I am trying to get up and running using Paypal's NVP interface for my website to process my custom cart. I've downloaded their sample code (here) and have tried to run unaltered without success. Any function I choose (e.g. express checkout sale) gives the curl_errno() error: Error Number: 3 Error Message: No URL set! I have tried this both on localhost and on my hosted site.
hash_call() is the function processing the call to Paypal. The code which calls hash_call() is also included below.Their code that sets urls is:
$returnURL =urlencode($url.'/ReviewOrder.php?currencyCodeType='.$currencyCodeType.'&paymentType='.$paymentType);
$cancelURL =urlencode("$url/SetExpressCheckout.php?paymentType=$paymentType" );
I thought the cancelURL line looked off and modified it to:
$cancelURL =urlencode($url.'/SetExpressCheckout.php?paymentType='.$paymentType );
Neither have worked. Any help would be appreciated. I've never worked with curl.
require_once 'CallerService.php';
session_start();
if(! isset($_REQUEST['token'])) {
/* The servername and serverport tells PayPal where the buyer
should be directed back to after authorizing payment.
In this case, its the local webserver that is running this script
Using the servername and serverport, the return URL is the first
portion of the URL that buyers will return to after authorizing payment
*/
$serverName = $_SERVER['SERVER_NAME'];
$serverPort = $_SERVER['SERVER_PORT'];
$url=dirname('http://'.$serverName.':'.$serverPort.$_SERVER['REQUEST_URI']);
$currencyCodeType=$_REQUEST['currencyCodeType'];
$paymentType=$_REQUEST['paymentType'];
$personName = $_REQUEST['PERSONNAME'];
$SHIPTOSTREET = $_REQUEST['SHIPTOSTREET'];
$SHIPTOCITY = $_REQUEST['SHIPTOCITY'];
$SHIPTOSTATE = $_REQUEST['SHIPTOSTATE'];
$SHIPTOCOUNTRYCODE = $_REQUEST['SHIPTOCOUNTRYCODE'];
$SHIPTOZIP = $_REQUEST['SHIPTOZIP'];
$L_NAME0 = $_REQUEST['L_NAME0'];
$L_AMT0 = $_REQUEST['L_AMT0'];
$L_QTY0 = $_REQUEST['L_QTY0'];
$L_NAME1 = $_REQUEST['L_NAME1'];
$L_AMT1 = $_REQUEST['L_AMT1'];
$L_QTY1 = $_REQUEST['L_QTY1'];
/* The returnURL is the location where buyers return when a
payment has been succesfully authorized.
The cancelURL is the location buyers are sent to when they hit the
cancel button during authorization of payment during the PayPal flow
*/
$returnURL =urlencode($url.'/ReviewOrder.php?currencyCodeType='.$currencyCodeType.'&paymentType='.$paymentType);
$cancelURL =urlencode($url.'/SetExpressCheckout.php?paymentType='.$paymentType );
/* Construct the parameter string that describes the PayPal payment
the varialbes were set in the web form, and the resulting string
is stored in $nvpstr
*/
$itemamt = 0.00;
$itemamt = $L_QTY0*$L_AMT0+$L_AMT1*$L_QTY1;
$amt = 5.00+2.00+1.00+$itemamt;
$maxamt= $amt+25.00;
$nvpstr="";
/*
* Setting up the Shipping address details
*/
$shiptoAddress = "&SHIPTONAME=$personName&SHIPTOSTREET=$SHIPTOSTREET&SHIPTOCITY=$SHIPTOCITY&SHIPTOSTATE=$SHIPTOSTATE&SHIPTOCOUNTRYCODE=$SHIPTOCOUNTRYCODE&SHIPTOZIP=$SHIPTOZIP";
$nvpstr="&ADDRESSOVERRIDE=1$shiptoAddress&L_NAME0=".$L_NAME0."&L_NAME1=".$L_NAME1."&L_AMT0=".$L_AMT0."&L_AMT1=".$L_AMT1."&L_QTY0=".$L_QTY0."&L_QTY1=".$L_QTY1."&MAXAMT=".(string)$maxamt."&AMT=".(string)$amt."&ITEMAMT=".(string)$itemamt."&CALLBACKTIMEOUT=4&L_SHIPPINGOPTIONAMOUNT1=8.00&L_SHIPPINGOPTIONlABEL1=UPS Next Day Air&L_SHIPPINGOPTIONNAME1=UPS Air&L_SHIPPINGOPTIONISDEFAULT1=true&L_SHIPPINGOPTIONAMOUNT0=3.00&L_SHIPPINGOPTIONLABEL0=UPS Ground 7 Days&L_SHIPPINGOPTIONNAME0=Ground&L_SHIPPINGOPTIONISDEFAULT0=false&INSURANCEAMT=1.00&INSURANCEOPTIONOFFERED=true&CALLBACK=https://www.ppcallback.com/callback.pl&SHIPPINGAMT=8.00&SHIPDISCAMT=-3.00&TAXAMT=2.00&L_NUMBER0=1000&L_DESC0=Size: 8.8-oz&L_NUMBER1=10001&L_DESC1=Size: Two 24-piece boxes&L_ITEMWEIGHTVALUE1=0.5&L_ITEMWEIGHTUNIT1=lbs&ReturnUrl=".$returnURL."&CANCELURL=".$cancelURL ."&CURRENCYCODE=".$currencyCodeType."&PAYMENTACTION=".$paymentType;
/* Make the call to PayPal to set the Express Checkout token
If the API call succeded, then redirect the buyer to PayPal
to begin to authorize payment. If an error occured, show the
resulting errors
*/
$resArray=hash_call("SetExpressCheckout",$nvpstr);
*********************************************************************************
/**
* hash_call: Function to perform the API call to PayPal using API signature
* #methodName is name of API method.
