I using curl to post data to another server,
between each posting I use a function to fetch the hidden fields
like "__VIEWSTATE".
it worked like a charm before, but they updated there website,
so i rewriten my code to use the new fieldnams,
but on the last step i gets the error:
"Validation of viewstate MAC failed."
if I do the same step in a webbrowser it works as it should,
I used an addon to fetch what postdata the browser was sending
and compared it with what my script is sending,
and its looks the same.
My knowledge of ASP.NET is minimal,
and all info i can find here about the error
recomendates changes on the ASP-NET-server.
So i hope someone here can guide me to find out why
it in the browser have a 100% successrate,
and curl have 0% successrate on that page,
but using the same functions on previus pages,
works 100% with curl.
postdata the browser was sending:
__EVENTTARGET=
__EVENTARGUMENT=
__VIEWSTATE=%2FwEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1%2BL0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB%2BgWrg%2B8u3EnNPkQGA%3D%3D
__EVENTVALIDATION=%2FwEWFwKGsKOJCgK70ZWTDQLr%2BJWFDQKo1a2oCwKplfT%2BCgLRieqTAwKt6qHvAQK9rKu9AgKh%2F5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK%2BjaGZDQL%2FqY7cBALml%2FqcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk%3D
ctl00%24body%24cmdSave=Spara
ctl00%24body%24txtName=BYGG+%26+ENERGISERVICE+S%C3%96DERT%C3%96RN+AB
ctl00%24body%24txtUserName=5566960836
ctl00%24body%24txtEmail=anonym%40telia.se
ctl00%24body%24txtDepartment=
ctl00%24body%24chkIsActive=on
ctl00%24body%24chkHasStatisticsPerm=on
ctl00%24body%24txtLoginName=5566960836
ctl00%24body%24txtPassword=stackoverflow
ctl00%24body%24chkHasAnnualReportService=on
ctl00%24body%24chkHasCorporationCharterReportService=on
ctl00%24body%24chkHasCertificateOfRegistrationReportService=on
ctl00%24body%24chkHasMonitorService=on
ctl00%24body%24chkHasDigitalSparrkatalogService=on
ctl00%24body%24chkHasPersonkontrollService=on
ctl00%24body%24chkHasCompanyReportService=on
ctl00%24body%24chkHasPersonReportService=on
ctl00%24body%24cbxReportsCompany3=on
ctl00%24body%24cbxReportsPerson3=on
ctl00%24body%24hidNewUser=1
the post data my script is sending
Array
(
[__EVENTTARGET] =>
[__EVENTARGUMENT] =>
[__VIEWSTATE] => /wEPDwUKLTk2MDAxNjU3MA9kFgJmD2QWAgIDD2QWDgIFD2QWAgIBDw8WAh4EVGV4dAUfRsO2cmV0YWdzZ3J1cHBlbiBpIEfDtnRlYm9yZyBBQmRkAgcPDxYEHwAFH0bDtnJldGFnc2dydXBwZW4gaSBHw7Z0ZWJvcmcgQUIeC05hdmlnYXRlVXJsBR1+L0NsaWVudENhcmQuYXNweD9DbGllbnRJRD05OGRkAgkPDxYCHgdWaXNpYmxlZ2RkAgsPDxYEHwAFI0JZR0cgJiBFTkVSR0lTRVJWSUNFIFPDlkRFUlTDllJOIEFCHwEFNH4vQ3VzdG9tZXJPdmVydmlldy5hc3B4P0NsaWVudElEPTk4JkN1c3RvbWVySUQ9MjY0NDBkZAINDw8WAh8CZ2RkAg8PDxYCHwAFE1JlZGlnZXJhIGFudsOkbmRhcmVkZAIVDw8WAh8CaGQWAgIDDxBkZBYBZmQYAgUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFg0FFmN0bDAwJGJvZHkkY2hrSXNBY3RpdmUFHmN0bDAwJGJvZHkkY2hrSGFzU3VwZXJVc2VyUGVybQUfY3RsMDAkYm9keSRjaGtIYXNTdGF0aXN0aWNzUGVybQUkY3RsMDAkYm9keSRjaGtIYXNBbm51YWxSZXBvcnRTZXJ2aWNlBTBjdGwwMCRib2R5JGNoa0hhc0NvcnBvcmF0aW9uQ2hhcnRlclJlcG9ydFNlcnZpY2UFN2N0bDAwJGJvZHkkY2hrSGFzQ2VydGlmaWNhdGVPZlJlZ2lzdHJhdGlvblJlcG9ydFNlcnZpY2UFH2N0bDAwJGJvZHkkY2hrSGFzTW9uaXRvclNlcnZpY2UFK2N0bDAwJGJvZHkkY2hrSGFzRGlnaXRhbFNwYXJya2F0YWxvZ1NlcnZpY2UFJmN0bDAwJGJvZHkkY2hrSGFzUGVyc29ua29udHJvbGxTZXJ2aWNlBSVjdGwwMCRib2R5JGNoa0hhc0NvbXBhbnlSZXBvcnRTZXJ2aWNlBSRjdGwwMCRib2R5JGNoa0hhc1BlcnNvblJlcG9ydFNlcnZpY2UFHWN0bDAwJGJvZHkkY2J4UmVwb3J0c0NvbXBhbnkzBRxjdGwwMCRib2R5JGNieFJlcG9ydHNQZXJzb24zBRBjdGwwMCRtbHRDb250ZW50Dw9kZmR8z6SDM7weB+gWrg+8u3EnNPkQGA==
[__EVENTVALIDATION] => /wEWFwKGsKOJCgK70ZWTDQLr+JWFDQKo1a2oCwKplfT+CgLRieqTAwKt6qHvAQK9rKu9AgKh/5ODDQKqtpTtDQLvv7CxBALa4vDGBQKCuafwDwKP1ZOjBgKsqdXxCgL6hbmQBwK+jaGZDQL/qY7cBALml/qcBgLYg53pDwL108DhBQLfzPnCAQLBr6dM9cK5UIsGFZ5ocJchTM8CHTFigfk=
[ctl00$body$hidNewUser] => 1
