I am making a web development service which I am trying out at school.
The idea is to be able to run my CMS with a student's content.
I have made version 2 of the yet un-named CMS which allows the user to make a skin compatible with the CMS and easily use it. This part works fine.
The problem is, I said "We can collect site statistics for your website and notify you if there are any issues with your site." in a presentation, In which people seemed interested. What I need to do is be able to access information from the databases of all my client's sites from my administration domain hosted on another server. I could use a file_get_contents(); on my admin site to retrieve a file on the client's site and echo's it. - Which I think is sloppy
Is there any other way, bearing in mind that my host does not allow database access from one site to another!
Thanks, especially for being able to read my overly long sentences!
Hope this helps:
function file_get_data($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
//Set curl to return the data instead of printing it to the browser.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
Related
I'm trying to figure out why this code won't work with a Google Apps Script web app URL, but it will work with a random web API URL?
The 1st code block gets data from the dummy API. The second code block returns nothing from the Google Apps Script web app URL. The only difference in the code is the $url variable value.
The GAS App is set to Web App so anyone, even anonymous can access it (screenshot below). If I go directly to the GAS url GAS Output, it returns the JSON.
The Google Apps Script code is below in third code block.
Any ideas?
Problem solved thanks to Tanaike!! Working code pasted at the bottom of the question.
First Code Block
<?php
// Initiate curl session in a variable (resource)
$curl_handle = curl_init();
$url = "http://dummy.restapiexample.com/api/v1/employees";
// Set the curl URL option
curl_setopt($curl_handle, CURLOPT_URL, $url);
// This option will return data as a string instead of direct output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
// Execute curl & store data in a variable
$curl_data = curl_exec($curl_handle);
curl_close($curl_handle);
// Decode JSON into PHP array
$user_data = json_decode($curl_data);
// Print all data if needed
print_r($user_data);
?>
Second Code Block
<?php
// Initiate curl session in a variable (resource)
$curl_handle = curl_init();
$url = "https://script.google.com/macros/s/AKfycbyWSDzUyFa41fu_6QWP7h8ToklwWysGZsuSPaRnu649DmPNYG8/exec";
// Set the curl URL option
curl_setopt($curl_handle, CURLOPT_URL, $url);
// This option will return data as a string instead of direct output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
// Execute curl & store data in a variable
$curl_data = curl_exec($curl_handle);
curl_close($curl_handle);
// Decode JSON into PHP array
$user_data = json_decode($curl_data);
// Print all data if needed
print_r($user_data);
?>
First Code Block: GAS Code
function doGet(e) {
var data = {
status: 'success',
dataSet: 'Some Info'
};
var output = JSON.stringify(data);
return ContentService.createTextOutput(output).setMimeType(ContentService.MimeType.JSON);
}
Working Code, thank you Tanaike!!
<?php
// Initiate curl session in a variable (resource)
$curl_handle = curl_init();
$url = "https://script.google.com/macros/s/AKfycbyWSDzUyFa41fu_6QWP7h8ToklwWysGZsuSPaRnu649DmPNYG8/exec";
// Set the curl URL option
curl_setopt($curl_handle, CURLOPT_URL, $url);
// was an update from my stack overflow question.
curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true); //https://stackoverflow.com/questions/59780986/trouble-using-curl-with-google-apps-script-web-app-in-a-php-file/59781600#59781600
// This option will return data as a string instead of direct output
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
// Execute curl & store data in a variable
$curl_data = curl_exec($curl_handle);
curl_close($curl_handle);
// Decode JSON into PHP array
$user_data = json_decode($curl_data);
// Print all data if needed
print_r($user_data);
?>
You want to access to Web Apps using php.
You want to know the reason that no values are shown when the script is run.
If my understanding is correct, how about this answer? Please think of this as just one of several possible answers.
Reason of your issue:
In your Web Apps, Execute the app as: and Who has access to the app: are set as User accessing the web app and Anyone, respectively. In this case, when you access to Web Apps, it is required to use your access token. So in your script, an error occurs. But curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true) is used. By this, no values are shown. When curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true) is removed, in your script, the redirect page is retrieved as HTML data.
In order to avoid this issue, how about the following modifications?
Pattern 1:
In your script, it seems that the access token is not used. In this case, please set Execute the app as: and Who has access to the app: as Me and Anyone, even anonymous, respectively. In this case, it is not required to use the access token.