* #nvpStr is nvp string.
* returns an associtive array containing the response from the server.
*/
function hash_call($methodName,$nvpStr)
{
//declaring of global variables
global $API_Endpoint,$version,$API_UserName,$API_Password,$API_Signature,$nvp_Header, $subject, $AUTH_token,$AUTH_signature,$AUTH_timestamp;
// form header string
$nvpheader=nvpHeader();
//setting the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$API_Endpoint);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
//turning off the server and peer verification(TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
//WARNING: this would prevent curl from detecting a 'man in the middle' attack
$ch = curl_init();
//curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
//curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt ($ch, CURLOPT_CAINFO, "c:/xampp/apache/cacert.pem");
//in case of permission APIs send headers as HTTPheders
if(!empty($AUTH_token) && !empty($AUTH_signature) && !empty($AUTH_timestamp))
{
$headers_array[] = "X-PP-AUTHORIZATION: ".$nvpheader;
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers_array);
curl_setopt($ch, CURLOPT_HEADER, false);
}
else
{
$nvpStr=$nvpheader.$nvpStr;
}
//if USE_PROXY constant set to TRUE in Constants.php, then only proxy will be enabled.
//Set proxy name to PROXY_HOST and port number to PROXY_PORT in constants.php
if(USE_PROXY)
curl_setopt ($ch, CURLOPT_PROXY, PROXY_HOST.":".PROXY_PORT);
//check if version is included in $nvpStr else include the version.
if(strlen(str_replace('VERSION=', '', strtoupper($nvpStr))) == strlen($nvpStr)) {
$nvpStr = "&VERSION=" . urlencode($version) . $nvpStr;
}
$nvpreq="METHOD=".urlencode($methodName).$nvpStr;
//setting the nvpreq as POST FIELD to curl
curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
//getting response from server
$response = curl_exec($ch);
//convrting NVPResponse to an Associative Array
$nvpResArray=deformatNVP($response);
$nvpReqArray=deformatNVP($nvpreq);
$_SESSION['nvpReqArray']=$nvpReqArray;
if (curl_errno($ch)) {
// moving to display page to display curl errors
$_SESSION['curl_error_no']=curl_errno($ch) ;
$_SESSION['curl_error_msg']=curl_error($ch);
$location = "APIError.php";
header("Location: $location");
} else {
//closing the curl
curl_close($ch);
}
return $nvpResArray;
}
Try this class,
<?php
class ZC_Paypal
{
public $API_USERNAME;
public $API_PASSWORD;
public $API_SIGNATURE='xxxxxxxxxxxxxxxxxxxxxxxxxxxx';
public $API_ENDPOINT;
public $USE_PROXY;
public $PROXY_HOST;
public $PROXY_PORT;
public $PAYPAL_URL;
public $VERSION;
public $NVP_HEADER;
public $SSLCERTPATH;
function __construct($PROXY_HOST, $PROXY_PORT, $IS_ONLINE = FALSE, $USE_PROXY = FALSE, $VERSION = '51.0', $api_url)
{
/*$this->API_USERNAME = $API_USERNAME;
$this->API_PASSWORD = $API_PASSWORD;
$this->API_SIGNATURE = $API_SIGNATURE;*/
//$this->API_ENDPOINT = 'https://api-3t.sandbox.paypal.com/nvp';
$this->API_ENDPOINT = $api_url;
$this->USE_PROXY = $USE_PROXY;
if($this->USE_PROXY == true)
{
$this->PROXY_HOST = $PROXY_HOST;
$this->PROXY_PORT = $PROXY_PORT;
}
else
{
$this->PROXY_HOST = '127.0.0.1';
$this->PROXY_PORT = '808';
}
if($IS_ONLINE == FALSE)
{
$this->PAYPAL_URL = 'https://api-3t.sandbox.paypal.com/nvp';
}
else
{
$this->PAYPAL_URL = 'https://api-3t.paypal.com/nvp';
}
$this->VERSION = $VERSION;
}
function hash_call($methodName,$nvpStr,$uname,$pwd,$api_url,$sslcerpath)
{
