I am working on a dynamic website, which relies heavily on ajax calls. I've noticed that when I load in my front page, and try to access the main search box on this page, it takes 5-7 seconds until the ajax request completes which populates the main search box. I've managed to figure out that delay is being caused by the Google API PHP Library, which starts as soon as the HTML of my page is loaded, to try to authenticate the visiting user. I've benchmarked the script in parts, and figured out, that the problem is in the "verifyIdToken" method of the library, which to complete, takes around 5 seconds.
I've noticed that in the documentation and tutorials, Google says: "The library will automatically download and cache the certificate required for verification, and refresh it if it has expired."
Does anyone know if:
this is the normal behaviour of this method, and it SHOULD take this long to execute?
the caching is the standard behaviour, or do I have to set it somewhere to actually cache the required data?
if it is the standard behaviour, how could I check if the caching actually happens or not?
Here is the full code I am working on, maybe someone spots an error in it:
$client_id='xxxxxx';
$client_secret='xxxxxxxx';
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setApplicationName("Converser Google API");
$client->addScope('https://www.googleapis.com/auth/plus.me');
$client->addScope('https://www.google.com/m8/feeds');
$client->addScope('https://mail.google.com/');
$client->addScope('email');
$client->setRedirectUri('postmessage');
$client->setAccessType("offline");
$client->setApprovalPrompt("force");
if (!isset($_SESSION['google-api']['access_token'])) {
if (isset($_REQUEST['code'])) g_exchangeCode($_REQUEST['code']);
else g_kill(0);
} else {
$accessToken=$_SESSION['google-api']['access_token'];
$client->setAccessToken($accessToken);
$returnData['auth_by']='token';
}
if($client->isAccessTokenExpired()) {
if (isset($_REQUEST['gid']) && !empty($_REQUEST['gid'])) g_refreshToken($_REQUEST['gid']);
else if (isset($_REQUEST['code']) && !empty($_REQUEST['code'])) g_exchangeCode($_REQUEST['code']);
else g_kill(1);
}
$token_data = $client->verifyIdToken()->getAttributes();
It's caused by ipv6, you need to use ipv4 or you get this error .
This commit allowed cURL options to be set through setClassConfig. Setting this should solve it.
'CURLOPT_IPRESOLVE', 'CURL_IPRESOLVE_V4'
If you are using master branch than checkout this.
Related
I have code similar to what's below (it's example code). Using Guzzle, I make multiple calls to the same site to see if a document exists. If the document exists, I save it. As I make each call, the memory usage goes up. Eventually, if the number of requests is high enough, I run out of memory. I used memory_get_peak_usage to track where the memory use was happening, and it's the Guzzle client.
The code works as expected, but I cannot find a way to tell the Guzzle Client to "reset and dump all previous requests". I'm pretty sure it's caching the results in memory, but as I've written them out to a file, I know I won't be needing said results. How do I dump them?
FWIW, my current solution is making a new client duplicating the parameters of the original one, and unsetting it periodically. It works, but it's ugly.
$client = new \Guzzle\Http\Client('some_url');
for ($i=0; $i<10000; $i++)
{
try {
$pdf = $client->get( $pdf_name )->send();
$this->filesystem->put(
$pdf_name,
$pdf->getBody( true )
);
} catch ( ClientErrorResponseException $ex ) {
}
}
Based on a cursorary glance at the source code for the bundle the Guzzle client is making use of Doctrine's filesystem cache. References:
Bundle/Resources/config/cache.xml
Bundle/DependencyInjection/MisdGuzzleExtension.php
Bundle/DependencyInjection/Configuration.php
The Bundle documentation also provides information on Caching. So, in theory to remove/disable the cache, all you have to do is remove the reference to <argument type="service" id="misd_guzzle.cache.filesystem"/> from the the addSubscriber section of your MyBundle/Resources/config/services.xml
First: please forgive me - Im a bit of a novice as some of this...
I have a working test site which is running the php facebook SDK to perform some simple graphAPI requests successfully. Namely read a group's feed, which the user is a member of, and process this and display it back on a webpage.
This all works fine, the problem I have encountered is when trying to perform the same request via a php curl POST to another webpage (on the same domain). It seems that the SDK does not carry the expected session to another page when a post request is formed (see "AUTH ERROR2" in code)...this works fine when the following file is included via a "require_once" but not when a curl is made.
I would much rather do a "curl" as Im finding when a "require_once" is done from a page in a different directory level, Im getting php errors of the page not being found - which is expected.