For this, please add the following script to your script for accessing to Web Apps.
curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true);
By above flow, you can access to Web Apps using php script and retrieve the values from Web Apps.
Pattern 2:
If you want to access to Web Apps which deployed with Execute the app as: and Who has access to the app: as User accessing the web app and Anyone, respectively, it is required to use the access token.
For this, please add the following script to your script for accessing to Web Apps.
curl_setopt($curl_handle, CURLOPT_FOLLOWLOCATION, true);
$header = ['Authorization: Bearer ###your access token###'];
curl_setopt($curl_handle, CURLOPT_HTTPHEADER, $header);
Note:
Under above condition, if you, who is the owner of Web Apps, makes other users access to your Web Apps with this condition, please share the GAS project that Web Apps was deployed with the users. By this, the users can access to Web Apps with the user's access token.
Note:
When you modified the script of Web Apps at Google Apps Script side, please redeploy Web Apps as new version. By this, the latest script is reflected to Web Apps. Please be careful this.
References:
Web Apps
Taking advantage of Web Apps with Google Apps Script
cURL Functions
How to do simple google script api with php
If I misunderstood your question and this was not the direction you want, I apologize.
I tried accessing the Apps Script URL in an incognito window and it redirects to a Google login prompt.
When you use the User accessing the web app setting for the Execute the app as option, the script will, not surprisingly, run as the identity of the user accessing it. Therefore, with your current settings, a user needs to be logged in to a Google account to successfully execute the application.
If you switch the Execute the app as option to Me (<you address>), that makes an additional option, Anyone, even anonymous, available for the Who has access to this app option. That's the only way to enable truly anonymous access to the application.
See the permissions documentation for more details.
I want to allow users to upload urls for images (a bit like on this site in the markup). The only difference is that I'm going to store these in my database. I want to ensure nothing too malicious can be done.
After looking around I've seen the recommendation of cURL to check for the content_type as apparently getimagesize() actually downloads the full image, which not only has security implications (apparently - I'm really not an expert) but will therefore be slow.
So far my code is looking like this:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL,$url);
// don't download content
curl_setopt($curl, CURLOPT_NOBODY, 1);
curl_setopt($curl, CURLOPT_FAILONERROR, 1);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
if(curl_exec($curl)===FALSE)
{
curl_close($curl);
return false;
}
$contentType = curl_getinfo($curl, CURLINFO_CONTENT_TYPE); //get content type
curl_close( $curl );
if (strpos($contentType, 'image')){
// valid image
}
However, I'm not entirely sure if this is the correct way to go about doing this. I've also seen lots about sanitising the urls, but not entirely sure what this would entail.
Any help on securing this part of my web app and preparing it for storage would be highly appreciated.
As a quick aside, I'm hoping to do the same for YouTube links so if you have any recommendations for that, I'd appreciate it - though I've not begun research into this yet.
Regards,
Mike
You can also escape special chars and what not using the function below
<?php
$url = htmlspecialchars(addslashes($_POST["inputName"]));
?>
This will add splashes and turn & signs to html entities https://www.w3schools.com/html/html_entities.asp instead so you might need to reverse this process when reading the data from the database.
If you're going to allow users to upload a file by URL, start by downloading the file (either by using cURL, or any other tools you like). Don't bother making an initial request to check the Content-Type -- what matters is ultimately the content of the file, not the headers it happens to served with by the original server.
Once you've downloaded the image, perform any further checks on the local file. Make sure it is an appropriate format, and is not too large, then convert it to your preferred format.
Other notes:
Don't use a fake User-Agent. Use an accurate one which represents what web site is responsible for the request, e.g. "MySite/1.0 http://example.com/". (Other webmasters will thank you for this!)
It's a good idea to do a DNS lookup on the domain before requesting it, to protect your server from DNS rebinding attacks. Make sure that the resulting IP does not point to your private network, or to localhost, before you make an HTTP request.
I am getting back into programming after being gone for 20 years. A lot has changed! lol...
I have a NodeJS server setup on Heroku for my mobile app. I am trying to add an event on my server that will add new user info to Pipedrive.com using their API.
They have only written their API examples in PHP. So I'm trying to translate PHP to Javascript, while also learning NodeJS, PHP, and understanding Pipedrive's API all at the same time.
