Upon using the code samples below, I try to send a HTTP request to validate a username and password entry to a PHP script (returning either 1 or 0 in an echo).
Using HTTP Assistant, testing the HTTP Post request has the expected results... But for some reason, when logging the 'res' String (the HTTP response) in the java code, I get a blank PHP/Index page:
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML3.2Final//EN"><html><title>Indexof/</title></head><body><h1>Indexof/</h1><ul><li>cgi-bin/</li></ul></body></html>
Code: HomeActivity.java and Http.java
Have I done something wrong code-wise? Or is this a server issue?
What you are seeing there is the standard webserver listing of a directory. So you probably have the wrong URL you're hitting. Is there any redirect magic involved?
[edit] As you have controll of the PHP page yourself, do the following: Edit it so that it accepts parameters per GET and try to call the page via your android browser with the username and password as GET parameters . If that works, you've at least a clue that it's possible from your phone.
Related
when use GET Method for receive JSON data , we can acsses the result directly from web browser , for example i send a mydata value from ajax to a main.php file and it process and get answer show a result some thing like below :
<?php
if (isset($_GET["mydata"])) {
if ($_GET["mydata"]=="hello"){
echo "hello world";
}
}
?>
but when a user call it in browser directly like http:mysite.com/mydata.php?mydata=hello recive answer . i want dont allow users to get answer of http request directly , and just can show it from ajax result of main page is it possible ?
You're asking how to prevent an ajax-only request from being accessed directly by copy-pasting the URL into the web browser; that is, only allowing the URL to be accessible via ajax on the main web page.
Well, there are a few things you can try:
Check the Referrer for the URL of the main page with $_SERVER['HTTP_REFERER']
Set a header in Javascript using xhr.setRequestHeader() and then ensure it's value by checking for $_SERVER['HTTP_X_....'] in PHP
Like Jay Bhatt recommended, check for the X_REQUESTED_WITH header, but be aware this might not always be set (see: X-Requested-With header not set in jquery ajaxForm plugin)
However, in any of these situations you should be aware that anyone who knows what they are doing can easily set any HTTP header, variable, or even modify the referrer which is sent to the server. As such, there is no 100% guarantee that your resouce can be accessed only via AJAX on the main web page. There is no control built in the internet to verify where a request is coming from, so anyone can easily spoof or fake it.
I am having issues with the code to access a remote website server2 from another website server1. The code I use from inside the server2 to log in is the following code:
require_once("http://server2.com/access/models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}
//Prevent the user visiting the logged in page if he/she is already logged in
if(isUserLoggedIn()) { header("Location: http://server2.com/access/account.php"); die(); }
On server2 it looks like I can not use require_once() because the page does not pass and when I use include() then prevent the user visiting does not pass. I think I am missing a code like cURL or path. Can anybody post the code to call my server2 from a another remote server1?
You can't include/require PHP pages from another server because those php-files are getting parsed. You will end up getting the parsed HTML code or non at all if your config.php meets minimum safety standards. You'd have to open it differently but be aware that if you can open config.php in an easy way remotely, everyone else can too...
I suggest not to use include at all but try a different approach: for example via a php script on that second server that returns you plain text like:
login|logout
ok|error
id_Paul23
pwHash_asdf02302afbd33
the second items after the | represent an alternative response if you have an erroneus login attempt. Your user sends the login-data to your script on server 1 which attempts a login-try on that special script on server 2 which returns the result above and you can then do whatever you want on server 1.
Or better: send/receive the data in a standardized format like JSON. You already have functions in PHP for that: json_encode() and json_decode() to parse your data.
Here is an example on how you could do this on a larger scale: http://www.jasny.net/articles/simple-single-sign-on-for-php/
This article will help you send the request to server2: How do I send a POST request with PHP?
I am calling a php file using $.post. From the server I am returning json response. When I open the server url directly in browser it returns successfully. But from js it is not working.
The link I am calling is this(http://54.249.240.120/qcorner/login).