$this->API_ENDPOINT = $api_url;
$this->API_PASSWORD = $pwd;
$this->API_USERNAME = $uname;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$this->API_ENDPOINT);
//curl_setopt($ch, CURLOPT_SSLCERT, $sslcerpath);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POST, 1);
if($this->USE_PROXY)
{
curl_setopt ($ch, CURLOPT_PROXY, $this->PROXY_HOST.":".$this->PROXY_PORT);
}
$nvpreq="METHOD=".urlencode($methodName)."&VERSION=".urlencode($this->VERSION)."&PWD=".urlencode($this->API_PASSWORD)."&USER=".urlencode($this->API_USERNAME)."&SIGNATURE=".urlencode($this->API_SIGNATURE).$nvpStr;
curl_setopt($ch,CURLOPT_POSTFIELDS,$nvpreq);
$response = curl_exec($ch);
$nvpResArray=$this->deformatNVP($response);
$nvpReqArray=$this->deformatNVP($nvpreq);
$_SESSION['nvpReqArray']=$nvpReqArray;
if (curl_errno($ch))
{
die("CURL send a error during perform operation: ".curl_errno($ch));
}
else
{
curl_close($ch);
}
return $nvpResArray;
}
function deformatNVP($nvpstr)
{
$intial=0;
$nvpArray = array();
while(strlen($nvpstr))
{
$keypos= strpos($nvpstr,'=');
$valuepos = strpos($nvpstr,'&') ? strpos($nvpstr,'&'): strlen($nvpstr);
$keyval=substr($nvpstr,$intial,$keypos);
$valval=substr($nvpstr,$keypos+1,$valuepos-$keypos-1);
$nvpArray[urldecode($keyval)] =urldecode( $valval);
$nvpstr=substr($nvpstr,$valuepos+1,strlen($nvpstr));
}
return $nvpArray;
}
function __destruct()
{
}
}
and call above class like,
....
$currencyCode="USD";
//$paymentAction = urlencode("Sale");
$paymentAction = urlencode("Authorization");
$nvpRecurring = '';
$methodToCall = 'doDirectPayment';
$nvpstr='&PAYMENTACTION='.$paymentAction.'&AMT='.$amount.'&CREDITCARDTYPE='.$creditCardType.'&ACCT='.$creditCardNumber.'&EXPDATE='.$padDateMonth.$expDateYear.'&CVV2='.$cvv2Number.'&FIRSTNAME='.$firstName.'&LASTNAME='.$lastName.'&STREET='.$address1.'&CITY='.$city.'&STATE='.$state.'&ZIP='.$zip.'&COUNTRYCODE='.$country.'&CURRENCYCODE='.$currencyCode.$nvpRecurring;
$paypalPro = new ZC_Paypal( '', '', FALSE, FALSE,'51.0',Zend_Registry::get("admin_paypal_pro_url"));
$resArray = $paypalPro->hash_call($methodToCall,$nvpstr,Zend_Registry::get("admin_paypal_user_name"), Zend_Registry::get("admin_paypal_password"),Zend_Registry::get("admin_paypal_pro_url"),Zend_Registry::get("admin_paypal_ssl_path"));
$ack = strtoupper($resArray["ACK"]);
//echo '<pre>'; print_r($resArray); exit;
if($ack!="SUCCESS")
{
if(!in_array($resArray["L_LONGMESSAGE0"], array('Internal Error', 'CURL send a error during perform operation: 6')))
echo $resArray["L_LONGMESSAGE0"];
else
echo 'Transaction Failed, Try again later.';
}
else{
// if success .....
}
pass credential in respective variable,i am using zend, so try to use core php here...
Related
I am using paypal payment gateway (currently using sandbox), its working but some time on success auto return showing blank screen?? response url is pretty good, but some times after auto return its showing blank screen.
My code:
after success auto return redirect properly:
http://domainname/client/paypal/success?amt=9.24&cc=USD&item_name=Weight%20Loss%20Diet%20Program&st=Completed&tx=9CX31984H5808205U
after success auto return redirect properly but showing website blank screen:
http://domainname/client/paypal/success?amt=9.24&cc=USD&item_name=Weight%20Loss%20Diet%20Program&st=Completed&tx=9CX31984H5808205U
everything is looking good with code & return url, then why after return sometimes website showing blank screen??
