I have this part of code which i use in order to prevent query submission twice! Now, this is the query i use in order to make it work, and it works.
$form_secret = isset($_POST["form_secret"])?$_POST["form_secret"]:'';
$query = "INSERT INTO coupon (user_id,points) VALUES ('$user_id','$points')";
$result=mysql_query($query);
if ($points == 250)
{
$url="http://testext.i-movo.com/api/receivesms.aspx?".$str_from.$str_zip.$phone.$str_time.$date1.$str_msg;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
else if ($points == 500)
{
$url="http://testext.i-movo.com/api/receivesms.aspx?".$str_from.$str_zip.$phone.$str_time.$date1.$str_msg;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
else
{
echo "We are sorry, you don't possess enough points in order to take the coupon";
}
Perfect up to now!
What i need then is to prevent double submission and hence i'm using this code here, but the problem is, when i put all the above code inside this one, it doesn't work.. anyone please tell me how to unite this two codes? Thanks..
if(isset($_SESSION["FORM_SECRET"]))
{
if(strcasecmp($form_secret, $_SESSION["FORM_SECRET"]) === 0)
{
/*Put your form submission code here after processing the form data, unset the secret key from the session*/
unset($_SESSION["FORM_SECRET"]);
}
else
{
//Invalid secret key
}
}
else
{
//Secret key missing
echo "Form data has already been processed!";
}
$_SESSION["FORM_SECRET"] will not be set by default, so you can never submit the form in the first place.
Reverse the process. Give the form a secret key, and store that secret in the session when the form is submitted. Then, on the next submit, you can check if $_SESSION["FORM_SECRET"] is set (and is the same as the submitted secret), so you'll know that it's the second submit of the same form.
Related
I'm doing a project and one of the requests is to automatically submit a form to a random site, which is specified from time to time
This is my cURL code :
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url_post);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $dati_post);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
Code to get POST parameters :
foreach ($html->find('form[method=post],form[method=POST]') as $forms_post) {
$n_formPOST++;
$formPOST_action = $forms_post->action;
foreach ($forms_post->find('input') as $input) {
if ($input->type == 'text') {
$dati_testo[$input->name] = "text";
} else if ($input->type == 'email' || $input->name == 'email') {
$dati_random[$input->name] = "emailrandom#gmail.com";
} else if ($input->type == 'hidden') {
$dati_random[$input->name] = $input->value;
} else {
$dati_random[$input->name] = "random";
}
}
foreach ($forms_post->find('textarea') as $textarea) {
if ($textarea->disabled != true) {
$dati_testo[$textarea->name] = "text";
}
}
foreach ($forms_post->find('button') as $bottone) {
if ($bottone->type == 'submit') {
$dati_random[$bottone->name] = "random";
}
}
The problem is that in some sites POST is done correctly and I receive the right answer, which corresponds to the answer I would receive by doing it manually.
On other sites, it seems that the form is not submitted.
I have repeatedly checked the URL that I insert in the cURL and also the data that I pass and if I use them manually it works.
I even tried using online tools that perform POST / GET passing the same URL and the same data that I get in my project and it works.
The url_post is made from url host+form action.
I don't understand if there is something wrong in my curl code, considering I'm pretty sure the data I'm passing to the curl are corrects to complete the POST.
Data :
Site URL : http://www.comune.ricigliano.sa.it/
Form Action : index.php?action=index&p=228
Url_post : http://www.comune.ricigliano.sa.it/index.php?action=index&p=228
POST data :
'qs' => 'something to research'
'Submit2' => 'Cerca'
You need to use the curl_exec() function in order to execute the cURL. It takes the $ch param, like such:
// Execute cURL
curl_exec($ch);
// Close cURL
curl_close($ch);
More info here
I have had a successful response from SagePay with a registered transaction.
I have filled in all card details, and i know the data is reaching my notificationurl.
but then it stops. Zero response, and nothing is sent.
To simplify things ive stripped out the code and used hard-coded vars to see if anybody can assist.
ob_clean();
if(isset($_POST) && isset($_POST['Status'])){
if(isset($_POST['Status']) && $_POST['Status'] == 'OK'){
$data['Status'] = 'OK';
$data['RedirectURL'] = 'https://www.metano.com/payments/success';
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,'https://test.sagepay.com/gateway/service/vspserver-register.vsp');
curl_setopt($ch,CURLOPT_POSTFIELDS,"Status=OK\nRedirectURL=https://www.metano/payments/success");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, 0);
$output = curl_exec($ch);
}
}
Data passed to cURL as a string should be URLencoded. See the page for curl_setopt() and search for CURLOPT_POSTFIELDS.