I may just be tackling this problem all wrong...there may be a simpler way to make sure when files are includes, their correct directly level remains intact, or there may be a way to send over the currently authorised facebook sdk session via a curl post. All of which I have tried to no avail, and I would really appreciate any help or advise on this.
Thank you for your time.
//readGroupPosts.inc.php
function readGroupPosts($postVars)
{
//$access_token = $postVars[0];
// ^-- I'm presuming I need this? I have been experimenting appending it to
// the graphAPI request to no success...
$groupID = $postVars[1];
$limit = $postVars[2];
require_once("authFb.inc.php"); //link to the facebookSDK & other stuff
if ($user) {
try {
$groupFeed = $facebook->api("/$groupID/feed?limit=$limit"); //limit=0 returns all;
$groupFeed = $groupFeed['data']; //removes first tier of array for simpler access
$postArray;
for($i=0; $i<count($groupFeed); $i++)
{
$postArray[$i] = array($groupFeed[$i]['from']['name'], $groupFeed[$i]['message'], $groupFeed[$i]['updated_time'], count($groupFeed[$i]['likes']['data']));
}
return $postArray;
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
return "AUTH ERROR1"; //for testing..
}
}
else
{
return "AUTH ERROR2"; //no user is authenticated i.e. $user == null..
}
}
I would much rather do a "curl" as Im finding when a "require_once" is done from a page in a different directory level, Im getting php errors of the page not being found - which is expected.
I may just be tackling this problem all wrong...
Definitively.
Using cURL as a “workaround” just because you’re not able to find your way around your server’s file system is an outrageous idea. Don’t do it. Stop even thinking about it. Now.
there may be a simpler way to make sure when files are includes, their correct directly level remains intact
Yes – for example, to use absolute paths instead of relative ones. Prefixing the path with the value of $_SERVER['DOCUMENT_ROOT'] for example – that way, once you’ve given the path correctly in respect to this “base path”, it does not matter where you’re requiring the file from, because an absolute path is the same no matter from where you look at it.
(And since this is not a Facebook-related problem at all, but just concerns basics of PHP and server-side programming, I’ll edit the tags.)
I'm building an application that's self-hosted, and I'd like to have some form of licensing to minimize fraudulent downloads/distribution.
Of course, I'm well aware that being self-hosted someone could simply rip out all license features from the source-code, but the con's of using a compiler like Zend Guard or ionCube far outweigh the pro's in my opinion - nonetheless I'd like to have some basic form of license security.
What I originally had in mind to do was: user logs in with license on app -> app posts license to my server -> server sends a response via a HTTP GET request -> app evaluates response, and if license is valid sets a value in a session variable (A), if invalid returns to login screen with an error.
The problem with this is, the evaluation of response/session setting is readily available in a application file, so if the user knows a little PHP and checks in on that source code, they'll realize all they'll need to do is set a session themselves with a particular $_SESSION['_valid_license'] value, and they'll be good to go.
What I was considering doing to make it a little less easy was (if possible) to post PHP back as a response, and then have the application file execute it, for example:
My original code:
$response = $_GET['response'];
if($response == "fjdkuf9") {
start_session();
$_SESSION['_valid_license'] = "YES";
header("Location:" . $rp . "/admin/");
} else {
header("Location:" . $rp . "/login/?err=1");
}
My new concept:
$response = $_POST['response'];
str_replace("\", "", $response);
With the following being posted as response:
start_session();
\$_SESSION[\'_valid_license\'] = \"YES\";
header(\"Location:\" . \$rp . \"/admin/\");
Would that execute $response as actual PHP code after str_replace()? If possible, this would be great, as it would mean evaluation would be done on my server rather than within the self-hosted app itself.
Your second solution is just as insecure as the first. here's what I would do:
Your application POSTS to your server a serial number or some other identifying information.
Your server validates the serial number against the user's account or whatever and returns a unique response.
If that response is successful, you allow the user to continue. Obviously you'd want to implement some sort of caching mechanism here so you're not having to hit you server on every page view.
Putting the responsibility of validation on your server instead of self-hosted code is much more secure. You would need to encrypt the data that is sent BTW so that someone couldn't simply emulate the success response, but you get the idea.
Howdy. I've been tasked with making a Facebook game, but I'm new to Facebook development, so I'm just getting started. Apologies in advance if this is a no-brainer to people.
I'm having trouble following all the examples I see on sites, and I keep running into missing pages in the Facebook documentation when I am trying to read up. I think it's because there's a new version of the PHP Client Library for Facebook, and everything I'm finding is referring to the old client.