They pointed me to Tonicdev which has been epically useful in getting my javascript syntax down. Since that uses live Pipedrive data when I add my token, I can do all my testing there too, before trying to upload and test on my actual Nodejs server. So that's handy!
But I'm still trying to get a grip on what's happening in their API code. This is my first time to implement an API by myself.
Here is the page I am trying to translate:
http://support.pipedrive.com/hc/en-us/articles/206679239-Creating-a-deal-using-the-REST-API-and-PHP-full-working-example-code-
I don't need the organization. Just the person and the deal.
In my create_person function, I found this php:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $person);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
My questions are:
What is curl_init and curl_setopt?
Do I need them in my Nodejs script file for this?
If not, what javascript do I use in their place?
Thanks for your patience. Learning a ton here!!!
curl is a PHP library that handles making requests.
In this case curl_init() is initialising a new request and curl_setopt is setting certain options.
You'll want to replace curl with an equivalent library for NodeJS. The request module is pretty good for this, although there's plenty of other options too.
I am managing a beta website in which just a handful of trial users (3 out of 20) are unable to see the content on certain pages. Every users is using a different computer, on different networks. I've made sure that the 3 users have JavaScript enabled, but that does not solve the issue.
Delving deeper, it looks like the lack of content is due to a cURL call failing; for these users, it appears that curl_exec() is either failing, or returning no data, which in turn returns a null result, which is why they are not seeing any info. For these 3 users, this problem exists across 3 separate browsers (Chrome, IE, Firefox). I have verified that it is not due to any user settings, like user ID, since I can log into their accounts from multiple computers on different networks and get a response.
I think the culprit may be the way their machines/networks handle SSL certs. I am not well versed in SSL certs, so please excuse my ignorance or glaring mistakes in some areas. However, process of elimination leads me to believe that the website cert is being rejected by the networks/machines of these 3 users, and because of this the cURL call is failing. My questions are how can I verify that this is the case, what would be the cause if so, and how can I resolve the problem?
The website is built with PHP using the Zend frameowrk.
Here is the relevant bit of code:
$ssl_cert = ZendGA_Global::getOption('curl_ssl_certificate');
$ssl_verify_peer = ZendGA_Global::getOption('curl_ssl_verify_peer');
$ssl_verify_host = ZendGA_Global::getOption('curl_ssl_verify_host');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// related to SSL cerificate verification
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $ssl_verify_host);
curl_setopt($ch, CURLOPT_CAINFO, $ssl_cert);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
Any help would be greatly appreciated.
I've figured out the issue: the cURL call was failing, but only because the URL was incorrect, which was a problem that originalted elsewhere. The URL is created from a base URL plus some parameters, but the function which grabs the base URL was grabbing hostname instead of domain name. Some users log in via VPN, which was causing the hostname to read slightly differently, which is why the URL was wrong. OK, that was rather convoluted, but the issues has been resolved. :-)
I would like to be able to send variables to another website without actually going to the website using php.
I am building an ecommerce website where the shipping warehouse is being outsourced. After the person checks out with their products, I would like to send some variables over to the shipper's website using $_GET['vars']. This is a completely different URL. The problem is, I don't want the person actually going to the shipper's webpage. I just want to ping that info over there.
Is is possible to send Variables via URL to another site without leaving yours?
Yes, you can. the simplest way:
$contents = file_get_contents("http://example.com/some/page.php?var=abcd");
For more advanced features see Curl.
You should be storing all the relevant order info within your database then using cron to trigger a script that will process the unprocessed, this way systematic checks can be made on orders before any request to your outsource site. Dont rely on your users browser to hit a curtain point in the order process to trigger the API call or trust them not to triple click or inject values before submitting.
And I advise to use curl todo your actual request as its faster. Something as simple as:
<?php
function curl_do_api($url){
if (!function_exists('curl_init')){
die('Sorry cURL is not installed!');
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
?>
actually there is a more simpler way of solving this...using ajax
include the jquery header first
refer here
http://api.jquery.com/jQuery.ajax/
Both are right and you should make your choice based on security you're looking for.
cURL will be more secure and you should use it if you do not want to pass some argument in query string. At the same time when you pass data using file_get_cotents("URL?data=value"); you will have limit of about 2k for data being passed.
On the other side cURL will be secure if you use it with https it's much more secure. With cURL you will also be able to post files and emulate form post.