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
</head>
<body>
<input type="button" id="testID">
<script type="text/javascript">
$(document).ready(function() {
$("#testID").click(function() {
$.post('http://54.249.240.120/qcorner/login',function(result){
alert(result);
});
});
});
</script>
</body>
</html>
I also tried in Firefox. In that I get 200 OK, but no response.
Why this is happening
The problem is that it is a cross domain request the error being returned can be viewed by turning on the javascript console:
XMLHttpRequest cannot load http://54.249.240.120/qcorner/login. Origin null is not allowed by Access-Control-Allow-Origin.
You will need to make sure that the Access-Control-Allow-Origin headers are set to allow this to happen or Chrome will cancel the request.
I suspect you're running into a Cross-origin resource sharing problem. I'm guessing you're not accessing this page from http://54.249.240.120/, given that Chrome is showing it explicitly in the network tab (usually it doesn't do that if it's the same domain).
Long story short, you can't post via Javascript to another domain name. If you're accessing this at www.example.com, the browser won't recognize the IP address as the same domain name (even if the domain name resolves there). Easiest way, if you're in control of the whole situation, is just put that login code on the same domain as the code you're testing. In a local environment you can do this with your [hosts file, something like 54.249.240.120 www.example.com to redirect example.com (replace with your own domain that you are accessing the test page from) to the IP address. This won't work for the public internet, however.
If you must POST to another domain via javascript, you'll need to look into implementing the CORS standard. Here's an article I found explaining how to implement it in PHP.
An HTML 200 OK is not the same as a valid response. It means the server got your request, but it doesn't mean that your PHP file actually returned usable data. It could be returning an empty response altogether. It's time to debug the PHP file. I'd suggest logging to a file temporarily or use FirePHP. If error display is disable (as it should be on a production server), this can happen if your script is failing before any output is generated.
What exactly is happening with the request? You can't make an ajax request cross-domain with what you have listed in the question.
However, you're sending an empty POST request to the URL, and when I replicate an empty post request, it responds with an HTTP 206 error, which is what you need to sort out.
curl -X POST http://54.249.240.120/qcorner/login
{"head":{"status":206,"message":"Only 0 fields received, required 2"},"body":""}
I had the same issue as you and what I did is very simple.
In you PHP file receiving the ajax request, just add this line before sending the response :
<?php
header("Access-Control-Allow-Origin: *");
... // your code here
?>
Upon debug I'm getting a response that states Lead Capture Page: Not available.
Has anyone run into this problem... I'm passing everything correctly and salesforce.com board is no help at all.
Unfortunately, the error message you got is generic, it doesn't say what the error is.
Using the debug=1 param, or the debugemail param, it tries to return to you the page that the post came from. I think it uses the Referer: header for that. No referrer header (like if you just curl post data to sf), then you get the line above instead of something like
Lead Capture Page: http://yoursite.com/your/form.php
Here's some other tips, given that sf isn't telling you jack:
instead of www.salesforce or test.salesforce, try posting to the same subdomain you see when you log in by browser.
Also look at the return header Is-Processed:, I've seen exceptions in there.
try the generated form; as generated, you change the subdomain as above and it should work as-is. then gradually hack your form and the generated form towards each other till they both fail or both succeed.
So I have this cURL script for remote login. It works fine for some pages but not the pages I need.
For the page that isn't accessible through the script, the remote server requires the url be like this:
https://sub.example.com/a/b/thisPage.aspx?aVar=%2Fa%2Fb%2Fc%2Fd%2FFile+Name.nev
It seems that cURL or just php automatically converts the last part to
... thisPage.aspx?aVar=/a/b/c/d/File+Name.nev
I have php echo out the url variable just before it is passed to cURL and the last part is:
...thisPage.aspx?aVar=%2Fa%2Fb%2Fc%2Fd%2FFile+Name.nev
but it gives an error
message "Bad Request" and the browser url shows:
...thisPage.aspx?aVar=/a/b/c/d/File+Name.nev
When I manually enter enter ... thisPage.aspx?aVar=%2Fa%2Fb%2Fc%2Fd%2FFile+Name.nev in my browser it pulls up the page just fine.
Try double encoding so that way the % are encoded to. Try replacing them with %25.