I'm trying to create an interactive web shell that will let you connect and perform actions in a different website using post requests but I also want the shell to update live (this is the "interactive" part).
I came across Keeping session alive with Curl and PHP and W3School PHP & AJAX but can I blend them together? is it possible to maintain a session with ajax? if not, what should I use to do this project?
EDIT:
To make things more clear, What I'm trying to do is:
Go to my website
Put my credentials to google and click a button
background php sends a post request to google's login page with my credentials
I see in my website a Login succeeded alert using ajax
click a button on my website that will retrieve the content of the first email in my mail dir
send a get request to gmail with php and return the data with ajax
Will it work? In 6 I need a live session to view the page and I'm creating the session on step 3, How do I keep the session alive?
Related
Currently there is an IT system with a web interface (login with user ID and password), where you login and then update some data.
Users receive an email from another IT system (written in PHP), with a request to manually enter the data into the first IT system.
I was thinking it may be possible to write a simple robot in PHP which automates this procedure of logging into the first IT system and updating the data.
The robot would be implemented in the second IT system and use the CURL library to login and make the changes (using HTTP, with GET and POST requests).
But to do this I need to understand how the login and data update works in the first IT system, because after the first (simple) login mask which generates a POST request, things get complicated: there is a Javascript dialog and it's a bit difficult to understand what happens next.
Is there a way to log and make visible all HTTP communication with the first IT system? With that I mean obtain the following:
I use a browser to log into the first system and make the edits/changes.
The logger runs in parallel and in the end shows which GET and POST requests and parameters and their values were sent and to which URLs
I will try to explain what I need. I am using API of some website that sends message to phone number. When user writes his phone number into the form of my website, the data is sent to another website. I want the data to be sent without opening new window or link. Is it possible? Let the link be "example.com?number=123456789".
Have you tried using AJAX technology?
AJAX is a developers dream, because you can: Update a web page
without reloading the page Request data from a server - after the
page has loaded Receive data from a server - after the page has
loaded Send data to a server - in the background
http://www.w3schools.com/ajax/
I have a parser for a html page which return a dynamic ics file to use with google calendar. It works fine with the simple_html_dom library and with the file_get_contents while using a local html file for test.
however the page I need to parse is on a TLS server, behind a login page (https).
to access my page I need to login first on a different page and keep the connection alive to parse the second page.
I managed to create a link (modifying the login form from POST to GET) which allow me to log straight in without need for the form (I know that this makes the TLS connection useless for his purpose). I can still use the POST with the login details if I can make this work.
https://selfservice.host.domain.lol/portal?LOGON_LOCALE_POLICY=&StartIndex=0&authenticateWithSecurityQuestion=false&authenticateWithHRMSNewUserSetup=false&username=<username>&password=<stocazzo>
I tried with file_get_conents but when I require the second page the session for the auth is already closed.
I tried as well with fsockopen on tls://selfservice.host.domain.lol on 443 and than request with both POST or GET string taken from the browser BUT the connection just goes in time out.
I'm not a pro user and the last time I've been playing with php and programming the php5 was not even in our dreams.
Any idea on how to solve this?
Thanks
Seems legit, Stocazzo is the main problem.
I'm trying to create a user login system where each user has a password, a username and a level (I.E Admin or Master). What i've done so far:
Created a mySQL database using PHP and created the relevant fields in the tables.
Made a simple Angular JS page.
I'm trying to link the database and page so I can check a user's input in the login inpuot field against all the data stored in the 'passwords' section of my mySQL table.
Any idea how I can achieve this? The most simplest, straight-forward answers please as I'm new to Angular (and mySQL!)
Thanks!
You should not do a login on an angular page since everything data related is handled by javascript which can easily be stopped, debugged and analyzed.
The better way would be:
Create a normal index.php which presents a login form to the user.
On submit check for validity with your database.
If user is valid start a session and header on to the actual angular app page.
The only way to check if this is a valid php session is in your REST calls via angular http service to your database related php scripts.
So every read/write access to your REST api should check, if this user is really allowed to do this db operation in the php script.
If the check fails, header back to the login page or some "Got you!" page.
This way the attackor may be able to see the js code of the angular app (if he gets somehow hold of the actual address) but it's completely useless to him, cause he can never see the actual data as long as he hadn't started a valid php session. And the data is what you want to protect, not the script of the app.
In a nutshell: Mix standard PHP validation AND Angular. Allow haxors to get to your page, but never, ever show them any of your underlying data. As soon as someone tries to mess with your data, kick him out.
This is nearly the same answer i gave here
Search for the marked keywords in both PHP and Angular sites to grasp the idea behind this.
We are making a app with php in which we want to push data to client browser same in the way in which facebook notificaiton sent by facebook. i know about commet and also have used ajax in past but ajax is not efficeint while commet programing is out of my mind.
Sample can seen at ESPNCRICINFO.COM live scorecard which is automatically pushed
by server to brwoser and than append to document without refreshing. Same app we
have to made.
Simply i need to build some code that send data to all the browser which have our webpage opened. No restrictions. Just need to send to all. So there is no need to check to whom data will be push.
I really need it urgently.
can you use JavaScript setTimeout(function name, seconds) ?
In JavaScript function you can generate .post request for some PHP script which can load messages, when the message will load, you can show it via you JavaScript. the timer will call this function for all people.