Hi is it possible to get embedded session id from url using php?
From the root url, http://www.sbstransit.com.sg/mobileiris/, the website will generate a session id which is between the url and become something like that.
i.e http://www.sbstransit.com.sg/mobileiris/(ts2k1e55xaah50iwodsvjy35)/index.aspx.
Isit possible to use php/any other ways to retrieve "ts2k1e55xaah50iwodsvjy35" out by querying the root url without actually physically going into the url?
If you use wget to get that page, you'll see:
...
HTTP request sent, awaiting response... 302 Found
Location: http://www.sbstransit.com.sg/mobileiris/(xidluk550vzs5045l1cxkh55)/index.aspx [following]
Which indicates that it is doing a 302 redirect to the URL containing the ID.
You can write Perl (or other) code to find the redirected URL:
#!/usr/bin/perl
use warnings;
use strict;
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
$ua->requests_redirectable([]); # don't follow any redirects
my $response = $ua->get('http://www.sbstransit.com.sg/mobileiris/');
my $loc = $response->header('Location');
print "redirected to=$loc\n";
<?php
$url = 'http://www.sbstransit.com.sg/mobileiris/(ts2k1e55xaah50iwodsvjy35)/index.aspx';
$url_arr = parse_url($url);
print_r($url_arr); // debug output
$tokens = explode('/', $url_arr['path']);
print_r($tokens); // debug output
?>
Output:
Array
(
[scheme] => http
[host] => www.sbstransit.com.sg
[path] => /mobileiris/(ts2k1e55xaah50iwodsvjy35)/index.aspx
)
Array
(
[0] =>
[1] => mobileiris
[2] => (ts2k1e55xaah50iwodsvjy35)
[3] => index.aspx
)
So you could get your session id with $tokens[2]
Related
I try to make dhru api based on this code https://github.com/dhru/dhru-fusion-api-standards .
My problem is to get customer input on web which is sent by dhru web in parameters.
I already determinated what exacly website send to my API:
[username] => login
[apiaccesskey] => pass
[action] => placeimeiorder
[requestformat] => JSON
[parameters] => <PARAMETERS><ID>100</ID><CUSTOMFIELD>eyJ1ZGlkIjoiMDAwMDgwMjAtMDAxQzM0MTIyNjgxMDAyRSJ9</CUSTOMFIELD><MODELID></MODELID><PROVIDERID></PROVIDERID><NETWORK></NETWORK><PIN></PIN><KBH></KBH><MEP></MEP><PRD></PRD><TYPE></TYPE><LOCKS></LOCKS><REFERENCE></REFERENCE><IMEI>423545675567658</IMEI><udid>00008020-001C34122681002E</udid></PARAMETERS>
But i'm unable to get any value from this parameters.
I already tried all of this but nothing work:
1) $udid = json_decode($parameters['udid'],true);
2) $udid = $parameters['udid'];
3) $imei = $parameters['IMEI'];
4) $udid = (string)$parameters['udid'];
Can somebody give me advice?
Not an experienced developer and using CodeIgniter for the first time. I'm trying to grab a signed URL for a given MP3 filename stored in S3. This is currently working with the exception of files that contain brackets.
Relevant controller code:
function index ($streamfile) {
// Load S3 client
$this->load->spark('amazon-sdk');
$s3 = $this->awslib->get_s3();
// Define request parameters
$s3bucket = $userdata['s3bucket']; // defined elsewhere
$streamfiletest = ($string)'Crazy_(Remix).mp3';
// Request signed URL
$url = $s3->get_object_url($s3bucket, ***EITHER $streamfiletest or $streamfile***, '5 minutes');
// Fetch status code
$http = new CFRequest($url);
$http->add_header('Content-Type', '');
$http->send_request(true);
$code = $http->get_response_code();
$headers = $http->get_response_header();
// Load the view
$data['filename'] = $url;
$data['debug'] = array(
'file1' => $streamfile,
'file2' => $streamfiletest,
'signed_url' => $url,
'code' => $code,
'headers' => $headers
);
$this->load->view('play', $data);
Relevant view code:
<?php if (isset($debug)) {
echo "DEBUGS:";
echo '<pre>' . print_r($debug, TRUE) . '</pre>';
} ?>
As you can see I either pass $streamfile or $streamfiletest. In the debug I can confirm that both variables are the same string.
When passing $streamfile to the URL request, the URL in the response is incorrect:
DEBUGS:
[file1] => Crazy_(Remix).mp3
[file2] => Crazy_(Remix).mp3
[signed_url] => http://s3-...(removed)/Crazy_%26%2340%3BRemix%26%2341%3B.mp3?AWSAccessKey...
[code] => 404
You can see that the brackets have been strangely encoded %26%2340%3B and therefore I can't find the file in S3.
When passing $streamfiletest however, the response is fine:
DEBUGS:
[file1] => Crazy_(Remix).mp3
[file2] => Crazy_(Remix).mp3
[signed_url] => http://s3-...(removed)/Crazy_%28Remix%29.mp3?AWSAccessKey...
[code] => 200
The brackets are encoded correctly in the signed URL an I get a HTTP 200 from S3.
Any ideas what could be causing this?
