Create a very simple form (no styling required) on your own environment to
integrate into our Webservice API using HTTP POST.
I have written a simple application using Zend Framework 2. The application creates a form that once validated is to be sent to a "Webserver API via HTTP POST" to receive a response.
I would like query the API in the correct way as I am very much a believer in protocols and standards.
My following code works for validating the form:
zf-skeleton/module/MyApplication/src/MyApplication/Controller/IndexController.php
public function submitAction() {
$myForm = new MyForm();
$myForm->get('submit')->setValue('Add');
$request = $this->getRequest();
if ($request->isPost()) {
$myModel = new MyModel();
$myForm->setInputFilter($myModel->getInputFilter());
$myForm->setData($request->getPost());
if ($myForm->isValid()) {
// Form is validated. [1]
Once the form has been validated I would like to know the best way to send the form data to the "Webserver API via HTTP POST" and handle the response
What kind of service am I connecting to?
My request headers:
GET /api?foo=1&bar=2 HTTP/1.1
Host: [theservice]
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: [my cookies]
Connection: keep-alive
The response headers:
HTTP/1.1 200 OK
Date: Tue, 23 Feb 2016 12:58:18 GMT
Content-Type: text/xml
Content-Length: 343
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: [Cookie data]
Vary: Accept-Encoding
Content-Encoding: gzip
Server: cloudflare-nginx
If I put into my browser:
http://theservice/api?foo=1&bar=2
I get the response formatted in XML:
<response>
<validresponse>YES</validresponse>
<foo>21</foo>
<bar>21</bar>
</response>
Is it SOAP , REST, neither or unknown?
Rest can generate response both in xml and json. So we cannot rule out REST necessarily.
It is very REST in my opinion.
I'd like to say that it's unknown. You can't say that REST use only JSON format because it can also use XML. IMO you can say that's endpoint which return some data in XML format.
Related
I am trying to get the source code of a php web page with a proxy, but it is showing not printable characters. The output I got is as follows:
"Date: Tue, 09 Feb 2016 10:29:14 GMT
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1g PHP/5.5.11 mod_perl/2.0.8-dev Perl/v5.16.3
X-Powered-By: PHP/5.5.11
Set-Cookie: PHPSESSID=jmqasueos33vqoe6dbm3iscvg0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 577
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
�TMo�#�G����7�)P�H�H�DS��=U�=�U�]˻��_�Ycl�T�*�>��eg��
����Z�
�V�N�f�:6�ԫ�IkZ77�A��nG�W��ɗ���RGY��Oc`-ο�ƜO��~?�V��$�
�l4�+���n�].W��TLJSx�/|�n��#���>��r����;�l����H��4��f�\ �SY�y��7��"
how to decode this code using python, i tried to use
decd=zlib.decompress(data, 16+zlib.MAX_WBITS)
but is not giving the decoded data
The proxy which i am using is working fine for few other web applications. It showing non printable characters for some web applications, how to decode this?
As I am using proxy I dont want to use get() and urlopen() or any other requests from python program.
One obvious way to do this is to extract the compressed data from the response and decompress it using GzipFile().read(). This method of splitting the response might be prone to failure, but here it goes:
from gzip import GzipFile
from StringIO import StringIO
http = 'HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 09 Feb 2016 12:02:25 GMT\r\nContent-Type: application/json\r\nContent-Length: 115\r\nConnection: close\r\nContent-Encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n\x1f\x8b\x08\x00\xa0\xda\xb9V\x02\xff\xab\xe6RPPJ\xaf\xca,(HMQ\xb2R()*M\xd5Q\x00\x89e\xa4&\xa6\xa4\x16\x15\x03\xc5\xaa\x81\\\xa0\x80G~q\t\x90\xa7\x94QRR\x90\x94\x99\xa7\x97_\x94\xae\x04\x94\xa9\x85(\xcfM-\xc9\xc8\x07\x99\xa0\xe4\xee\x1a\xa2\x04\x11\xcb/\xcaL\xcf\xcc\x03\x89\x19Z\x1a\xe9\x19\x9aY\xe8\x19\xea\x19*q\xd5r\x01\x00\r(\xafRu\x00\x00\x00'
body = http.split('\r\n\r\n', 1)[1]
print GzipFile(fileobj=StringIO(body)).read()
Output
{
"gzipped": true,
"headers": {
"Host": "httpbin.org"
},
"method": "GET",
"origin": "192.168.1.1"
}
If you feel compelled to parse the full HTTP response message, then, as inspired by this answer, here is a rather roundabout way to do it which involves constructing a httplib.HTTPResponse directly from the raw HTTP response, using that to create a urllib3.response.HTTPResponse, and then accessing the decompressed data:
import httplib
from cStringIO import StringIO