[ctl00$body$cmdSave] => Spara
[ctl00$body$txtName] => BYGG & ENERGISERVICE SÖDERTÖRN AB
[ctl00$body$txtUserName] => 5566960836
[ctl00$body$txtEmail] => anonym#telia.se
[ctl00$body$txtDepartment] =>
[ctl00$body$chkIsActive] => 1
[ctl00$body$chkHasStatisticsPerm] => 1
[ctl00$body$txtLoginName] => 5566960836
[ctl00$body$txtPassword] => stackoverflow
[ctl00$body$chkHasAnnualReportService] => 1
[ctl00$body$chkHasCorporationCharterReportService] => 1
[ctl00$body$chkHasCertificateOfRegistrationReportService] => 1
[ctl00$body$chkHasMonitorService] => 1
[ctl00$body$chkHasDigitalSparrkatalogService] => 1
[ctl00$body$chkHasPersonkontrollService] => 1
[ctl00$body$chkHasCompanyReportService] => 1
[ctl00$body$chkHasPersonReportService] => 1
[ctl00$body$cbxReportsCompany3] => 1
[ctl00$body$cbxReportsPerson3] => 1
)
The question:
What client side differences can trigger the "Validation of viewstate MAC failed"-error?
(notice: the postdata above have bean manipulated in 2 ways, first i replaced the password with "stackoverflow", and i also replace the user of email adress with anonym)
Check so see if there's not some javascript changing the values before they're posted, and to be on the save side, set the referrer page too.
used the wrong URL, sent the right postdata from start, just sent it to the wrong place.
so simple, and still so hard to find when you look at the wrong place.
Related
Using the Twilio PHP API, I'm trying to account for unsupported attachments (specifically "text/x-vCard", as sent by Android/Google Fi). When I receive the $_POST vars in my code, they look something like this:
Array
(
[ToCountry] => US
[ToState] => NJ
[SmsMessageSid] => <sms-message-id>
[NumMedia] => 0
[ToCity] => MERCHANTVILLE
[FromZip] => 08401
[SmsSid] => <sms-sid>
[FromState] => NJ
[SmsStatus] => received
[FromCity] => <from-city>
[Body] => This is the body of the message.
[FromCountry] => US
[To] => +xxxxxxxxxxx
[ToZip] => xxxxx
[AddOns] => {"status":"successful","message":null,"code":null,"results":{}}
[NumSegments] => 1
[MessageSid] => <message-sid>
[AccountSid] => <account-sid>
[From] => +xxxxxxxxxxx
[ApiVersion] => 2010-04-01
)
As you can see, there is no evidence of any error or warning that an unsupported file type has been sent. I need to either
Reply to the sender that the attachment is unsupported, or
Find the saved attachment on Twilio and forward it.
I suspect that the attachment IS saved on Twilio, because when I use the $twilio->messages('xxxxxxxxxxxxxxxx')->fetch(), I get a whole lot more info, including:
[subresourceUris] => Array (
[media] => /2010-04-01/Accounts/xxxxxxxxxxxxxxxx/Messages/xxxxxxxxxxxxxxx/Media.json
))
I don't see a documented way to retrieve the resource using PHP, so I'm stuck. I've tried:
$media = $twilio->messages("MMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
->media("MEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX")
->fetch();
This returns some items, but they are similar to the ->fetch() return and I don't see anything that will help me download or read the media.
So after working with Twilio tech support for two weeks, I've learned that Twilio simply drops an attachment with an unsupported mime type.
As to how to get alerted to the error, there is no documented way that I could find from the Twilio docs or working with tech support, but I found a work-around that seems to do the job for now. Here's what I do:
Twilio sends me the incoming message to incoming.php on my server.
I get the attachment count using $_POST['NumMedia'].
Using $_POST['SmsMessageSid'], I query Twilio to retrieve the message stored on the server:
$msg = $client->messages($_POST['SmsMessageSid'])->fetch();
I check the $msg->numMedia value. If it's greater than the $_POST['NumMedia'] value, I know an attachment has been dropped.
