I try to submit a form to remote server: http://openconvert.clarin.inl.nl/openconvert/tagger#text, as you can see the required fileds are input and format, and the action url is http://openconvert.clarin.inl.nl/openconvert/text/, so I try the following in php:
<?php
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = #stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
$remoteurl="http://openconvert.clarin.inl.nl/openconvert/text";
$rawdata=array(
'input'=>'test',
'format'=>'text');
$data=http_build_query($rawdata, '', '&'); //flags_, myvar_
var_dump($data);
echo "<br />";
echo do_post_request($remoteurl,$data,'Content-Type: text/html');
?>
I don't know why the server can't find my data?
The output is:
string(26) "input=test&format=text"
<br /><?xml version="1.0" encoding="UTF-8"?>
<error>Insufficient parameters. Required parameters: input, format</error>
There might be other problems, but the & value in http_build_query is definitely wrong. You're not embedding your urlencoded data into an html document, so you should not html-escape the ampersand. Replacing that line with:
http_build_query($rawdata, '', '&');
should be better, but it might not be 100% of your solution.
P.S.: Don't use #, ever. You are suppressing real errors that you should see.
Related
I am using the example function given in this post:
<?php
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = #stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
?>
I also tried a similar approach using file_get_contents(), like this:
$options = array(
'http'=>array(
'method'=>"POST",
'header'=>
"Accept-language: en\r\n".
"Content-type: application/x-www-form-urlencoded\r\n",
'content'=>http_build_query(
array(
'arg1'=>'arg_data_1',
'oper'=>'get_data',
'arg2'=>'arg_data_2',
'id_number'=>'7862'
),'','&'
)
));
$context = stream_context_create($options);
$refno = file_get_contents('/path/to/script/script.php',false,$context);
var_dump($refno);
With both these scripts, the response from the server script is the same, and it is the TEXT of the script.php. The code of the server script is never begin executed, and the text content (the PHP code) of the script is being returned to the original script.
A little strange that it doesn't return all the text, but just certain pieces... I tried making a test script (test.php) that just contains:
<?php
echo '{"a":1,"b":2,"c":3,"d":4,"e":5}';
?>
but that doesn't return anything from the POST request, so I didn't include that. The script.php is a must longer script that does a lot of logic and MySQL queries then returns a JSON object.
The desired output will be to have the PHP code execute and return a JSON object (the way it works with ajax).
What am I doing wrong?
You are trying access script localy.
You must call it like any other external script like
$refno = file_get_contents('http://yourhost/path/to/script/script.php',false,$context);
I'm trying to use PHP to authenticate to a web service by posting to an authentication method with a .txt file containing my username and password formatted in JSON.
It's not working and I'm having a hard time figuring out why not.
Here's the code I'm trying to use. First there's a function I'm using to do the posting. Then I create a variable for my data file and another for my URL for the AUTH service.
<?php
function do_post_request($url, $data, $optional_headers = null)
{
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = #stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
// Let's get logged in and get an authkey
$url = 'http://service.com/auth';
$data= 'creds.txt';
$authkey = do_post_request($url, $data);
print_r($authkey);
?>
The text of my creds.txt file:
{
"auth": {
"username": "myusername",
"password": "mypassword"
}
}
What am I doing wrong? I'm getting an invalid data error. Do I need to use a full URL to the text file? Is the textfile not formatted properly?
The docs for the service only say that I need:
"a JSON-formatted text file with your username and password"
$data= 'creds.txt'; should be like:
$data= file_get_contents('creds.txt');
I don't see you open the creds.txt anywhere, I believe you should send in jSON format.
Without disclosing "service.com" or more details about the website itself it'll be hard to figure out a solution since it can be a number of things but you're never passing the actual data (only the file path).