from urllib3.response import HTTPResponse
http = 'HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 09 Feb 2016 12:02:25 GMT\r\nContent-Type: application/json\r\nContent-Length: 115\r\nConnection: close\r\nContent-Encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n\x1f\x8b\x08\x00\xa0\xda\xb9V\x02\xff\xab\xe6RPPJ\xaf\xca,(HMQ\xb2R()*M\xd5Q\x00\x89e\xa4&\xa6\xa4\x16\x15\x03\xc5\xaa\x81\\\xa0\x80G~q\t\x90\xa7\x94QRR\x90\x94\x99\xa7\x97_\x94\xae\x04\x94\xa9\x85(\xcfM-\xc9\xc8\x07\x99\xa0\xe4\xee\x1a\xa2\x04\x11\xcb/\xcaL\xcf\xcc\x03\x89\x19Z\x1a\xe9\x19\x9aY\xe8\x19\xea\x19*q\xd5r\x01\x00\r(\xafRu\x00\x00\x00'
class DummySocket(object):
def __init__(self, data):
self._data = StringIO(data)
def makefile(self, *args, **kwargs):
return self._data
response = httplib.HTTPResponse(DummySocket(http))
response.begin()
response = HTTPResponse.from_httplib(response)
print(response.data)
Output
{
"gzipped": true,
"headers": {
"Host": "httpbin.org"
},
"method": "GET",
"origin": "192.168.1.1"
}
Although gzip uses zlib, when Content-Encoding is set to gzip, there is an additional header before the compressed stream which is not properly interpreted by the zlib.decompress call.
Put your data in a file-like object and pass it through the gzip module. For example something like:
mydatafile = cStringIO.StringIO(data)
gzipper = gzip.GzipFile(fileobj=mydatafile)
decdata = gzipper.read()
From my already old http library for Python 2.x
https://github.com/mementum/httxlib/blob/master/httxlib/httxcompression.py
I did R&D on prevention of CRLF injection in php, but i didn't find any solution in mycase, as I'm using a burp suite tool to inject some headers using CRLF characters like the below.
// Using my tool i put CRLF characters at the start of my request url
GET /%0d%0a%20HackedHeader:By_Hacker controller/action
//This generates an header for me like below
HackedHeader:By_Hacker
So i can modify all headers by doing just like above
This tool is just like a proxy server so it catches the request and gives the response and we can modify the response in the way we want.
So i'm just modifying the response by injecting some headers using CRLF characters. Now the Server responds to this request by injecting the CRLF characters in the response.
I'm just worried as header fields like Pragma, Cache-Control, Last-Modified can lead to cache poisoning attacks.
header and setcookie contain mitigations against response/header splitting, But these can't support me in fixing the above issue
Edit
When i request to mysite.com contact us page like below This is the request I captured in my tool like below
Request headers:
GET /contactus HTTP/1.1
Host: mysite.com
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
And i get the Response HTML for the above request
Now for the same request using the tool i'm adding custom headers just like below
Request Headers:
GET /%0d%0a%20Hacked_header:By_Hacker/contactus HTTP/1.1
Host: mysite.com
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Response Headers:
HTTP/1.1 302 Found
Date: Fri, 10 Jul 2015 11:51:22 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Fri, 10 Jul 2015 11:51:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Location: mysite.com
Hacked_header:By_Hacker/..
Vary: Accept-Encoding
Content-Length: 2
Keep-Alive: timeout=5, max=120
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
You can see the injected header Hacked_header:By_Hacker/.. in the above response
Is there anyway in php or apache server configuration to prevent such kind of headers' hack?
Not sure why all the down votes - infact, it is an interesting question :)
I can see that you have tagged CakePHP - which means your app is using Cake Framework... Excellent! If you are using Cake 3 , it is automatically strip off : %0d%0a
Alternatively, where you receive the response header, just strip off %0d%0a and you are good!
Where things like these could be applied - a 3rd party API response or say.... a Webhook response! or a badly sanitized way to handle intl.. example : lang=en to lang=fr where the GET param is directly set as response header... That would not be a wise move!
Ideally, the responses will be as GET and not in the header but either way just strip the %0d%0a and you are good.
Answering your edit.
You can see the injected header Hacked_header:By_Hacker/.. in the above response
That injected header cannot be controlled or stopped, mate. We do not have control over what the other server does.
