I am sending a link to my user's email to activate his account by click that link.
example link:
http://test.com/welcome/make_active_user/($user_id)
then I encode $user_id in my controller, after that my link looks like the following one
http://test.com/welcome/make_active_user/17elQOjxrOXDsZdDZVFY7JFrB0TJFojdS+5OTpiIq/XXIaVrDfVWQ7xgOXXqGsURIFe/Udvm/XHrNWtbZXFA2g==
upto this everything is fine. Now i want to decode the $user_id,
but "/" symbol create problem. codeigniter took only those characters before the "/" symbol. How can i get a output of encoded user_id without "/"
I use "$this->encrypt->encode($user_id,$key);" in my controller
Please help
Just pass your encoded $user_id to the php function urlencode() before sending in a link like this:
$user_id_link = urlencode($user_id);
And decode the string you get back from the link with url decode() like this:
$user_id = urldecode($user_id_link);
You need to modify the encrypt class to encode url safe strings.
class MY_Encrypt extends CI_Encrypt
{
function encode($string, $key="", $url_safe=true)
{
$ret = parent::encode($string, $key);
if ($url_safe)
{
$ret = strtr(
$ret,
array(
'+' => '.',
'=' => '-',
'/' => '~'
)
);
}
return $ret;
}
function decode($string, $key="")
{
$string = strtr(
$string,
array(
'.' => '+',
'-' => '=',
'~' => '/'
)
);
return parent::decode($string, $key);
}
}
Then you can create a $url_safe link
Grab the encryption key from your config
$key = $this->config->item('encryption_key');
Create a url safe string by passing true as the third parameter
$encoded_url_safe_string = urlencode($this->encrypt->encode('secret', $key, true));
You will need to use rawurldecode to decode the string
$decoded_url_safe_string = rawurldecode($encoded_url_safe_string, $key);
I faced the same problem in the past, codeigniter encrypt->encode()has disallowed chars for URL but i did the following to solve the problem
first encode() your $user_id
simply replace the disallowed chars from the encrypted string with allowed one.
now before decoding replace those chars back to original one
decode() your $user_id
here is the code:
$this->encrypt->encode($user_id,$key);
$user_id = strtr($user_id,array('+' => '.', '=' => '-', '/' => '~'));
//your email body (link the user id here)
now time for decoding
$user_id = strtr($user_id,array('.' => '+', '-' => '=', '~' => '/'));
$this->encrypt->decode($user_id,$key);
I think your problem isn't with the '/', probably it's with '=' symbol.
To code and decode a url in CodeIgniter you can use any of this php native functions: http://php.net/manual/en/ref.url.php
But to avoid problems when decode the encoded url in CodeIgniter, you can add the special character that you require to use in each case (like '=' in your case) to $config['permitted_uri_chars'] in file application/config/config.php
Try This:
$query = urldecode($query);
$query = urlencode($query);
Related
in Facebook validation documentation
Please note that we generate the signature using an escaped unicode
version of the payload, with lowercase hex digits. If you just
calculate against the decoded bytes, you will end up with a different
signature. For example, the string äöå should be escaped to
\u00e4\u00f6\u00e5.
I'm trying to make a unittest for the validation that I have, but I don't seem to be able to produce the signutre because I can't escape the payload. I've tried
mb_convert_encoding($payload, 'unicode')
But this encodes all the payload, and not just the needed string, as Facebook does.
My full code:
// on the unittest
$content = file_get_contents(__DIR__.'/../Responses/whatsapp_webhook.json');
// trim whitespace at the end of the file
$content = trim($content);
$secret = config('externals.meta.config.app_secret');
$signature = hash_hmac(
'sha256',
mb_convert_encoding($content, 'unicode'),
$secret
);
$response = $this->postJson(
route('whatsapp.webhook.message'),
json_decode($content, true),
[
'CONTENT_TYPE' => 'text/plain',
'X-Hub-Signature-256' => $signature,
]
);
$response->assertOk();
// on the request validation
/**
* #var string $signature
*/
$signature = $request->header('X-Hub-Signature-256');
if (!$signature) {
abort(Response::HTTP_FORBIDDEN);
}
$signature = Str::after($signature, '=');
$secret = config('externals.meta.config.app_secret');
/**
* #var string $content
*/
$content = $request->getContent();
$payloadSignature = hash_hmac(
'sha256',
$content,
$secret
);
if ($payloadSignature !== $signature) {
abort(Response::HTTP_FORBIDDEN);
}
For one, mb_convert_encoding($payload, 'unicode') converts the input to UTF-16BE, not UTF-8. You would want mb_convert_encoding($payload, 'UTF-8').
