Why is the $_POST array empty, what am I doing wrong?
Just a guess, but I'd say the client your using isn't sending the data properly. I'm thinking it's not using the proper CRLF in the request and/or it's cause it's not sending Connection: close. It could also be a misconfiguration in your web server.
I tested it out by myself using the following PHP script:
<?php
$host = 'www.example.com';
if ($fp = fsockopen('ssl://'. $host, 443, $errno, $errstr, 30)) {
$data = 'key=value';
$msg = "POST /test.php HTTP/1.1\r\n";
$msg .= "Host: ".$host."\r\n";
$msg .= "Content-Type: application/x-www-form-urlencoded\r\n";
$msg .= "Connection: close\r\n";
$msg .= "Content-Length: ".strlen($data)."\r\n\r\n";
$msg .= $data."\r\n\r\n";
$response = '';
if ( fwrite($fp, $msg) ) {
echo 'Request:'.PHP_EOL;
echo $msg;
while ( !feof($fp) ) {
$response .= fgets($fp, 4096);
}
echo 'Response:'.PHP_EOL;
echo $response;
}
fclose($fp);
}
And I got the expected response from the exact same PHP script you posted:
Request:
POST /test.php HTTP/1.1
Host: www.example.com
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 9
key=value
Response:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 05 Mar 2015 05:06:53 GMT
Content-Type: application/x-www-form-urlencoded
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.6
Access-Control-Allow-Origin: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 05 Mar 2015 05:06:53 GMT
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
26
Array
(
[key] => value
)
key=value
0
In Safari and Firefox, the response part of the code is not working (i.e. from PHP-->Ajax-->jQuery). The variables definitely make it to the PHP fine (tested using mail() ), so it's probably some small error on my behalf!
jQuery:
$.ajax({
type: "POST",
dataType: "json",
data: postData,
url: "http://www.kudiclub.com/test/login/?loginsub",
success: function(data){
if(data.success==false){
$("#login .error").html(data.reply).show();
$("#login-email").val(data.email);
$("#password").val("");
}else{
window.location = data.ref;
}
}
});
PHP:
$data = array('success' => false, 'reply' => 'Username and password did not match.', 'email' => $email);
print json_encode($data);
return;
Hoping somebody can help. Thanks, Nick.
SOLUTION
After much fiddling about, it turns out that it doesn't see a full URL as a relative path. Changing the url to '/test/login/?loginsub' did the trick.
The server says: Content-Type: text/html. Is not a json document (application/json).
http://www.kudiclub.com/test/login/?loginsub
GET /test/login/?loginsub HTTP/1.1
Host: www.kudiclub.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=060b8210adfb3c67ff792b9471c7fa1c
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Thu, 02 Aug 2012 22:12:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html