Recently I enabled ssl encription on my website. I'm using the PHP SDK to connect with facebook. The problem is that when I navigate throught HTTPS and I try to get the current user with
$facebookUser = $this->facebook->getUser();
the response always is false... if I try the same with HTTP it works perfectly...
Is there some setting that I need to change?
I'm sure that ssl encription is working.
Facebook api didn't throw any exception...
Thank you.
I don't know the solution to your problem, but I'd bet the URL isn't quite right.
To help diagnose this, Try using an http debugging proxy, like Fiddler2. It allows you to construct and submit http(s) requests, and examine the responses. Also you can use it as a proxy to see what http(s) messages get generated and sent by your app, and what responses come back.
Related
I'm using Instagram API by mgp25.
When my network settings change (connect to different Wifi network) login function throws cURL error 6.
I guess, It's because of sessions and cookies stored during previous sessions but I'm not so sure.
I tried to find something on how to reset these sessions or cookies but I was not able to.
Any help on how I can achieve that?
The error message you receive has nothing to do with cookies or session except if you are not taking URL where your request goes from the session or cookies. I highly doubt that.
The error you receive is an indication of a network problem and unreachable host.
So I advise you check your network, turn off/on VPNs.
check if the URL where you are sending your request is correct 100%!
All should be fine if you are sure all network and URLs are correct.
I think the problem is with IG spam system, they start blocking you or challenging your users. When you sign up with one IP but later switch to another IP their system will lock your requests for security and send your request challenge_request. Cookies should be fine, as they do not depend on your IP. Create your users on a server that does not change its IP and you can use them for long time.
I solved this problem by removing proxies.
I am developing an application in IONIC. I am making a $http.get request in Angular JS and its giving me 404 error when I successfully login and trying to load the user profile using the token sent in the authentication header.
It produces error in chrome, although I enabled CORS. Please check the screenshot:
Now if I try the url in POSTMAN, everything is ok. See the screenshot below:
I am stuck with this error, can someone help me?
What Ionic says
There are two ways to solve the issue: The first, and easier, solution is to just allow all origins from your API endpoint. However, we can’t always control the endpoint we are accessing. What we need, then, is a request that does not specify an origin.
We can do this by using a proxy server. Let’s look how the Ionic CLI provides
Reference
What works but isn't completely good to use
A simple solution is just add a CORS plugin into your browser and everything will work.
Plugin Link
Proxy server
If you want a proxy server there is this tutorial:
Link
To start things off, my server is not running PHP in CGI mode. And even if it was I have the proper mod_rewrite stuff setup (this is a Drupal site).
My problem is that when the user/pass are passed via the URL in the form of http://user:pass#example.com then they do not show up in any of $_SERVER's values. Not PHP_AUTH_USER, not in HTTP_AUTHORIZATION, not in REMOTE_USER, or anywhere else within that super global.
If the credentials are passed via the browser's HTTP basic auth dialog or directly using the base64 encoded Authorization: Basic ZXhhbXBsZTpleGFtcGxl HTTP header then everything works as expected, `$_SERVER['HTTP_AUTH_USER'] is filled out and everything is okay. But if the user/pass are passed via the URL then it's a no go.
Any ideas on what could be going on here?
PHP 5.3.10
Apache 2.2.22
tl;dr: Caching of the 401 Unauthorized response faked me into thinking there was a problem with the authentication code when there wasn't, it was just sending the cached authentication failure response over and over again despite correct credentials. Disabling the caching fixed the problem.
For context, this was all for an API. Basically, Drupal was aggressively caching the responses from the API, including the 401 Unauthorized response. But I didn't notice that the reason authorization was failing was due to the caching, I saw two separate problems: responses were being improperly cached and authorization wasn't working in some situations.
That was on production, so in my development environment I disabled caching for the API and then started to troubleshoot the authorization problem, not realizing I had already solved it. As a debugging method, I short-circuited the responses so that the API wouldn't actually check the HTTP Basic Auth credentials, it would just spew debug info ($_SERVER, mainly). Because the server was no longer sending 401 Unauthorized when it should, Safari wasn't packaging up the user and pass in the URL as a HTTP Authorization header. But I hadn't realized that yet.
So, Safari was working with user/pass in the URL on a site that uses Apache for handling HTTP Basic Auth but it wasn't working with my PHP API. This made me think that Apache was eating the authentication in the URL and not sending it along. This idea is what spawned this question.
Thanks to Basic's and Barmar's comments on the question, I realized my error and tested actually sending the 401 Unauthorized status code and low-and-behold, Safari was working with the user/pass in the URL.
I didn't notice the caching while I was developing the API because I was logged into the Drupal site the API is built on and Drupal only does the full page caching for anonymous users. Interestingly, even the Chrome app, Postman, which acts like a separate application, sends your cookies from the main Chrome application. I didn't even realize that I was logged into the site when I sent requests with it.
http://httpd.apache.org/docs/2.2/howto/auth.html
Are you requiring a valid-user? in a block like this.
AuthType Basic
AuthName "By Invitation Only"
# Optional line:
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName
Can you post the relevant httpd.conf block?
I am using HybridAuth to authenticate my social apps through PHP. Using Facebook as an example, I want to send a notification to a user.
When HybridAuth connects to Facebook, it needs to go to the website to allow the connection and then it redirects the browser back to the page that it was on.
The problem is when I am running PHP through AJAX. I'm not sure what is happening but the API call is not run and a notification is not sent. The problem must lie in leaving the AJAX script to connect the social network and not being able to continue with the code.
Any thoughts here?
The problem is when I am running PHP through AJAX. I'm not sure what
is happening but the API call is not run and a notification is not
sent.
Redirection doesn't work on Ajax calls. You have to change the coding style here.
There are already 100s of examples out there on how to write such scripts that provides login using facebook. So I'd consider skipping it, since that'll be really broad.
Please try and then come up with some specific issue, we'll be more than glad to help you out. Also, always consider posting a SSCCE to clarify what exactly you tried.
As #coding_idiot stated, authentication won't work in AJAX calls, since authentication requires redirecting the user to the provider. The backend script will die() in the Redirect function.
For an alternative solution, check this approach: https://stackoverflow.com/a/29891358/1816603
I have a couple of sites on the same server and same domain (site1.domain.com, site2.domain.com...) which talk to each other with http post request. This works fine, but I also have a dev version of all sites that is under basic authentication so you need a username/password to see the sites, and on these the http post request doesn't work.
This seems to be because the server can't authenticate itself which seems kinda weird to me, I don't have much experience with IIS thou so probably have missed something.
Anyone know how to solve this?
Don't know if it makes a difference, but the sites are using php, not asp.net
You will need to send your credentials with your request. I do not know much about drupal_http_request, but if it doesnt have built in methods to add credentials to the request, you can manually add an auth header by base64 encoding your credentials.