For two, using mb_convert_encoding() without specifying the source encoding causes the function to assume that the input is using the system's default encoding, which is frequently incorrect and will cause your data to be mangled. You would want mb_convert_encoding($payload, 'UTF-8', $source_encoding). [Also, you cannot reliably detect string encoding, you need to know what it is.]
For three, mb_convert_encoding() is entirely the wrong function to use to apply the desired escape sequences to the data. [and good lord are the google results for "php escape UTF-8" awful]
Unfortunately, PHP doesn't have a UTF-8 escape function that isn't baked into another function, but it's not terribly difficult to write in userland.
function utf8_escape($input) {
$output = '';
for( $i=0,$l=mb_strlen($input); $i<$l; ++$i ) {
$cur = mb_substr($input, $i, 1);
if( strlen($cur) === 1 ) {
$output .= $cur;
} else {
$output .= sprintf('\\u%04x', mb_ord($cur));
}
}
return $output;
}
$in = "asdf äöå";
var_dump(
utf8_escape($in),
);
Output:
string(23) "asdf \u00e4\u00f6\u00e5"
Instead of trying to re-assemble the payload from the already decoded JSON, you should take the data directly as you received it.
Facebook sends Content-Type: application/json, which means PHP will not populate $_POST to begin with - but you can read the entire request body using file_get_contents('php://input').
Try and calculate the signature based on that, that should work without having to deal with any hassles of encoding & escaping.
This does not work:
$jsonDecode = json_decode($jsonData, TRUE);
However if I copy the string from $jsonData and put it inside the decode function manually it does work.
This works:
$jsonDecode = json_decode('{"id":"0","bid":"918","url":"http:\/\/www.google.com","md5":"6361fbfbee69f444c394f3d2fa062f79","time":"2014-06-02 14:20:21"}', TRUE);
I did output $jsonData copied it and put in like above in the decode function. Then it worked. However if I put $jsonData directly in the decode function it does not.
var_dump($jsonData) shows:
string(144) "{"id":"0","bid":"918","url":"http:\/\/www.google.com","md5":"6361fbfbee69f444c394f3d2fa062f79","time":"2014-06-02 14:20:21"}"
The $jsonData comes from a encrypted $_GET variable. To encrypt it I use this:
$key = "SOME KEY";
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$enc = mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_ECB, $iv);
$iv = rawurlencode(base64_encode($iv));
$enc = rawurlencode(base64_encode($enc));
//To Decrypt
$iv = base64_decode(rawurldecode($_GET['i']));
$enc = base64_decode(rawurldecode($_GET['e']));
$data = mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $enc, MCRYPT_MODE_ECB, $iv);
some time there is issue of html entities, for example \" it will represent like this \", so you must need to parse the html entites to real text, that you can do using
html_entity_decode()
method of php.
$jsonData = stripslashes(html_entity_decode($jsonData));
$k=json_decode($jsonData,true);
print_r($k);
You have to use preg_replace for avoiding the null results from json_decode
here is the example code
$json_string = stripslashes(html_entity_decode($json_string));
$bookingdata = json_decode( preg_replace('/[\x00-\x1F\x80-\xFF]/', '', $json_string), true );
Most likely you need to strip off the padding from your decrypted data. There are 124 visible characters in your string but var_dump reports 144. Which means 20 characters of padding needs to be removed (a series of "\0" bytes at the end of your string).
Probably that's 4 "\0" bytes at the end of a block + an empty 16-bytes block (to mark the end of the data).
How are you currently decrypting/encrypting your string?
Edit:
You need to add this to trim the zero bytes at the end of the string:
$jsonData = rtrim($jsonData, "\0");
Judging from the other comments, you could use,
$jsonDecode = json_decode(trim($jsonData), TRUE);
While moving on php 7.1 I encountered with json_decode error number 4 (json syntex error). None of the above solution on this page worked for me.
After doing some more searching i found solution at https://stackoverflow.com/a/15423899/1545384 and its working for me.
//Remove UTF8 Bom
function remove_utf8_bom($text)
{
$bom = pack('H*','EFBBBF');
$text = preg_replace("/^$bom/", '', $text);
return $text;
}
Be sure to set header to JSON
header('Content-type: application/json;');
str_replace("\t", " ", str_replace("\n", " ", $string))
because json_decode does not work with special characters. And no error will be displayed. Make sure you remove tab spaces and new lines.