The question is.. What do you do with the response header?
The answer is... You sanitize it, as ndm said you need to sanitize the input.. What you get as a response IS an input. As soon as you detect %0d%0a, discard the response.
Need code work?
<?php
$cr = '/\%0d/';
$lf = '/\%0a/';
$response = // whatever your response is generated in;
$cr_check = preg_match($cr , $response);
$lf_check = preg_match($lf , $response);
if (($cr_check > 0) || ($lf_check > 0)){
throw new \Exception('CRLF detected');
}
My Response Header is
Access-Control-Allow-Meth... GET, POST
Access-Control-Allow-Orig... *
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection Keep-Alive
Content-Length 81
Content-Type text/html
Date Mon, 26 Aug 2013 06:35:53 GMT
Expires Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive timeout=5, max=99
Pragma no-cache
Server Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
X-Powered-By PHP/5.4.7`
And The Request Header is
Accept application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control no-cache
Connection keep-alive
Content-Length 31
Content-Type application/x-www-form-urlencoded; charset=UTF-8
Cookie USERNAMEEMAIL=shan%40atlos.com; PHPSESSID=8asm46iltcqc9oahsbaaap1c16
Host localhost
Pragma no-cache
Referer http://localhost/test/
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
X-Requested-With XMLHttpRequest`
i am getting error in firefox "Not Well Formed" what is the problem in this.
i am getting the data correctly in json form but it show also error that is very annoying
Java Script Code to Make Request
GetTopNotification
And Uses a Class for make Ajax Request is
Workspace
Your reponse-header is incorrect.
if(headers_sent()) die('Should not output data before json');
header('Content-type: application/json');
echo json_encode($data_for_json);
exit;
Also, nothing should be sent before the json, and nothing after it either.
In response to comment below:
Somewhere in your php-code you're outputting json. However, as stated, your reponse header is incorrect: the Content-type part should be set to application/json; the above code does just that. A line-by line walktrough:
Checks if you did not already send anything and die if you did
Set the Content-type part of your response header to the appropriate mime-type
Output the json (as it currently is, should be fine)
exit;
More update irt comments
You're creating your json string manually: something i can wholeheartedly advice against, use an array or object and then use json_encode to create you json.
I also added output_buffering over your code, just in case.
Give it a try, new code is here
Update three
In work-space.js Replace this line
self.responseValue = self.getValueFromResponse( jqXHR );
With this
if(type != 'xml') self.responseValue = data;
else self.responseValue = self.getValueFromResponse( jqXHR );
save it, clear the cache, and try again.
Okay so I'm getting this weird unexpected response from Internet Explorer, while testing file upload with smarty in php.
Here my smarty code for file upload (view), simplified down to main issue, for those who have not used activecollab the Router::assemble is just forming a url with parameters that are read from the MVC.
(source: iforce.co.nz)
<div id="xero_invoice_manager_api">
{form action=Router::assemble('xero_invoice_manager_api') method=post id="xero_invoice_manager" enctype="multipart/form-data"}
<div class="content_stack_wrapper">
<input type="file" name="file_1" /><br/>
<input type="file" name="file_2" /><br/>
{wrap_buttons}
{submit success_event="api_updated" }Authenticate{/submit}
{/wrap_buttons}
{/form}
</div></div>
And here is my jquery for the view.
App.Wireframe.Events.bind('api_event_finished.content', function(event, settings) {
App.Wireframe.Flash.success(App.lang('Xero Invoice Manager has saved/uploaded your Xero API data.'));
});
Here is my simplified controller (I have found the issue is with smarty and not php).
//api view
function api(){
if ( $this->request->isSubmitted()) {
$this->response->respondWithData(true);
}
}
Here is my controller with the upload occuring..
//api view
function api(){
$this->assignSmarty();
if ($this->request->isSubmitted()) {
$this->XeroAuthUpdate(); //update everything
if(isset($_FILES)){
$file_manager = new XeroFileManager();
$file_manager->dumpFiles($_FILES);
//upload the files
foreach($_FILES as $file){
$file_manager->handle_certificate_file($file);
} //foreach add the headers
if(function_exists('headers_list')){
xeroDebugMode("[Controller] the headers to be sent are... ", headers_list());
} //function check
} //end if
$this->response->respondWithData(array(
// constraints
'key_result' => (bool)$this->checkValue(XeroAuths::getSetting('xero_consumer')),
'secret_result' => (bool)$this->checkValue(XeroAuths::getSetting('xero_secret')),
// files secruity certificates
'publickey' => (bool)file_exists(XERO_PUBLIC_KEY_PATH),
'privatekey' => (bool)file_exists(XERO_PRIVATE_KEY_PATH),
'xero_auth' => (bool)validateXeroAuth(),
//login constraints
'install' => !$this->checkInstallRequirements(),
));
} //close the request
}
Here is a response from firefox with the file_1 and file_2 not empty.