My Code Snippet to execute paypal response:
switch($action){
case "success":
if(isset($_GET['tx']))
{
$tx_token = $_GET['tx'];
$req = 'cmd=_notify-synch';
$auth_token = PDT_IDENTITY_TOKEN;
$req .= "&tx=$tx_token&at=$auth_token";
$ch = curl_init();
if($sandbox==0){
curl_setopt($ch, CURLOPT_URL, "https://www.paypal.com/cgi-bin/webscr"); //Live
}else{
curl_setopt($ch, CURLOPT_URL, "https://www.sandbox.paypal.com/cgi-bin/webscr"); //Sandbox
}
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
//set cacert.pem verisign certificate path in curl using 'CURLOPT_CAINFO' field here,
//if your server does not bundled with default verisign certificates.
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
if($sandbox==0){
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Host: www.paypal.com")); //Live
}else{
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Host: www.sandbox.paypal.com")); //Sandbox
}
$res = curl_exec($ch);
curl_close($ch);
$lines = explode("\n", trim($res));
$keyarray = array();
if (strcmp ($lines[0], "SUCCESS") == 0)
{
for ($i = 1; $i < count($lines); $i++)
{
$temp = explode("=", $lines[$i],2);
$keyarray[urldecode($temp[0])] = urldecode($temp[1]);
}
$invoice_id = $keyarray['invoice'];
$transaction_id = $keyarray['txn_id'];
$payment_status = $keyarray['payment_status'];
if($payment_status=='Completed')
{
........
}
}
}
....
break;
....
}
During PayPal operations, the variables you are using are part of PDT (Paypal data transfer), which is PayPal a/c feature which needs to be enabled. Please check your PayPal a/c PDT settings once.
I want to get an Authentication Token for the Microsoft Translator API. This is my code:
<?php
//1. initialize cURL
$ch = curl_init();
//2. set options
//Set to POST request
curl_setopt($ch, CURLOPT_POST,1);
// URL to send the request to
curl_setopt($ch, CURLOPT_URL, 'https://api.cognitive.microsoft.com/sts/v1.0/issueToken');
//return instead of outputting directly
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
//whether to include header in the output. here set to false
curl_setopt($ch, CURLOPT_HEADER, 0);
//pass my subscription key
curl_setopt($ch, CURLOPT_POSTFIELDS,array(Subscription-Key => '<my-key>'));
//CURLOPT_SSL_VERIFYPEER- Set to false to stop verifying certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
//3. Execute the request and fetch the response. check for errors
$output = curl_exec($ch);
if ($output === FALSE) {
echo "cURL Error" . curl_error($ch);
}
//4. close and free up the curl handle
curl_close($ch);
//5. display raw output
print_r($output);
?>
it gives me the following error:
{ "statusCode": 401, "message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." }
which could mean that the key is invalid according to the website below, but I ensured the key is valid on the same website.
http://docs.microsofttranslator.com/oauth-token.html
I did find some examples online on how to get the Authenticationtoken, but they are outdated.
How can I get the AuthenticationToken/achieve that microsoft recognises my key?
You're passing the subscription-key wrong -
The subscription key should passed in the header (Ocp-Apim-Subscription-Key) or as a querystring parameter in the URL ?Subscription-Key=
And you should use Key1 or Key2 generated by the Azure cognitive service dashboard.
FYI - M$ has made a token generator available for testing purposes, this should give you a clue which keys are used for which purpose:
http://docs.microsofttranslator.com/oauth-token.html
Here's a working PHP script which translates a string from EN to FR (it's based on an outdated WP plugin called Wp-Slug-Translate by BoLiQuan which I've modified for this purpose):
<?php
define("CLIENTID",'<client-name>'); // client name/id
define("CLIENTSECRET",'<client-key>'); // Put key1 or key 2 here
define("SOURCE","en");
define("TARGET","fr");
class WstHttpRequest
{
function curlRequest($url, $header = array(), $postData = ''){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
if(!empty($header)){
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
if(!empty($postData)){
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, is_array($postData) ? http_build_query($postData) : $postData);
}
$curlResponse = curl_exec($ch);
curl_close($ch);
return $curlResponse;
}
}
class WstMicrosoftTranslator extends WstHttpRequest
{
private $_clientID = CLIENTID;
private $_clientSecret = CLIENTSECRET;
private $_fromLanguage = SOURCE;
private $_toLanguage = TARGET;
private $_grantType = "client_credentials";
private $_scopeUrl = "http://api.microsofttranslator.com";
private $_authUrl = "https://api.cognitive.microsoft.com/sts/v1.0/issueToken";
// added subscription-key
private function _getTokens(){
try{
$header = array('Ocp-Apim-Subscription-Key: '.$this->_clientSecret);
$postData = array(
'grant_type' => $this->_grantType,
'scope' => $this->_scopeUrl,
'client_id' => $this->_clientID,
'client_secret' => $this->_clientSecret
);
$response = $this->curlRequest($this->_authUrl, $header, $postData);
if (!empty($response))
return $response;
}
catch(Exception $e){
echo "Exception-" . $e->getMessage();
}
}
function translate($inputStr){
$params = "text=" . rawurlencode($inputStr) . "&from=" . $this->_fromLanguage . "&to=" . $this->_toLanguage;
$translateUrl = "http://api.microsofttranslator.com/v2/Http.svc/Translate?$params";
$accessToken = $this->_getTokens();
$authHeader = "Authorization: Bearer " . $accessToken;
$header = array($authHeader, "Content-Type: text/xml");
$curlResponse = $this->curlRequest($translateUrl, $header);
$xmlObj = simplexml_load_string($curlResponse);
$translatedStr = '';
foreach((array)$xmlObj[0] as $val){
$translatedStr = $val;
}
return $translatedStr;
}
}
function bing_translator($string) {
$wst_microsoft= new WstMicrosoftTranslator();
return $wst_microsoft->translate($string);
}
echo bing_translator("How about translating this?");
?>
Add your key also in the URL.
