I'm looking for a way to search for business "X" on LinkedIn, which requires a valid login session. I'm making Http requests with PHP's HttpRequest object, but I'm not familiar enough with handling session data/cookies to figure out how to pinpoint my mistake.
$loginURL = "https://www.linkedin.com/uas/login-submit";
$loginPostData = array("session_key" => "mylogin#mydomain.com",
"session_password" => "itsasecret",
"source_app" => "",
"signin" => "",
"session_redirect" => "",
"csrfToken" => "",
"sourceAlias" => "",
);
$httpRequest = new HttpRequest($loginURL, HttpRequest::METH_POST);
$httpRequest->setContentType("application/x-www-form-urlencoded");
$httpRequest->addPostFields($loginPostData);
$httpRequest->setOptions(array("redirect" => 10));
$httpMessage = $httpRequest->send();
$responseBody = $httpMessage->getBody());
I write $responseBody to a file and open it in a browser, but it only contains a generic LinkedIn page with log in fields. Using the "Tamper Data" extension to firefix, I can see that the following request headers allow firefox to load a session-viewable webpage:
Host=www.linkedin.com
Content-Type=application/x-www-form-urlencoded
Content-Length=124
POSTDATA=source_app=&session_key=mylogin#mydomain.com&session_password=itsasecret&signin=&session_redirect=&csrfToken=&sourceAlias=
There's something weird about the data I get back too: I'd expect to see something like "invalid username or password", but I get the default linkedin.com page.
Actually looking at the code of linkedin there are some hidden input that you need to send as POST datas, because your request has not one or more of these values you got the same login page...
Copy & paste from linkedin
<input type="hidden" name="source_app" value="">
<input type="hidden" name="trk" value="guest_home_login">
<input type="hidden" name="session_redirect" value="" id="session_redirect-login"><input type="hidden" name="csrfToken" value="ajax:9034582961576232024" id="csrfToken-login"><input type="hidden" name="sourceAlias" value="0_7r5yezRXCiA_H0CRD8sf6DhOjTKUNps5xGTqeX8EEoi" id="sourceAlias-login">
Related
I am creating a page where users can submit metadata about content to a database by submitting the Digital Object Identifier (DOI) of the content. The site will then go and look up the metadata of content on www.crossref.org and present a summary of the data before adding it to the database
I have created a form for users to enter the DOI
<FORM ACTION="newref-getxml.php" METHOD=POST>
<P><strong>New Reference Form</strong><BR>
DOI: <INPUT NAME="send_doi"><BR>
<BR>
<INPUT TYPE=SUBMIT NAME="submitref" VALUE="SUBMIT">
</FORM>
And a file to fetch and read the XML (I have removed my API KEY from the URL for obvious reasons)
<?php
echo $_POST[send_doi]; // check post data is coming though
$xml = simplexml_load_file("http://www.crossref.org/openurl/id=doi:'$_POST[send_doi]'&noredirect=true&pid=APIKEY&format=unixref");
?>
<p>
Title: <?php echo $xml->doi_record->crossref->journal->journal_article->titles->title;?><br />
Year: <?php echo $xml->doi_record->crossref->journal->journal_article->publication_date->year;?><br />
Journal: <?php echo $xml->doi_record->crossref->journal->journal_metadata->full_title;?><br />
DOI: <?php echo $xml->doi_record->crossref->journal->journal_article->doi_data->doi;?>
</p>
The problem is with inserting the user submitted DOI into the URL, I thought I could just paste '$_POST[send_doi]' into the URL where the DOI should go, but that is not working.
All I get is
10.3998/3336451.0009.101
Title:
Year:
Journal:
DOI:
When submitting a DOI
How you write the URL to include the '$_POST[send_doi]' value?
simplexml_load_file("http://www.crossref.org/openurl/id".
"?doi=".urlencode($_POST[send_doi]).
"&noredirect=true&pid=APIKEY&format=unixref");
Added a question mark as I don't see it in your URL. A better alternative is http_build_query(). Check it out!
simplexml_load_file('http://www.crossref.org/openurl/id?'. // <- Question Mark here
http_build_query(array(
'doi' => $_POST[send_doi],
'noredirect' => 'true',
'pid' => 'APIKEY',
'format' => 'unixref',
))
);
Try this:
$xml = simplexml_load_file("http://www.crossref.org/openurl/id=doi:'{$_POST['send_doi']}'&noredirect=true&pid=APIKEY&format=unixref");
Array keys of type string need to be encapsulated in single quotes. When including a variable into a string, use {} to enclose the variable itself.