Depending on the source you get your data, you might need also:
stripslashes(html_entity_decode($string))
Works for me:
<?php
$sql = <<<EOT
SELECT *
FROM `students`;
EOT;
$string = '{ "query" : "' . str_replace("\t", " ", str_replace("\n", " ", $sql)).'" }';
print_r(json_decode($string));
?>
output:
stdClass Object
(
[query] => SELECT * FROM `students`;
)
I had problem that json_decode did not work, solution was to change string encoding to utf-8. This is important in case you have non-latin characters.
Interestingly mcrypt_decrypt seem to add control characters other than \0 at the end of the resulting text because of its padding algorithm. Therefore instead of rtrim($jsonData, "\0")
it is recommended to use
preg_replace( "/\p{Cc}*$/u", "", $data)
on the result $data of mcrypt_decrypt. json_decode will work if all trailing control characters are removed. Pl refer to the comment by Peter Bailey at http://php.net/manual/en/function.mdecrypt-generic.php .
USE THIS CODE
<?php
$json = preg_replace('/[[:cntrl:]]/', '', $json_data);
$json_array = json_decode($json, true);
echo json_last_error();
echo json_last_error_msg();
print_r($json_array);
?>
Make sure your JSON is actually valid. For some reason I was convinced that this was valid JSON:
{ type: "block" }
While it is not. Point being, make sure to validate your string with a linter if you find json_decode not te be working.
Try the JSON validator.
The problem in my case was it used ' not ", so I had to replace it to make it working.
In notepad+ I changed encoding of json file on: "UTF-8 without BOM".
JSON started to work
TL;DR Be sure that your JSON not containing comments :)
I've taken a JSON structure from API reference and tested request using Postman. I've just copy-pasted the JSON and didn't pay attention that there was a comment inside it:
...
"payMethod": {
"type": "PBL" //or "CARD_TOKEN", "INSTALLMENTS"
},
...
Of course after deletion the comment json_decode() started working like a charm :)
Use following function:
If JSON_ERROR_UTF8 occurred :
$encoded = json_encode( utf_convert( $responseForJS ) );
Below function is used to encode Array data recursively
/* Use it for json_encode some corrupt UTF-8 chars
* useful for = malformed utf-8 characters possibly incorrectly encoded by json_encode
*/
function utf_convert( $mixed ) {
if (is_array($mixed)) {
foreach ($mixed as $key => $value) {
$mixed[$key] = utf8ize($value);
}
} elseif (is_string($mixed)) {
return mb_convert_encoding($mixed, "UTF-8", "UTF-8");
}
return $mixed;
}
Maybe it helps someone, check in your json string if you have any NULL values, json_decode will not work if a NULL is present as a value.
This super basic function may help you. I made the NULL in an array just in case I need to add more stuff in the future.
function jsonValueFix($json){
$json = str_replace( array('NULL'),'""',$json );
return $json;
}
I just used json_decode twice and it worked for me
$response = json_decode($apiResponse, true);
$response = json_decode($response, true);
I have to add a GET variable to a url. But the URL might already have GET variables. What's the most efficient way to add this new variable?
Example URLs:
http://domain.com/
http://domain.com/index.html?name=jones
I need to add: tag=xyz:
http://domain.com/?tag=xyz
http://domain.com/index.html?name=jones&tag=xyz
What's the most efficient way to know whether to prepend my string with a ? or &?
Here's a version of the function I have so far:
// where arrAdditions looks like array('key1'=>'value1','key2'=>'value2');
function appendUrlQueryString($url, $arrAdditions) {
$arrQueryStrings = array();
foreach ($arrAdditions as $k=>$v) {
$arrQueryStrings[] = $k . '=' . $v;
}
$strAppend = implode('&',$arrQueryStrings);
if (strpos($url, '?') !== false) {
$url .= '&' . $strAppend;
} else {
$url = '?' . $strAppend;
}
return $url;
}
But, is simply looking for the ? in the existing url problematic? For example, is it possible that a url includes a ? but not actual queries, perhaps as an escaped character?
Take a look at PHP PECL's http_build_url. Said by the doc page:
Build a URL.
The parts of the second URL will be merged into the first according to the flags argument.