curl_setopt($ch, CURLOPT_URL, 'https://api.cognitive.microsoft.com/sts/v1.0/issueToken?Subscription-Key={your key}');
But leave it also in the CURLOPT_POSTFIELDS.
I'm trying to access the PayPal ButtonManager API. I'm getting error 10002, Authentication failed. I've double/triple checked all the credentials, and regenerated them too. I don't think the AppID should be necessary; it doesn't work with or without it anyway.
Exact error message text:
L_ERRORCODE0=10002&L_SHORTMESSAGE0=Authentication/Authorization Failed&L_LONGMESSAGE0=You do not have permissions to make this API call&L_SEVERITYCODE0=Error
//ButtonManager API
$ret = ch_post();
error_log($ret);
echo urldecode($ret);
function ch_post(){
//API Credentials
$accID = urlencode("accID");
$username = urlencode("username_api1.website");
$password = urlencode("password");
$signature = urlencode("signature");
$appID = urlencode("APP-ID");
$endpoint = "https://api-3t.sandbox.paypal.com/nvp";
$certpath = "C:\certpath.pem";
$ch_headers = array(
"USER"=>$username,
"PWD"=>$password,
"SIGNATURE"=>$signature,
"APPID"=>$appID,
"VERSION"=>"51.0"
);
$ch_params = array(
"METHOD"=>urlencode("BMCreateButton"),
"OTHERPARAMS"=>urlencode("OTHER")
);
$ch = curl_init($endpoint);
curl_setopt($ch,CURLOPT_HTTPHEADER,http_build_query($ch_headers));
curl_setopt($ch,CURLOPT_CAINFO,$certpath);
curl_setopt($ch,CURLOPT_POSTFIELDS,http_build_query($ch_params));
curl_setopt($ch,CURLOPT_POST,TRUE);
curl_setopt($ch,CURLOPT_HEADER,TRUE);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch,CURLOPT_SSLVERSION, 6);
$cexec = curl_exec($ch);
if(!$cexec) {
$response = "Failed: ".curl_error($ch)."(".curl_errno($ch).")";
curl_close($ch);
return $response;
}
curl_close($ch);
return $cexec;
}
Hi instead of using the Paypal API I designed a webpage using php and curl to check whether a certain email is verified on Paypal or not. In order to do so I have to allow the script to login for me on Paypal's website. Now I am using a fake paypal account just to check if an email is verified or not, but my question is how secure is that username and password that is being entered onto paypal's website. If it is unsecure and can be easily sniffed out by someone monitoring the server communications, how can I protect against that?
Please note I am not using Paypal's API because it requires way too much work to incorporate onto your website, and it requires extra fields to return if an email is verified (first name, last name, etc).