Also, make sure you validate that input so you dont have erraneous calls going to that API. Regex works well. See: preg_match().
I'm trying to make a PHP script that can post to groups on Sina Weibo, a Chinese Twitter clone. Other than group functionality, Weibo seems pretty much identical to Twitter in implementation (even in API) -- hence I'm mentioning Twitter as the analogy, as the distinction's irrelevant for my question.
I can make regular posts by API just fine, but the thing is, Weibo's API does not support posting to groups, presumably due to potential spamming hazards that might entail. (Note: my intention wasn't to spam millions with crap, but to get a script to automatically post info on patent expiries to relevant industry groups each day.)
Now, I know there should be a work-around, as there's an application that allows one to manually post to groups (新浪微群自动群发精灵), though the source is private. So I tried to check the post form data sent to the server using Firebug to see if I could replace the API tweet command by manually making the PHP script replicate the post form info, but to no avail.
Here is my code for the callback.php file, called after establishing the OAuth connection. The working API method to post an update has been commented out in favor of the dysfunctional post form method (in HTML tags).
<?php
session_start();
include_once( 'config.php' );
include_once( 'saetv2.ex.class.php' );
$o = new SaeTOAuthV2( WB_AKEY , WB_SKEY );
if (isset($_REQUEST['code'])) {
$keys = array();
$keys['code'] = $_REQUEST['code'];
$keys['redirect_uri'] = WB_CALLBACK_URL;
try { $token = $o->getAccessToken( 'code', $keys ) ; } catch (OAuthException $e) {}
}
if ($token) {
$_SESSION['token'] = $token;
setcookie( 'weibojs_'.$o->client_id, http_build_query($token) );
?><html><head></head><body>
<form action="http://www.weibo.com/aj/mblog/add?__rnd=1340066897833" method="post">
<input type="hidden" name="_surl" value="">
<input type="hidden" name="_t" value=0>
<input type="hidden" name="location" value="home">
<input type="hidden" name="module" value="stissue">
<input type="hidden" name="pic_id" value="">
<input type="hidden" name="rank" value="">
<input type="text" name="text" value="测试发表微博 test message" />
<input type="submit">
</form></body></html><?
/*
$c = new SaeTClientV2( WB_AKEY , WB_SKEY , $_SESSION['token']['access_token'] );
$msg = $c->update("测试发表微博 test message");
if ($msg === false || $msg === null){ echo "Error occured"; return false;}
if (isset($msg['error_code']) && isset($msg['error'])){ echo ('Error_code: '.$msg['error_code'].'; Error: '.$msg['error'] ); return false;}
echo($msg['id']." : ".$msg['text']." ".$msg["created_at"]);
*/
} else echo('授权失败。 authentication failed');
?>
I'm pretty new to all of this, so I'm probably missing something obvious, but would anyone here know enough about Twitter/Weibo to locate the problem here? Would there perhaps be an easy workaround?
Thanks!
Been a while, but for anyone stumbling upon this thread: by now I caught up a bit, and it seems like browser automation with Ruby gem Watir would have much better chances of working than form spoofing.
I have a PHP file in which I have this code:
$descText = $_POST["fname"];
$attachement = array('access_token'=>$fbme['access_token'], 'message' => $descText, 'source' => '#'.realpath($tempFile) );
//$attachement = array('access_token'=>$fbme['access_token'], 'source' => '#'.realpath($tempFile) );
$fb_photo = $facebook->api('me/photos','POST',$attachement);
$FQLQuery = 'SELECT object_id, pid, src_big, link FROM photo WHERE object_id = '.$fb_photo['id'];
$FQLResult = $facebook->api(array( 'method' => 'fql.query', 'query' => $FQLQuery, 'access_token'=>$fbme['access_token'] ));
$targetPhoto = $FQLResult[0];
echo '<center><h1>Image created.</h1><br/><img src="'.$targetPhoto['src_big'].'"/></center><br/>';
How can I run this only when a user clicks on a button or link?
You can't attach PHP code to a HTML input button, only JavaScript.
If you need to have the code written in PHP then you will either have to link directly to the script, which will display a page with your photo on it (Assuming the code is valid), or more likely what you want is to USE AJAX to include it dynamically in an existing page.