Addition:
If you don't have PECL installed, we can jump through some hoops. This approach is somewhat solid right up until we try to rebuild the new URL. Stock PHP (minus PECL) doesn't have a reverse of parse_url(). Making it harder, parse_url() removes some of the grammar from a URL in the resulting parts array so we have to put them back in when we reassemble. http_build_url() can take care of this for us, but if it were available, you wouldn't be reading this portion as it's what I originally recommended. Anyway, here's that code:
<?php
/**
* addQueryParam - given a URL and some new params for its query string, return the modified URL
*
* #see http://us1.php.net/parse_url
* #see http://us1.php.net/parse_str
* #throws Exception on bad input
* #param STRING $url A parseable URL to add query params to
* #param MIXED $input_query_vars - STRING of & separated pairs of = separated key values OR ASSOCIATIVE ARRAY of STRING keys => STRING values
* #return STRING new URL
*/
function addQueryParam ($url, $input_query_vars) {
// Parse new parameters
if (is_string($input_query_vars)) {
parse_str($input_query_vars, $input_query_vars);
}
// Ensure array of parameters now available
if (!is_array($input_query_vars)) {
throw new Exception(__FUNCTION__ . ' expects associative array or query string as second parameter.');
}
// Break up given URL
$url_parts = parse_url($url);
// Test for proper URL parse
if (!is_array($url_parts)) {
throw new Exception(__FUNCTION__ . ' expects parseable URL as first parameter');
}
// Produce array of original query vars
$original_query_vars = array();
if (isset($url_parts['query']) && $url_parts['query'] !== '') {
parse_str($url_parts['query'], $original_query_vars);
}
// Merge new params inot original
$new_query_vars = array_merge($original_query_vars, $input_query_vars);
// replace the original query string
$url_parts['query'] = http_build_query($new_query_vars);
// Put URL grammar back in place
if (!empty($url_parts['scheme'])) {
$url_parts['scheme'] .= '://';
}
if (!empty($url_parts['query'])) {
$url_parts['query'] = '?' . $url_parts['query'];
}
if (!empty($url_parts['fragment'])) {
$url_parts['fragment'] = '#' . $url_parts['fragment'];
}
// Put it all back together and return it
return implode('', $url_parts);
}
// Your demo URLs
$url1 = 'http://domain.com/';
$url2 = 'http://domain.com/index.html?name=jones';
//Some usage (I did this from CLI)
echo $url1, "\n";
echo addQueryParam($url1, 'tag=xyz'), "\n";
echo addQueryParam($url1, array('tag' => 'xyz')), "\n";
echo $url2, "\n";
echo addQueryParam($url2, 'tag=xyz'), "\n";
echo addQueryParam($url2, array('tag' => 'xyz')), "\n";
echo addQueryParam($url2, array('name' => 'foo', 'tag' => 'xyz')), "\n";
To check if parameter already exists you could try parse_str().
This will parse your URL and put variables into an array.
It will give you some issues if you will pass full URL:
$url = "http://domain.com/index.html?name=jones&tag=xyz";
parse_str($url', $arr);
print_r($arr);
will give you
Array ( [http://domain_com/index_html?name] => jones [tag] => xyz )
but with
$url = "name=jones&tag=xyz";
you will get
Array ( [name] => jones [tag] => xyz )
You could explode full URL by '?' and check the second part. After the check you could know how to modify your URL. But I'm not sure this would work all the time.
$url_one = "http://www.stackoverflow.com?action=submit&id=example";
$new_params = "user=john&pass=123";
$final_url = $url_one."&".$new_param
s;
Now $final_url has old url and new params added to it.
I am trying to parse the ampersand value in a PHP string. It keeps returning blank values after I run my code and I am sure it is because of the 'ampersand' value in my variable ($area). I tried htmlspecialchars, html_entity_decode but to no avail. Please see code below:
<?php
/** Create HTTP POST */
$accomm = 'ACCOMM';
$state = '';
$city = 'Ballan';
$area = 'Daylesford & Macedon Ranges';
$page = '10';
$seek = '<parameters>
<row><param>SUBURB_OR_CITY</param><value>'. $city .'</value></row>
<row><param>AREA</param><value>'. $area .'</value></row>
</parameters>';
$postdata = http_build_query(
array(
'DistributorKey' => '******',
'CommandName' => 'QueryProducts',
'CommandParameters' => $seek)
);
$opts = array(
'http' => array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => $postdata)
);
/** Get string output of XML (In URL instance) */
$context = stream_context_create($opts);
$result = file_get_contents('http://national.atdw.com.au/soap/AustralianTourismWebService.asmx/CommandHandler?', false, $context);
?>
Pls how do I fix this
Thanks
XML is not HTML, and vice-versa. You cannot have a bare & in an XML document since it is a special character in XML documents. If you're just defining a static string like this your can replace it with & and move on with your day.