Here's the code:
<?php
//email address to check
$verifyEmail = 'randomemail#blah.com';
//paypal login info
$loginEmail = '###';
$password = '###';
if (!isLogin($loginEmail, $password)) {
echo 'Login failed';
} else if (isVerified($verifyEmail)) {
echo 'Verified';
} else {
echo 'Not verified';
}
#########################################
function isVerified($verifyEmail) {
$url = 'https://www.paypal.com/us/verified/pal='.$verifyEmail;
$response = curl_get($url);
if(strpos($response, '<td class="emphasis">Verified</td>')) {
return true;
} else {
return false;
}
}
function isLogin($email, $password) {
// Get login page
$response = curl_get('https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run');
$postFields = getHiddenFormInputs($response, 'login_form');
if (!$postFields) {
return false;
}
// Post login
$postFields['login_email'] = $email;
$postFields['login_password'] = $password;
$postFields = serializePostFields($postFields);
$response = curl_get('https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-submit', $postFields);
if(!strpos($response, 'login_cmd=_login-done')) {
return false;
} else {
return true;
}
}
function curl_get($url, $postfields=false) {
static $curl;
if(empty($curl)) {
$cookiejar = 'curl_cookiejar.txt';
#unlink($cookiejar);
$curl = curl_init();
curl_setopt($curl, CURLOPT_COOKIEJAR, $cookiejar);
curl_setopt($curl, CURLOPT_COOKIEFILE, $cookiejar);
curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HEADER, 1);
curl_setopt($curl, CURLOPT_MAXREDIRS, 5);
}
curl_setopt($curl, CURLOPT_URL, $url);
if(stripos($url, 'https')!==false) {
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
}
if ($postfields) {
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields);
}
$response = curl_exec($curl);
return $response;
}
function getHiddenFormInputs($html) {
if(!preg_match('|<form[^>]+login_form[^>]+>.*</form>|Usi', $html, $form)) {
return '';
}
if(!preg_match_all('/<input[^>]+hidden[^>]*>/i', $form[0], $inputs)) {
return '';
}
$hiddenInputs = array();
foreach($inputs[0] as $input){
if (preg_match('|name\s*=\s*[\'"]([^\'"]+)[\'"]|i', $input, $name)) {
$hiddenInputs[$name[1]] = '';
if (preg_match('|value\s*=\s*[\'"]([^\'"]*)[\'"]|i', $input, $value)) {
$hiddenInputs[$name[1]] = $value[1];
}
}
}
return $hiddenInputs;
}
function serializePostFields($postFields) {
foreach($postFields as $key => $value) {
$value = urlencode($value);
$postFields[$key] = "$key=$value";
}
$postFields = implode($postFields, '&');
return $postFields;
}
?>
Ignoring the method being used (the API is more robust, and current method could break if they change the login), CURL is as secure as any standard request from a browser. From the script I can see you are using https for the request, so you should be fine.
cURL is not any more or less secure than Internet Explorer or Google Chrome.
Curl request will be as "safe" as going to the site with browser, but you should set CURLOPT_SSL_VERIFYPEER option to true and use CURLOPT_CAINFO to point to curl to the certificate when using HTTPS with CURL.
Check curl_setopt documentation.
I am trying to build a script that posts information into the RoyalMail tracking system and extracts the output.
What I currently have is getting an error from their server - see the link, somehow it is detecting that I am not using their website as per normal and throwing me an error.
Things I think I have taken into account:
Using an exact copy of their form by parsing it beforehand (the post parameters)
Saving the cookies between each request
Accepting redirect headers
Providing a refer header that is actually valid (the previously visited page)
Does anyone know anything else I need to check or can figure out what I am doing wrong?
A full copy of the source is at EDIT: please see my answer below
Websites usually use 2 ways to detect if you are a human or a bot: HTTP REFERER and USER AGENT. I suggest you use Curl it specified user agent and referer (replace 'http://something/' with real URL of a page you would normally visit before navigating to the url you want to download with PHP):
<?php
$url = 'http://track2.royalmail.com/portal/rm/track';
$html = file_get_contents2($url, '');
$post['_dyncharset'] = 'ISO-8859-1';
$post['trackConsigniaPage'] = 'track';
$post['/rmg/track/RMTrackFormHandler.value.searchCompleteUrl'] = '/portal/rm/trackresults?catId=22700601&pageId=trt_rmresultspage';
$post['_D:/rmg/track/RMTrackFormHandler.value.searchCompleteUrl'] = '';
$post['/rmg/track/RMTrackFormHandler.value.invalidInputUrl'] = '/portal/rm/trackresults?catId=22700601&pageId=trt_rmresultspage&keyname=track_blank';
$post['_D:/rmg/track/RMTrackFormHandler.value.invalidInputUrl'] = '';
$post['/rmg/track/RMTrackFormHandler.value.searchBusyUrl'] = '/portal/rm/trackresults?catId=22700601&pageId=trt_busypage&keyname=3E_track';