Try:
$authkey = do_post_request($url, file_get_contents($data));
the function is for checking if an url is pointing to a valid image by checking the meta info in the head section of the given file.
the echo in the below code gives me the correct wrapper data but on my remote server it echoes "ArrayResource id #11" How this is possible?
local:PHP Version 5.3.4
remote server: PHP Version 5.2.9
function isImage($url)
{
$params = array('http' => array(
'method' => 'HEAD'
));
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp)
return false; // Problem with url
$meta = stream_get_meta_data($fp);
if ($meta === false)
{
fclose($fp);
return false; // Problem reading data from url
}
$wrapper_data = $meta["wrapper_data"];
if(is_array($wrapper_data)){
foreach(array_keys($wrapper_data) as $hh){
echo substr($wrapper_data[$hh], 0, 19);//////////////ECHO////////////////////////
if (substr($wrapper_data[$hh], 0, 19) == "Content-Type: image") // strlen("Content-Type: image") == 19
{
fclose($fp);
return true;
}
}
}
fclose($fp);
return false;
}
EDIT: I adapted the function so it checks if 'Content-Type: image' is somewhere in the header of the file. this works cross server...
function isImage($url)
{
$params = array('http' => array(
'method' => 'HEAD'
));
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp)
return false; // Problem with url
$meta = get_headers($url);
if ($meta === false)
{
fclose($fp);
return false; // Problem reading data from url
}
foreach ($meta as $key => $value) {
$pos = strpos($value, 'Content-Type: image');
if($pos!==false){
fclose($fp);
return true;
}
}
fclose($fp);
return false;
}
Refer to this. stream_get_meta_data can return values in several datatypes. On your remote server it is returning an array.
I'm using the php mail function and I have a form with the name field, phone field, email field and message field which is a text area. The email field (along with the name and phone field) displays in the message and isn't used to send an email to that address. The To: fields and subject: fields and From: header are static in the script and is designed to always be the same.
I was recently trying to try email injection to my own script so I can then know if my preventative measures are working or not.
I've tried putting in the fields
%0ATo:mysecondemailaddress#provider.com and also %0ACc:mysecondemailaddress#provider.com, but the email doesn't even send to the proper email address at all. I was just wondering what is the correct method to do this, and also when I am using preventative methods such as identifying strings and either removing them or denying the email from being sent what characters such as % should I also be on the look out for?
It doesn't look like using the form to directly enter the injection works very well. I'm using the following to test out a mailer I'm putting together, it posts the data from the script. The $postData will have to be modified to suit your form. This just BCCs a 'victim':
<?php
$postData =
'contactname=Lord+Sauron&'.
'email=darklord#ciplit.com.au%0ABcc:frodo#ciplit.com.au'.
'&message=Sorry+about+that+whole+ring+thing.+No+hard+feelings%3F';
$url = 'http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/onetrueformmailer.php';
$result = do_post_request($url, $postData);
echo($result);
// http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
function do_post_request($url, $data, $optional_headers = null) {
$params = array('http' => array(
'method' => 'POST',
'content' => $data
));
if ($optional_headers !== null) {
$params['http']['header'] = $optional_headers;
}
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp) {
throw new Exception("Problem with $url, $php_errormsg");
}
$response = #stream_get_contents($fp);
if ($response === false) {
throw new Exception("Problem reading data from $url, $php_errormsg");
}
return $response;
}
?>
I'm trying to send an XML file to a server as part of the POST method for an internal API.
All the PHP documentation points to using the $postVars['file']='#/path/to/file.xml' to actually send the file.
I want to send the file from a string, but it still needs to be sent as a file upload, not a string.
Help?
Take a look at this thread it deals with what you want to do I think: http://www.webmasterworld.com/php/3164561.htm
The last entry might be of help (reformatted by me):
function do_post_request($url, $data, $optional_headers = null) {
$params = array('http' => array(
'method' => 'post',
'content' => $data
));
if ($optional_headers!== null)
$params['http']['header'] = $optional_headers;
$ctx = stream_context_create($params);
$fp = #fopen($url, 'rb', false, $ctx);
if (!$fp)
throw new Exception("Problem with $url, $php_errormsg");
$response = #stream_get_contents($fp);
if ($response === false)
throw new Exception("Problem reading data from $url, $php_errormsg");
return $response;
}
Basically the solution is to make use of the built-in php stream handling for urls.
http://www.sematopia.com/?p=153 and http://www.daniweb.com/forums/thread150772.html might help.