If the numbers don't match, I shoot off a reply text to the sender letting them know an attachment was dropped.
I've asked Twilio support to send a note to the developers to add x-vcard as a supported type, since a LARGE number of Android phones still use it.
Thank you to #philnash for help with the problem.
When I request the video resource (using the official PHP library) example:
$youtube->videos->listVideos($ytVideoID, "snippet, contentDetails, status");
the API stopped returning status.publishAt couple months ago.
I am getting only this now:
[status] => Array
(
[uploadStatus] => processed
[privacyStatus] => private
[license] => youtube
[embeddable] => 1
[publicStatsViewable] => 1
)
I need the response to look something like this:
[status] => Array
(
[publishAt] => '2015-07-15T22:45:00'
[uploadStatus] => processed
[privacyStatus] => private
[license] => youtube
[embeddable] => 1
[publicStatsViewable] => 1
)
I did not change anything in my code, the API just stopped returning the publishAt parameter one day. I did not managed to find any reference to any change in the API.
All the videos I am trying to load, have status: scheduled (private), so the publishAt parameter should be there.
Reported this internally. https://code.google.com/p/gdata-issues/issues/detail?id=7447
I will update with solution.
I just don't know why this fails. I have the following which attempts to add tasks to Asana:
$arrayOfIds = array("0123456789", "9876543210");
$followers = implode('", "', $arrayOfIds);
$newtask = $asana->createTask(array(
"workspace" => $workspaceId,
"name" => $name,
"team" => $teamId,
"assignee" => $assignee,
"due_on" => $dueOn,
"completed" => $completed,
"completed_at" => $completedAt,
//"followers" => array("0123456789")
"followers" => array($followers)
));
It works just fine when I put the user ID in manually, like above commented code, however fails when I try to use the array. I get the following error:
Error while trying to connect to Asana, response code: 400
Any help is greatly appreciated.
Without knowing exactly how the $asana lib is implemented (link?) my guess would be that the array is not encoded correctly. If sent via url-encoded post data (as opposed to JSON) the array should be comma-delimited. PHP may do something else like followers[]=1&followers[]=2 when it should be followers=1,2.
Try doing something like "followers" => implode(",", $arrayOfIds), or check the code of the library to see how it encodes arrays. Additionally, including the actual HTTP request/response would help figure out what's going in. There are many ways to get this - your library may include a verbose/debugging mode, but if all else fails you can always use something like Charles Proxy, Wireshark, Ettercap, etc.
Example response:
Array(4
complete => 3147
downloaded => 33
incomplete => 71
name => ubuntu-12.10-desktop-i386.iso
)
From the BT specs it looks like complete refers to the number of seeds and incomplete to the number of peers that are downloading.
But what does downloaded mean? It appears to change everytime I make a new request, just like complete/incomplete
It represents the number of users who downloaded the file completely and are online
Merged with OpenID check_authentication not working.
I'm trying to write my own provider in PHP (JanRain libraries are confusing as all hell, and even phpMyID doesn't document exactly what is happening). I've got authentication working, but when the relying party tries to do check_authentication, it says my server denied it.
This is debugging information I captured during a check_authentication request.
$_GET:
Array
(
[mode] => profile
[username] => jrhodes
[domain] => roket-enterprises.com
)
$_POST:
Array
(
[openid_assoc_handle] => {HMAC-SHA1}{4abdf2f1}{olw8ag==}
[openid_identity] => http://www.roket-enterprises.com/openaccount/openid:jrhodes
[openid_mode] => check_authentication
[openid_response_nonce] => 2009-09-26T10:54:41ZLg0kfQ
[openid_return_to] => http://www.wasab.dk/morten/2007/11/openid/?janrain_nonce=2009-09-26T10%3A54%3A37Z9rZCkP&openid1_claimed_id=http%3A%2F%2Fwww.roket-enterprises.com%2Fopenaccount%2Fopenid%3Ajrhodes
[openid_sig] => Xl94j3IJtfSEQ4oKfova68I8edc=
[openid_signed] => assoc_handle,identity,mode,response_nonce,return_to,signed,sreg.email,sreg.fullname,sreg.nickname
[openid_sreg_email] => jrhodes#roket-enterprises.com
[openid_sreg_fullname] => James Rhodes
[openid_sreg_nickname] => jrhodes
)
Using Specific Mode Endpoint Handler...
Answering check_authentication
Headers:
Content-Type: text/plain;
openid.mode: id_res;
openid_mode: id_res;
sreg.fullname: James Rhodes;
sreg.nickname: jrhodes;
sreg.email: jrhodes#roket-enterprises.com;
is_valid: true;
The GET and POST data is the data that my script is receiving. Everything after "Headers:" are the headers that my script is returning. According to the specifications, I can't see anything wrong with this.
I've been asking on #openid for the last 4 hours and haven't got a response (note to self: post on StackOverflow, then ask IRC). Can anyone help?