From php5 upwards, usage of http_build_query is recommended:
This is my first time posting here! :)
I have made a php license generation and validation system. The server end communicates with the mysql database and outputs a json result like the following:
{"valid":"true","info":{"id":"1","expire":"1421811123"}}
The problem is on the client server where i have the following script:
<?php
$key_info['key'] = "KEY"];
$serverurl = "http://URLTOSERVER";
$ch = curl_init ($serverurl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $key_info);
$result = curl_exec ($ch);
$result = json_decode($result, true);
if($result['valid'] == true){
echo "valid";
}
else {
die("Invalid Key!");
}
?>
When i run this i get "valid" every time, even when i enter the wrong key - i have tried printing the output and i can confirm that.
Please advise.
Thanks.
Your JSON contains a string true, not a boolean true. Any string in there will pass == true.
if($result['valid'] == 'true'){
I'm trying to use curl to do a simple GET with one parameter called redirect_uri. The php file that gets called prints out a empty string for $_GET["redirect_uri"] it shows red= and it seems like nothing is being sent.
code to do the get
//Get code from login and display it
$ch = curl_init();
$url = 'http://www.besttechsolutions.biz/projects/facebook/testget.php';
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_GET,1);
curl_setopt($ch,CURLOPT_GETFIELDS,"redirect_uri=my return url");
//execute post
print "new reply 2 <br>";
$result = curl_exec($ch);
print $result;
// print "<br> <br>";
// print $fields_string;
die("hello");
the testget.php file
<?php
print "red-";
print $_GET["redirect_uri"];
?>
This is how I usually do get requests, hopefully it will help you:
// create curl resource
$ch = curl_init();
//return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Follow redirects
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
// Set maximum redirects
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
// Allow a max of 5 seconds.
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
// set url
if( count($params) > 0 ) {
$query = http_build_query($params);
curl_setopt($ch, CURLOPT_URL, "$url?$query");
} else {
curl_setopt($ch, CURLOPT_URL, $url);
}
// $output contains the output string
$output = curl_exec($ch);
// Check for errors and such.
$info = curl_getinfo($ch);
$errno = curl_errno($ch);
if( $output === false || $errno != 0 ) {
// Do error checking
} else if($info['http_code'] != 200) {
// Got a non-200 error code.
// Do more error checking
}
// close curl resource to free up system resources
curl_close($ch);
return $output;
In this code, the $params could be an array where the key is the name, and the value is the value.
I have a slight issue whereby the API I'm using for part of my service uses a rsp stat to handle the success / error messages in XML.
So we use a form to post it data and it returns the data like the following example:
<rsp stat="ok">
<success msg="accepted" transactionid="505eeb9c43969d4919c0a6b3f7a4dfbb" messageid="a92eff8d65cf48e9c6e96702a7b07400"/>
</rsp>
The following is most of the script used :
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
// ToDo: Replace the placeholders in brackets with your data.
// For example - curl_setopt($ch, CURLOPT_UsERPWD, 'SMSUser:PassW0rD#');
curl_setopt($ch, CURLOPT_USERPWD, '');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
$xml = curl_exec($ch);
if (curl_error($ch)) {
print "ERROR ". curl_error($ch) ."\n";
}
curl_close($ch);
print_r($xml);
The only problem is that when it is parsed and displayed via the print_r command , it only displays via source code for some strange reason and we have no idea how to display it via the page
Basically we would like a system whereby if rsp stat="ok" then "Sent" else "unsent".
Well, a simple way could be:
if (strpos($xml, 'stat="ok"') !== false) {
echo "sent";
} else {
echo "unsent";
}
http://codepad.org/pkzsfsMk
This would replace print($xml);.
Put that code in a function, and have the function return your $xml.
Assuming you had a function called getRspStat() you could just do like:
echo getRspStat();
If you do something like that:
(see also on CodePad.org)
function xmlRequestWasSuccessful($xml) {
$result = simplexml_load_string($xml);
$result = (string)$result['stat'];
if ($result == 'ok') {
return true;
} else {
return false;
}
}
$xml = '<rsp stat="ok">
<success msg="accepted" transactionid="505eeb9c43969d4919c0a6b3f7a4dfbb" messageid="a92eff8d65cf48e9c6e96702a7b07400"/>
</rsp>';
$stat = xmlRequestWasSuccessful($xml);
you will receive 'true' boolean in the result ($stat variable). Adapt it to support the case when there is an error. Since no details on how it looks when error occurs, this is how you can do it now:
if ($stat) {
// do something on success ('sent' something)
} else {
// do something on success (display 'unsent' message for example)
}