(source: iforce.co.nz)
Here is a response from internet explorer 9 with file_1 and file_2 empty (so far so good).
(source: iforce.co.nz)
Here is the problematic response from internet explorer 9 with file_1 (i.e. publickey.cer) and file_2 (i.e. privatekey.pem) not empty (download index.php huh?).
(source: iforce.co.nz)
My response from activecollab
Hello Micheal,
Sorry for the late reply.
Unfortunately we cannot figure out where the problem is. It looks like everything is written OK but without dealing with the code itself there's pretty much nothing we can do. Dealing with JSON responses in IE works fine across activeCollab (well, not in IE6) since almost everything in aC 3 is based on JSON, which makes your issue specific and probably there's something wrong in your code.
Regards,
Oliver Maksimovic
activeCollab development & support
General and Pre-Sale Questions: 1-888-422-6260 (toll-free) Technical Support: support#activecollab.com
An associate has suggested..
Would suggest trying the following though:
1) open IE -> open the developer tools (press F12) -> Click "Cache" in menu -> click "Clear Browser Cache"... When thats finished click "Cache" and then click "Always refresh from server".
this forces IE to not cache anything, as I've had numerous times where IE was caching ajax requests and causing some very strange behaviour.
let me if this fixes your problem, and if so we can add some php to your ajax response to force all browsers to never cache the response. otherwise if that still doesn't work, probably need to do some JS debugging in IE, to see what's being sent and compare it to your FF firebug results.
headers_sent() comes up blank
but the headers_list (just before respondWithData is called), for Internet Explorer.
2012-08-08 06:50:16 the headers sent from this request is... Array
(
[0] => X-Powered-By: PHP/5.3.8
[1] => Set-Cookie: ac_activeCollab_sid_yhRk0xSZku=1%2Fhkykz0Rw0796e4lDykXekNXvhMMxC8pV4akJPMvA%2F2012-08-08+06%3A50%3A15; expires=Wed, 22-Aug-2012 06:50:15 GMT; path=/
[2] => Content-Type: application/json
[3] => Expires: Mon, 26 Jul 1997 05:00:00 GMT
[4] => Cache-Control: no-cache, no-store, must-revalidate
[5] => Pragma: no-cache
)
Response Headers from Raw tab on Fiddler, on Internet Explorer
HTTP/1.1 200 OK
Date: Sat, 11 Aug 2012 08:08:46 GMT
Server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ac_activeCollab_sid_yhRk0xSZku=11%2Fz8rWxiRchAh8EWinYO2d7a1mmvn2DMKUdse1vfKh%2F2012-08-11+0 8%3A08%3A46; expires=Sat, 25-Aug-2012 08:08:46 GMT; path=/
Content-Length: 107
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
{"key_result":true,"secret_result":true,"publickey":true,"privatekey":true,"xero_auth":true,"install":true}
Response Headers from Raw tab on Firefox.
HTTP/1.1 200 OK
Date: Sat, 11 Aug 2012 08:13:45 GMT
Server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ac_activeCollab_sid_yhRk0xSZku=12%2FO40CbXC9Vfa7OVnderlK2MFnvnpkyeckvO0Ab5NQ%2F2012-08-11+08%3A13%3A45; expires=Sat, 25-Aug-2012 08:13:45 GMT; path=/
Content-Length: 107
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
{"key_result":true,"secret_result":true,"publickey":true,"privatekey":true,"xero_auth":true,"install":true}
Any ideas on what I'm doing wrong with IE? and why Internet Explorer is notifying the user to download index.php (when the fields are active with values). Keeping in mind that no actual uploading is occurring on the server-side (during the initial test, the index.php download request is irrelevant to move_uploaded_file).
It could be that IE specific code has an error, and so the returned content-type is different. If you make an AJAX request for some kind of XML or JSON data and instead get some kind of file HTML error response with a different content-type or disposition than expected, the browser might not know what to do with it.
You might want to find a way to view or log the response (as opposed to request) headers sent by the web server. Usually a prompt for file download comes from a content-disposition header... though in this case it might just be because it's a file coming from an asynchronous request.