$post['_D:/rmg/track/RMTrackFormHandler.value.searchBusyUrl'] = '';
$post['/rmg/track/RMTrackFormHandler.value.searchWaitUrl'] = '/portal/rm/trackresults?catId=22700601&timeout=true&pageId=trt_timeoutpage&keyname=3E_track';
$post['_D:/rmg/track/RMTrackFormHandler.value.searchWaitUrl'] = '';
$post['/rmg/track/RMTrackFormHandler.value.keyname'] = '3E_track';
$post['_D:/rmg/track/RMTrackFormHandler.value.keyname'] = '';
$post['/rmg/track/RMTrackFormHandler.value.previousTrackingNumber'] = '';
$post['_D:/rmg/track/RMTrackFormHandler.value.previousTrackingNumber'] = '';
$post['/rmg/track/RMTrackFormHandler.value.trackingNumber'] = 'ZW791944749GB';
$post['_D:/rmg/track/RMTrackFormHandler.value.trackingNumber'] = '';
$post['/rmg/track/RMTrackFormHandler.track.x'] = '50';
$post['/rmg/track/RMTrackFormHandler.track.y'] = '14';
$post['_D:/rmg/track/RMTrackFormHandler.track'] = '';
$post['/rmg/track/RMTrackFormHandler.value.day'] = '19';
$post['_D:/rmg/track/RMTrackFormHandler.value.day'] = '';
$post['/rmg/track/RMTrackFormHandler.value.month'] = '5';
$post['_D:/rmg/track/RMTrackFormHandler.value.month'] = '';
$post['/rmg/track/RMTrackFormHandler.value.year'] = '2012';
$post['_D:/rmg/track/RMTrackFormHandler.value.year'] = '';
$post['_DARGS'] = '/portal/rmgroup/apps/templates/html/rm/rmTrackResultPage.jsp';
$url2 = 'http://track2.royalmail.com/portal/rm?_DARGS=/portal/rmgroup/apps/templates/html/rm/rmTrackAndTraceForm.jsp';
$html2 = file_get_contents2($url2, $url, $post);
echo $html2;
function file_get_contents2($address, $referer, $post = false)
{
$useragent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $address);
curl_setopt($c, CURLOPT_USERAGENT, $useragent);
curl_setopt($c, CURLOPT_HEADER, 0);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
if ($post)
{
$postF = http_build_query($post);
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, $postF);
}
curl_setopt($c, CURLOPT_COOKIEJAR, 'cookie.txt');
//curl_setopt($c, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($c, CURLOPT_REFERER, $referer);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
if (!$data = curl_exec($c))
{
return false;
}
return $data;
}
The above updated code returned me:
Item ZW791944749GB was posted at 1 High Street RG17 9TJ on 19/05/12 and is being progressed through our network for delivery.
So it seems it works.
I have now fixed it, the problem was with PHP curl and following redirects, it seems that it doesn't always post the request data and sends a GET request when following.
To deal with this I disabled curl follow location with curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); and then built a follow location system myself that works recursively. Essentially it extracts the location header from the response, checks for a 301 or a 302 and then runs the method again as required.
This means the information will definitely be POSTED again.
I also improved the user agent string, simply copying my current one on the basis it won't be blocked for a long while as in 2012 it is in active use!
Here is a final copy of the curl class (in case the link dies - been down voted for that in the past) which is working:
/**
* Make a curl request respecting redirects
* Also supports posts
*/
class pegCurlRequest {
private $url, $postFields = array(), $referer = NULL, $timeout = 3;
private $debug = false, $postString = "";
private $curlInfo = array();
private $content = "";
private $response_meta_info = array();
static $cookie;
function __construct($url, $postFields = array(), $referer = NULL, $timeout = 3) {
$this->setUrl($url);
$this->setPost($postFields);
$this->setReferer($referer);
$this->setTimeout($timeout);
if(empty(self::$cookie)) self::$cookie = tempnam("/tmp", "pegCurlRequest"); //one time cookie
}
function setUrl($url) {
$this->url = $url;
}
function setTimeout($timeout) {
$this->timeout = $timeout;
}
function setPost($postFields) {
if(is_array($postFields)) {
$this->postFields = $postFields;
}
$this->updatePostString();
}
function updatePostString() {
//Cope with posting
$this->postString = "";
if(!empty($this->postFields)) {
foreach($this->postFields as $key=>$value) { $this->postString .= $key.'='.$value.'&'; }
$this->postString= rtrim($this->postString,'&'); //Trim off the waste
}
}
function setReferer($referer) {
//Set a referee either specified or based on the url
$this->referer = $referer;
}
function debugInfo() {
//Debug
if($this->debug) {
echo "<table><tr><td colspan='2'><b><u>Pre Curl Request</b><u></td></tr>";
echo "<tr><td><b>URL: </b></td><td>{$this->url}</td></tr>";
if(!empty(self::$cookie)) echo "<tr><td><b>Cookie String: </b></td><td>".self::$cookie."</td></tr>";
if(!empty($this->referer)) echo "<tr><td><b>Referer: </b></td><td>".$this->referer."</td></tr>";
if(!empty($this->postString)) echo "<tr><td><b>Post String: </b></td><td>".$this->postString."</td></tr>";
