I am using HybridAuth to authenticate my social apps through PHP. Using Facebook as an example, I want to send a notification to a user.
When HybridAuth connects to Facebook, it needs to go to the website to allow the connection and then it redirects the browser back to the page that it was on.
The problem is when I am running PHP through AJAX. I'm not sure what is happening but the API call is not run and a notification is not sent. The problem must lie in leaving the AJAX script to connect the social network and not being able to continue with the code.
Any thoughts here?
The problem is when I am running PHP through AJAX. I'm not sure what
is happening but the API call is not run and a notification is not
sent.
Redirection doesn't work on Ajax calls. You have to change the coding style here.
There are already 100s of examples out there on how to write such scripts that provides login using facebook. So I'd consider skipping it, since that'll be really broad.
Please try and then come up with some specific issue, we'll be more than glad to help you out. Also, always consider posting a SSCCE to clarify what exactly you tried.
As #coding_idiot stated, authentication won't work in AJAX calls, since authentication requires redirecting the user to the provider. The backend script will die() in the Redirect function.
For an alternative solution, check this approach: https://stackoverflow.com/a/29891358/1816603
Related
Let me explain a bit what I am trying to achieve. I want to send data from HTML form setup on wordpress which looks like that -> http://prntscr.com/mn87bl when the user enters correctly username/password it should login automatically on our Laravel APP which is on a different URL then the WP website.
I've tried to make an AJAX call to that link but i got a Cross-Origin Read Blocking error. I am not sure it will be possible to be done through cURL because the protocol is HTTPS.
I am lost and I am not sure what solution should i think of in order to make this work.. Anyone familiar with something like that?
Thanks in advance!!
I would avoid making a direct cross-origin request altogether. It is finicky to make it work. Rather, submit username/password to WP backend, then make an authentication request to Laravel site from WP backend (with CURL or similar). If login is successful, return authentication token to the user and redirect him to the Laravel site.
You may consider using Laravel passport to handle tokens https://laravel.com/docs/5.7/passport
Here is a similar question already.
I am trying to simulate a browser like behaviour of my script to login into hotmail using http requests and cookies. I found this link which shows how to login to facebook using http requests in c#.
I am using PHP Pear HTTP_Request2 package to simulate this. I was able to render the login page but I cannot login.
I googled about how to login into Hotmail.com and found someone saying that hotmail is CSRF protected and i cannot achieve this. But i think there might be a solution because i am using a server side script to make the request so there is no chance of csrf. If anyone has done this before, i would highly appreciate some help.
But i think there might be a solution because i am using a server side script to make the request so there is no chance of csrf.
That's irrelevant - Hotmail has no idea that the request comes from a server rather than a browser, and even if they did, chances are they wouldn't want you accessing their systems automatically (as the most common use for that is probably registering accounts en masse to use for spamming).
You'd need to fetch the CSRF token and include it with your subsequent login request, along with the Hotmail session cookies. I'd expect to run into further protections intended to prevent automated access like this (captchas and the like).
I'm working on using the Etsy API and have been trying to complete this online tutorial but haven't been able to load any of the data successfully:
http://www.onextrapixel.com/2012/10/01/custom-products-webpage-layout-via-the-etsy-api/
When I load the page, it creates the cache file but the page is blank.
This is my first venture into APIs and I'm not sure how to troubleshoot what the problem might be. It seems like all of the code with loading it into the PHP webpage should work ok.
I've read about a few issues people have had using the Etsy API beacuse of the json cross-domain policy, so I'm wondering if that might be the issue, or if there might be authentication that is required.
I created a pastebin of the code from the tutorial here:
http://pastebin.com/RVDzjG4B
After checking the docs and the API, I got this.
API requests must be made over HTTPS.
Change your links to use https://.
I have the following code:
$homepage = file_get_contents("https://example.com/specific_page");
echo $homepage;
The browser already has a session of the site that I need access to, so if I open the url in new tab, the page will be properly loaded.
The issue is that the php script, redirects me to "You are not logged in" page. Note that the url is available even after I restart the browser.
Any ideas how to get content without writing a code that logs in to the site?
PHP runs serversided so it has its own session handling, there is no link to your browsers session. You can use cURL and options like CURLOPT_COOKIEJAR to do this. With cURL you can login via PHP and keep the PHP session of the website you are requesting. You will find a bunch of examples in the cURL documentation I linked.
It would be an enormous security issue if a website could gain access to your data on arbitrary external websites. Imagine this: file_get_contents('https://yourbank.com/all-your-details').
The only way you can do this is to ask the user for his/her login credentials on the external website and log in manually. This will be unreliable, though, since the authentication process could change (and it's terribly rude to ask someone for his/her password).
This is generally what web service APIs are used for, but if there's none available for the site you're interested in, you're kind of stuck.
If you already know the login credentials for the website, then you could hardcode them into the script using the approach outlined by Blauesocke, but this won't work if the details are unique to the current user.
For my application I need to know if a Facebook Connect session is valid from the server side.
The Javascript API lets you know if you are connected to Facebook or not, but it seems that this can't be done from the PHP client library.
The scenario where I need it is similar to the following:
Log in to The Run Around using Facebook connect.
Open Facebook in another tab.
Log out from the Facebook tab (not The Run Around).
Go back to the Run Around tab.
Enter a new entry, but deactivate the "Publish this run to Facebook" checkbox.
After submitting the form your run will get published though you logged out before! After that call, the site will log you out because the Javascript API will try to validate your status.
In the 5th step, the application should check with Facebook if the session has expired or not (or use a workaround). The Connect implementation of The Run Around is flawed and shouldn't be used as an example because of this security issue.
While I understand your analysis of the situation, this is actually the correct behaviour.
The Run Around is a Facebook Connect site, which means that it is completely separate from Facebook, as it should be. When you use FB Connect to link your FB account to the Run Around site, it establishes a local session and account for you in the Run Around database. This is technically what you are logged in to The Run Around with. Once this happens, your Facebook session is entirely irrelevant unless The Run Around wants to retrieve information about you from Facebook.
There are options to provide a FB Connect site with closer linkage to Facebook if you want to. See Detecting Connect Status and the FB.init() parameters for more on this. The Run Around has utilized this to force a logout of the local session once it detects that you are no longer logged in to Facebook. However, this only occurs once a page change or action happens and the Javascript runs to verify your FB session status.
The overall effect of how this all works is that Facebook Connect sites retain the ability to manage users locally, and only utilize Facebook features when needed and/or possible.
A friend told me the way to know if a session is valid or not:
http://wiki.developers.facebook.com/index.php/Users.getLoggedInUser
This method uses the session key as a parameter and returns the user id. If the session has expired, an error code is returned.
NOTE:
I won't use this in my application, as Zombat said, my app should keep its own session. I'll do what Digg does: be consistent with the log in and log out procedure by not automatically logging in and out when someone logs on Facebook.
The Run Around tries to do everything automatically, but that is problematic, specially because the app doesn't check the session from the server side.