You might also want to look at:
IE prompts to open or save json result from server
and
How can I convince IE to simply display application/json rather than offer to download it?
I had a similar issue using pupload and mvc3. I know we use different technology but maybe my issue could help you. I had this:
public JsonResult UploadDoc(string correlationId)
{
try
{
//upload code here
return Json(new { message = "chunk uploaded", name = "test" });
}
catch (Exception ex)
{
return Json(new { message = "chunk uploaded", name = "test" });
}
}
Now everytime I wanted to try upload a file I would get IE asking me to open or download a file which just contained that json response above. If I set my return type as "String" and set my return code as:
return "{\"respCode\" : \"200\", \"Msg\" : \"succussful\",\"mimeType\": \"" + Request.Files[0].ContentType + "\", \"fileSize\": \"" + Request.Files[0].ContentLength + "\"}";
Then the file was successfully uploaded. Response Header for when it failed: "Content-Type: application/json; charset=utf-8" . Response Header for when it works with "String" return type:
"Content-Type: text/html; charset=utf-8". Hope it helps, cheers.
Due to the lack of answers, I think I need to take a different approach in my jquery.. until an actual solution is found.
I've used a simple file_get_contents function but that didn't get the actual contents (output) of that..
I could not figure the error!!!
Code:
<?php
// $url = $_GET['url'];
// $flv_http_path = urlencode($url);
$flv_http_path = 'http://r12.bhartibb-maa1.c.youtube.com/videoplayback?ip=0.0.0.0&sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactor%2Coc%3AU0dXSlBSUl9FSkNNN19ITFZB&algorithm=throttle-factor&itag=34&ipbits=0&burst=40&sver=3&expire=1285074000&key=yt1&signature=3E1E4994130745C392FA479F6ACCE5F40E703A2C.A87325A1DCB178B04FD89A9DEEE811CDCB08157C&factor=1.25&id=8b2fd4fd9ac2f09f&st=lc';
echo "----$flv_http_path------";
$data = file_get_contents($flv_http_path);
echo "$data";
if($data)
echo "data is avail";
else
echo "data not available";
// $new_flv_path = dirname(_FILE_).'/flvs/sample.flv' ;
$new_flv_path = '/home/public_html/temp/sample.flv' ;
if(file_put_contents($new_flv_path, $data))
return $new_flv_path ;
else
{
echo "else part ";
return false;
}
?>
I got that url from the response headers of the youtube video
and the headers which i got is
http://v3.lscache1.c.youtube.com/videoplayback?ip=0.0.0.0&sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactor%2Coc%3AU0dXSlBTVl9FSkNNN19ITVpF&algorithm=throttle-factor&itag=34&ipbits=0&burst=40&sver=3&expire=1285088400&key=yt1&signature=536A81F10AA43A4E015BB05FA182A9A966047C3C.C22269E2E1ECFC2C2DE7A8A45BA2C3DF7CF1EC08&factor=1.25&id=fd61d32bbbd1be5e&
GET /videoplayback?ip=0.0.0.0&sparams=id%2Cexpire%2Cip%2Cipbits%2Citag%2Calgorithm%2Cburst%2Cfactor%2Coc%3AU0dXSlBTVl9FSkNNN19ITVpF&algorithm=throttle-factor&itag=34&ipbits=0&burst=40&sver=3&expire=1285088400&key=yt1&signature=536A81F10AA43A4E015BB05FA182A9A966047C3C.C22269E2E1ECFC2C2DE7A8A45BA2C3DF7CF1EC08&factor=1.25&id=fd61d32bbbd1be5e& HTTP/1.1