Basically something like this would work in JQuery:
<input type="button" onclick="$.load('/link/to/script.php', $('#where_to_put_the_image'));" />
You could use a form HTML tag. This is just an example:
<form method="post" action="yourphpfile.php">
<input type="text" name="fname" value="your first name?" />
<input type="submit" value="run" />
</form>
Put it in a file and then link to that file. Simple.
Or do you want to run it asynchronously on the page? In which case, you'll need to do it using Ajax.
As with triggering any PHP script or function, send a request to the page that contains it, either by a link, a form post, or an Ajax request.
Im trying to use the following PHP to add a favorite to my account:
<?php
if(isset($_POST['submit'])) {
$fav = $_REQUEST['fav'];
$connection->post('favorites/create', array('id' => $fav));
echo "<div style='padding-bottom: 5px; color: #0099FF;'>Fav Created Successfully.</div>";
}
?>
With the following form:
<form id="fav" method='post' action='index.php'>
<input type="text" style="width: 346px;" name="fav" id="fav" ></input>
<input type="submit" value="Fav This!" name="submit" id="submit" />
</form>
Its not creating a favorite, Can anyone spot anything wrong with it?
PS: I am using the OAuth API:
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $access_token['oauth_token'], $access_token['oauth_token_secret']);
$response = $connection->post('favorites/create/'.$fav);
The ID is not a parameter.
Im trying to use the following PHP to add a favorite to my account:
$favorite = $connection->post('favorites/create/'.$id);
where $id is the status id but favorite don't return nothing
If I'm not mistaken, you don't need to add an "id" parameter.
Looking at Twitter's Documentation the URL to create a favorite would be http://api.twitter.com/1/favorites/create/12345.xml where "12345" is the ID of the tweet.
When I tried it, it says the following.
This method requires a GET.
Although Twitter API documentation says it requires a POST. So, try to do a GET request on it:
$response = $connection->get('favorites/create', array('id' => $fav));
// now print the response to see if any error pops up:
print_r($response);
can anyone tell me how to read up to 3 remote files and compile the results in a query string which would now be sent to a page by the calling script, using headers.
Let me explain:
page1.php
$rs_1 = result from remote page a;
$rs_2 = result from remote page b;
$rs_3 = result from remote page c;
header("Location: page2.php?r1=".$rs_1."&r2=".$rs_2."&r3=".$rs_3)
You may be able to use file_get_contents, then make sure you urlencode the data when you construct the redirection url
$rs_1 =file_get_contents($urlA);
$rs_2 =file_get_contents($urlB);
$rs_3 =file_get_contents($urlC);
header("Location: page2.php?".
"r1=".urlencode($rs_1).
"&r2=".urlencode($rs_2).
"&r3=".urlencode($rs_3));
Also note this URL should be kept under 2000 characters.
Want to send more than 2000 chars?
If you want to utilize more data than 2000 characters would allow, you will need to POST it. One technique here would be to send some HTML back to the client with a form containing your data, and have javascript automatically submit it when the page loads.
The form could have a default button which says "Click here to continue..." which your JS would change to "please wait...". Thus users without javascript would drive it manually.
In other words, something like this:
<html>
<head>
<title>Please wait...</title>
<script>
function sendform()
{
document.getElementById('go').value="Please wait...";
document.getElementById('autoform').submit();
}
</script>
</head>
<body onload="sendform()">
<form id="autoform" method="POST" action="targetscript.php">
<input type="hidden" name="r1" value="htmlencoded r1data here">
<input type="hidden" name="r2" value="htmlencoded r2data here">
<input type="hidden" name="r3" value="htmlencoded r3data here">
<input type="submit" name="go" id="go" value="Click here to continue">
</form>
</body>
</html>
file_get_contents certainly helps, but for remote scripting CURL is better options.
This works well even if allow_url_include = On (in your php.ini)
$target = "Location: page2.php?";
$urls = array(1=>'url-1', 2=>'url-2', 3=>'url-3');
foreach($urls as $key=>$url) {
// get URL contents
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch);
$target .= "&r".$key."=".urlencode($output));
}
header("Location: ".$target);
You can use the file_get_contents function.
API documentation: http://no.php.net/manual/en/function.file-get-contents.php
$file_contents = file_get_contents("http://www.foo.com/bar.txt")
Do note that if the file contain multiple lines or very, very long lines you should contemplate using HTTP post instead of a long URL.