For instance, I see this code in a lot of examples:
require 'facebook.php';
$facebook = new Facebook( array( 'appId' => '(id)', 'secret' => '(secret)' ) );
$facebook_account = $facebook->require_login();
...but there's no "require_login()" in the client library provided in the facebook.php file.
From what I can tell, it looks like Facebook has very recently rolled out some new system for development, but I don't see any sample code anywhere to deal with it. The new library comes with an "example.php" file, but it appears to be only for adding "Log in with Facebook" functionality to other sites (what I'm assuming is what they mean by "Facebook Connect" sites), not for just running apps in a Canvas page on Facebook itself.
Specifically, what I need to do is let users visit an application page within Facebook, have it bring up the dialog box allowing them to authorize the app, have it show up in their "games" page, and then have it pass me the relevant info about the user so I can start creating the game. But I can't seem to find any tutorials or examples that show how to do this using the new library. Seems like this should be pretty straightforward, but I'm running into roadblocks.
Or am I missing something about the PHP client library? Should require_login() be working for me, and there's something broken with my implementation, such as having the wrong client library or something? I downloaded from GitHub yesterday, so I'm pretty sure I have the most recent version of the code I have, but perhaps I'm downloading the wrong "facebook.php" file...?
The following is a rewrite of the old require_login function. It exactly duplicates the old functionality.
function facebook_require_login($required_permissions = '')
{
global $facebook; // NOTE GLOBAL FACEBOOK OBJECT, MUST ALREADY BE INSTANTIATED
$user = $facebook->get_loggedin_user();
$has_permissions = true;
if ($required_permissions) {
$facebook->require_frame();
$permissions = array_map('trim', explode(',', $required_permissions));
foreach ($permissions as $permission) {
if (!in_array($permission, $facebook->ext_perms)) {
$has_permissions = false;
break;
}
}
}
if ($user && $has_permissions) return $user;
$facebook->redirect(
$facebook->get_login_url(Facebook::current_url(), $facebook->in_frame(),
$required_permissions));
}
phpfour solution is the only correct one - since it utilizes the new php-sdk library from github.
The best solution is to edit the new facebook.php and add a require_login() function (so all existing pages who rely on it can stay the same)
public function require_login(){
if ( !$this->getSession() ) {
$url = $this->getLoginUrl( array(
'canvas' => 1,
'fbconnect' => 0
));
echo "<script type='text/javascript'>top.location.href = '$url';</script>";
}
else
return $this->getUser();
}
The new php script on git hub is a wraper for facebooks api, graph I presume but I've seen code for fql too so who knows. The forums are currently down and IRC was dead when I went across. I have been looking for the same solution as your require authorisation to call ->api(\me). Since the script extends another class if I remember right, you could try using the reflection class/function to see what methods are available. Hopefully some solid documentation is on its way! Please let me know if you solve this. (Sorry for poor formatting I'm on my mobile)
Well, I have been able to find a solution to the problem of authorizing application using the new PHP SDK. You can check my blog post here.
In short, you will need to get an authenticated session and then you can call the functions to get the logged in user's ID. In this case, you will call the "/me" path from the Graph API.
How would I go about writing a simple PHP bot that could login in and recieve all the cookies sent by the server? ... and then send them back when required?
Any suggestions would be appreciated.
First of all, your question is too broad and lacking in detail to really answer effectively. That said, I'll give it a try.
Not knowing what exactly you mean by "log in", I assume you want the script to be able to post some data to another script via an HTTP request. The CURL Library is good for that. It is able to post data and handle cookies.
Edit: Got ninja'd by Zed. ;)
If for some reason you cannot use the curl extension on your server (extension not installed), you can use a class such as Snoopy which will still allow you to either use the curl binaries or use sockets to retrieve the information.
Snoopy handles cookies.
As for the writing the bot itself, it's just a question of sending the proper requests. Here is an example with Snoopy:
$snoopy = new Snoopy;
// The following needs to reflect the form configuration of the site
$login = array('usr' => 'hi', 'pwd' => 'hello');
if($snoopy->submit('http://example.com/login', $login) === false) {
// output the response code
die($snoopy->response_code . ':' . $snoopy->error);
}
//Request succeeded (doesn't mean we are logged in)
// output the results
echo $snoopy->results;
// Check the results to see if you are logged in and
// Continue using $snoopy.
// It will pass the proper cookies for the next requests.
With the help of the cURL library?