If you need to encode arbitrary strings that may or may not contain & or another XML special char, then you'll need functions like:
function xmlentity_encode($input) {
$match = array('/&/', '/</', '/>/', '/\'/', '/"/');
$replace = array('&', '>', '<', ''', '"');
return preg_replace($match, $replace, $input);
}
function xmlentity_decode($input) {
$match = array('/&/', '/>/', '/</', '/'/', '/"/');
$replace = array('&', '<', '>', '\'', '"');
return preg_replace($match, $replace, $input);
}
echo xmlentity_encode("This is testing & 'stuff\" n <junk>.") . "\n";
echo xmlentity_decode("This is testing & 'stuff" n >junk<.");
Output:
This is testing & 'stuff" n >junk<.
This is testing & 'stuff" n <junk>.
I'm fairly sure that PHP's XML libs do this for you transparently, [and also respecting the character set] but if you're manually constructing your own XML document then you have to ensure that you're aware of things like this.
Here is the url:
http://localhost/test.php?id=http://google.com/?var=234&key=234
And I can't get the full $_GET['id'] or $_REQUEST['d'].
<?php
print_r($_REQUEST['id']);
//And this is the output http://google.com/?var=234
//the **&key=234** ain't show
?>
$get_url = "http://google.com/?var=234&key=234";
$my_url = "http://localhost/test.php?id=" . urlencode($get_url);
$my_url outputs:
http://localhost/test.php?id=http%3A%2F%2Fgoogle.com%2F%3Fvar%3D234%26key%3D234
So now you can get this value using $_GET['id'] or $_REQUEST['id'] (decoded).
echo urldecode($_GET["id"]);
Output
http://google.com/?var=234&key=234
To get every GET parameter:
foreach ($_GET as $key=>$value) {
echo "$key = " . urldecode($value) . "<br />\n";
}
$key is GET key and $value is GET value for $key.
Or you can use alternative solution to get array of GET params
$get_parameters = array();
if (isset($_SERVER['QUERY_STRING'])) {
$pairs = explode('&', $_SERVER['QUERY_STRING']);
foreach($pairs as $pair) {
$part = explode('=', $pair);
$get_parameters[$part[0]] = sizeof($part)>1 ? urldecode($part[1]) : "";
}
}
$get_parameters is same as url decoded $_GET.
While creating url encode them with urlencode
$val=urlencode('http://google.com/?var=234&key=234')
Click here
and while fetching decode it wiht urldecode
You may have to use urlencode on the string 'http://google.com/?var=234&key=234'
I had a similar problem and ended up using parse_url and parse_str, which as long as the URL in the parameter is correctly url encoded (which it definitely should) allows you to access both all the parameters of the actual URL, as well as the parameters of the encoded URL in the query parameter, like so:
$get_url = "http://google.com/?var=234&key=234";
$my_url = "http://localhost/test.php?id=" . urlencode($get_url);
function so_5645412_url_params($url) {
$url_comps = parse_url($url);
$query = $url_comps['query'];
$args = array();
parse_str($query, $args);
return $args;
}
$my_url_args = so_5645412_url_params($my_url); // Array ( [id] => http://google.com/?var=234&key=234 )
$get_url_args = so_5645412_url_params($my_url_args['id']); // Array ( [var] => 234, [key] => 234 )
you use bad character like ? and & and etc ...
edit it to new code
see this links
http://antoine.goutenoir.com/blog/2010/10/11/php-slugify-a-string/
http://sourcecookbook.com/en/recipes/8/function-to-slugify-strings-in-php
also you can use urlencode
$val=urlencode('http://google.com/?var=234&key=234')
The correct php way is to use parse_url()
http://php.net/manual/en/function.parse-url.php
(from php manual)
This function parses a URL and returns an associative array containing any of the various components of the URL that are present.
This function is not meant to validate the given URL, it only breaks it up into the above listed parts. Partial URLs are also accepted, parse_url() tries its best to parse them correctly.
if (isset($_SERVER['HTTPS'])){
echo "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]$_SERVER[QUERY_STRING]";
}else{
echo "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]$_SERVER[QUERY_STRING]";
}