if(!empty($this->postFields)) {
echo "<tr><td><b>Post Values:</b></td><td><table>";
foreach($this->postFields as $key=>$value)
echo "<tr><td>$key</td><td>$value</td></tr>";
echo "</table>";
}
echo "</td></tr></table><br />\n";
}
}
function debugFurtherInfo() {
//Debug
if($this->debug) {
echo "<table><tr><td colspan='2'><b><u>Post Curl Request</b><u></td></tr>";
echo "<tr><td><b>URL: </b></td><td>{$this->url}</td></tr>";
if(!empty($this->referer)) echo "<tr><td><b>Referer: </b></td><td>".$this->referer."</td></tr>";
if(!empty($this->curlInfo)) {
echo "<tr><td><b>Curl Info:</b></td><td><table>";
foreach($this->curlInfo as $key=>$value)
echo "<tr><td>$key</td><td>$value</td></tr>";
echo "</table>";
}
echo "</td></tr></table><br />\n";
}
}
/**
* Make the actual request
*/
function makeRequest($url=NULL) {
//Shorthand request
if(!is_null($url))
$this->setUrl($url);
//Output debug info
$this->debugInfo();
//Using a shared cookie
$cookie = self::$cookie;
//Setting up the starting information
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.11 Safari/536.11" );
curl_setopt($ch, CURLOPT_URL, $this->url);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_ENCODING, "gzip");
//register a callback function which will process the headers
//this assumes your code is into a class method, and uses $this->readHeader as the callback //function
curl_setopt($ch, CURLOPT_HEADERFUNCTION, array(&$this,'readHeader'));
//Some servers (like Lighttpd) will not process the curl request without this header and will return error code 417 instead.
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Expect:"));
//Referer
if(empty($this->referer)) {
curl_setopt($ch, CURLOPT_REFERER, dirname($this->url));
} else {
curl_setopt($ch, CURLOPT_REFERER, $this->referer);
}
//Posts
if(!empty($this->postFields)) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $this->postString);
}
//Redirects, transfers and timeouts
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_TIMEOUT, $this->timeout);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
//Debug
if($this->debug) {
curl_setopt($ch, CURLOPT_VERBOSE, true); // logging stuffs
curl_setopt($ch, CURLINFO_HEADER_OUT, true); // enable tracking
}
//Get the content and the header info
$content = curl_exec($ch);
$response = curl_getinfo($ch);
//get the default response headers
$headers = curl_getinfo($ch);
//add the headers from the custom headers callback function
$this->response_meta_info = array_merge($headers, $this->response_meta_info);
curl_close($ch); //be nice
//Curl info
$this->curlInfo = $response;
//Output debug info
$this->debugFurtherInfo();
//Are we being redirected?
if ($response['http_code'] == 301 || $response['http_code'] == 302) {
$location = $this->getHeaderLocation();
if(!empty($location)) { //the location exists
$this->setReferer($this->getTrueUrl()); //update referer
return $this->makeRequest($location); //recurse to location
}
}
//Is there a javascript redirect on the page?
elseif (preg_match("/window\.location\.replace\('(.*)'\)/i", $content, $value) ||
preg_match("/window\.location\=\"(.*)\"/i", $content, $value)) {
$this->setReferer($this->getTrueUrl()); //update referer
return $this->makeRequest($value[1]); //recursion
} else {
$this->content = $content; //set the content - final page
}
}
/**
* Get the url after any redirection
*/
function getTrueUrl() {
return $this->curlInfo['url'];
}
function __toString() {
return $this->content;
}
/**
* CURL callback function for reading and processing headers
* Override this for your needs
*
* #param object $ch
* #param string $header
* #return integer
*/
private function readHeader($ch, $header) {
//This is run for every header, use ifs to grab and add
$location = $this->extractCustomHeader('Location: ', '\n', $header);
if ($location) {
$this->response_meta_info['location'] = trim($location);
}
return strlen($header);
}
private function extractCustomHeader($start,$end,$header) {
$pattern = '/'. $start .'(.*?)'. $end .'/';
if (preg_match($pattern, $header, $result)) {
return $result[1];
} else {
return false;
}
}
function getHeaders() {
return $this->response_meta_info;
}
function getHeaderLocation() {
return $this->response_meta_info['location'];
}
}
Well first of all, you are talking about the Royal Mail. So I'm not sure if this simple little trick would trip them up...
But what you could try is spoofing your user agent with a quick ini_set() -
ini_set('user_agent', 'Mozilla/5.0 (X11; CrOS i686 1660.57.0) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.46 Safari/535.19'
That's an Ubuntu chrome user agent string.
The cURL user agent string would look quite different. For example:
curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
It's a long shot - but they might be rejecting requests that are not originating from recognized browsers.