Host: v3.lscache1.c.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090616 Firefox/3.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=9CH-GUrsSEQ; __utma=27069237.1455305642.1275034254.1279868001.1280568792.6; __utmz=27069237.1279868001.5.2.utmcsr=google.com|utmccn=(referral)|utmcmd=referral|utmcct=/landing/youtube/lifeinaday/; watched_video_id_list_kvijayhari=7b1d7ce3852b9aca07a985813b83aaa6WxMAAABzCwAAADFuNzRnSExwU0M4cwsAAAB2ajgxNXlQNDFMQXMLAAAARWNjZ0lLdHVDM1lzCwAAAHFHZFo5elhoQ0ZvcwsAAAB0WXMwTXhvbTRjSXMLAAAAYUdBdDZwNGh0c2NzCwAAAGR2V25wMjdBSGZvcwsAAABtNDBhbG1SQzNzSXMLAAAANjhVT1BhTUtwOTBzCwAAADZnaFUxWDBqdVM4cwsAAABiRy0xYTRsUnlEMHMLAAAAWjh5OFFDRFNUQ29zCwAAADY0T0w3NzhBeUlFcwsAAABzQkl1OWpnSWtwQXMLAAAASllYM08wWEEteWdzCwAAAF95WGxpc0g4dkF3cwsAAABzcXZCSXdDMWxtWXMLAAAAaEMzd09EU0U5MHdzCwAAAGZaODhxaHduTVow; auto_translation=b901c47ed36700682e23d64062529856cwQAAAB0cnVl; PREF=f1=50000000&f2=2000&emt=iceberg&ftuc=32&ems=hd720&HIDDEN_MASTHEAD_ID=brO_JIa6RTI; use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; GEO=489e10e70a42c0dfed7513e1895ffe1bcwsAAAAzSU56spxTTJhEAw==; watched_video_id_list=2aa4a241cbdc35137f13b3513ea3e653WwQAAABzCwAAAF9XSFRLN3ZSdmw0cwsAAABpeV9VX1pyQzhKOHMLAAAAd3ZsTUFKLVU2SEVzCwAAAENaQmpoVGQ0WjlN
HTTP/1.0 200 OK
Last-Modified: Sun, 20 Jun 2010 03:59:10 GMT
Content-Type: video/x-flv
Date: Tue, 21 Sep 2010 10:05:34 GMT
Expires: Tue, 21 Sep 2010 16:55:00 GMT
Cache-Control: public, max-age=24566
Content-Length: 4077907
Accept-Ranges: bytes
X-Content-Type-Options: nosniff
Server: gvs 1.0
X-Cache: MISS from localhost.localdomain
X-Cache-Lookup: MISS from localhost.localdomain:3128
Via: 1.0 localhost.localdomain:3128 (squid/2.6.STABLE6)
Connection: keep-alive
Check your URL.
When I put your url in browser it gives nothing so file_get_contents returns an empty string.
You need to check the output of file_get_contents as:
if($data !== false)
instead of
if($data)
I also get a HTTP Response 500. In order to crawl Youtube, you probably would have to spoof the User-Agent of the call and other measures to prevent Youtube from identifying you as a crawler.
It's youtubes way of preventing you from grabbing their flv files automatically.
You can't get the file from your server because the download link (which you got from your browser, or how did you find the flv link) is locked to your browser.
Which is why when someone other than you try to call the link we all get the 403 HTTP forbidden, even with a spoofed user-agent.
Try to use cURL and show the headers, you'll see what I mean.
I get a HTTP 403 at the follwoing Location:
http://r12.bhartibb-maa1.c.youtube.com/videoplayback?ip=0.0.0.0&sparams=id,expire,ip,ipbits,itag,algorithm,burst,factor,oc:U0dXSlBSUl9FSkNNN19ITFZB&algorithm=throttle-factor&itag=34&ipbits=0&burst=40&sver=3&expire=1285074000&key=yt1&signature=3E1E4994130745C392FA479F6ACCE5F40E703A2C.A87325A1DCB178B04FD89A9DEEE811CDCB08157C&factor=1.25&id=8b2fd4fd9ac2f09f&st=lc
Response headers:
Content-Type:text/plain
Date:Tue, 21 Sep 2010 09:59:13 GMT
Proxy-Connection:close
Server:gvs 1.0
Via:1.0 proxy3#XXXXX.sch.uk:8080 (squid/2.6.STABLE19), 1.0 wcsproxy.XXXX.org.uk:8080 (squid/2.6.STABLE19)
X-Cache:MISS from proxy3#XXX.sch.uk, MISS from wcsproxy.XXX.org.uk
X-Content-Type-Options:nosniff
Well, when I tried to load the URL you refer to in $flv_http_path I got:
HTTP/1.1 403 Forbidden
Content-Type: text/plain
Connection: close
X-Content-Type-Options: nosniff
Date: Tue, 21 Sep 2010 09:57:19 GMT
Server: gvs 1.0
In return.
That should give you a clue :)
If that was not the acutal file you were trying to open, and you're not actually trying to scrape youtube you should try wrapping the url in urlencode() edit: But the url is already urlencoded (duh!)
"If you're opening a URI with special characters, such as spaces, you need to encode the URI with urlencode()." -- http://www.php.net/manual/en/function.file-get-contents.php
The link is empty. Fire the link in your browser and check the sourcecode. there is no data.