In the debug I can confirm that both variables are the same string
Actually, not quite.
If you look closely, it becomes apparent what the url escaped values must mean:
%26%2340%3B %26%2341%3B
& # 40 ; & # 41 ;
Those are numeric html character codes that the browser will display as ( and ) but it does not in fact mean that the two strings have identical content. They only appear to.
The solution, of course, depends on how they are getting transformed that way, and either not doing that, or decoding the numeric character codes.
Try doing the following to decode the url encoded brackets
$data['filename'] = urldecode($url);
This should return the string to its expected format ie with brackets
On the Internet there are a few topics about this problem, but I have not found any complex solution. Therefore, I would like to ask you for help.
I need to change facebook id to username.
When you type web site like this:
http://facebook.com/profile.php?id=4 (num 4 is FB id), it will give you http://www.facebook.com/zuck, which is Mark Zuckerberg's profile.
On this principle I need to find out who a id is.
I have typed id 4 a got it is zuck.
But I need it for more ids, so it would take a lot of time do it manually. Please help me, how I can do it.
If you already have an ID of that particular user, then just add it on this url:
https://graph.facebook.com/<USER_ID>
Simple example:
function get_basic_info($id) {
$url = 'https://graph.facebook.com/' . $id;
$info = json_decode(file_get_contents($url), true);
return $info;
}
$id = 4;
$user = get_basic_info($id);
echo '<pre>';
print_r($user);
This should basically yield:
Array
(
[id] => 4
[first_name] => Mark
[gender] => male
[last_name] => Zuckerberg
[link] => https://www.facebook.com/zuck
[locale] => en_US
[name] => Mark Zuckerberg
[username] => zuck
)
Then you could just call it like a normal array:
echo $user['username'];
Sidenote: Why not use the PHP SDK instead.
https://developers.facebook.com/docs/reference/php/4.0.0
As the username is NO more available from Graph API endpoint /user-id as discussed here, I propose another workaround here (but with Python code)
In brief, we open the page at fb.com/USER_ID and scrape the username from it
#get html of a page via pure python ref. https://stackoverflow.com/a/23565355/248616
import requests
r = requests.get('http://fb.com/%s' % FB_USER_ID) #open profile page of the facebook user
r.raise_for_status()
html = r.content
#search string with regex ref. https://stackoverflow.com/a/4667014/248616
import re
# m = re.search('meta http-equiv="refresh" content="0; URL=/([^?]+)\?', html)
m = re.search('a class="profileLink" href="([^"]+)"', html)
href = m.group(1) #will be https://www.facebook.com/$FB_USER_NAME on 201705.24
username = href.split('/')[-1]
print(href)
print(username)
As of October 2019, The only way it is possible is to request for user_links in request and permissions
And then pass it in a scope, something like this
scope: ['user_link']
I have a problem with json parsing.
I have already read the many questions here on stackoverflow but I can't figured out what I'm missing.
In my site I use Facebook Api to post my feed using curl and it respond with a json message.
I take this response and I save it in my database.
In my Backoffice I need to retrieve this message and print it in case of error.
Here an example about an error message:
{"error":{"message":"(#1500) The url you supplied is invalid","type":"OAuthException","code":1500}}
In my php page I need to get just the message part so I did:
$message = get from the db and fetch;
$error_array = json_decode($message,true);
print_r($error_array);
but it doesn't print anything, just a blank page.
If I just print $message I can see the entire string.
What am I missing?
This issue it's driving me crazy all day long!!
I tried the following:
<pre>
<?php
$jsonStr = '{"error":{"message":"(#1500) The url you supplied is invalid","type":"OAuthException","code":1500}}';
$error_array = json_decode($jsonStr, true);
print_r($error_array);
?>
and getting output:
Array
(
[error] => Array
(
[message] => (#1500) The url you supplied is invalid
[type] => OAuthException
[code] => 1500
)
)
It's working as intended.
I suspect the problem is with this:
$message = get from the db and fetch;
After you load the $message variable, do a var_dump($message) and see if the string is in there (as expected).
$jsonString = '["m#gmail.com","b#gmail.com","c#gmail.com"]';
$arrayOfEmails=json_decode($jsonString);
Or
$jsonString = "[\"a#gmail.com\",\"b#gmail.com\",\"c#gmail.com\"]";
$arrayOfEmails=json_decode($jsonString);
I'm trying to get a check_authentication response working, but so far, all consumers reject it and say that my server denied check_authentication.
This is the GET and POST data that my server file receives:
$_GET:
Array
(
[mode] => profile
[username] => hachque
[domain] => roket-enterprises.com
)
$_POST:
Array
(
[openid_assoc_handle] => {HMAC-SHA1}{4b00d7b2}{vo1FEQ==}
[openid_identity] => http://www.roket-enterprises.com/openaccount/openid:hachque
[openid_mode] => check_authentication
[openid_response_nonce] => 2009-11-16T04:40:18Zrrz8R4
[openid_return_to] => http://openiddirectory.com:80/openidauth/id/c/finish_auth.php?nonce=adCevd6T
[openid_sig] => SgFE5iT9IGd5EftkrZ72mgCHiLk=
[openid_signed] => assoc_handle,identity,mode,response_nonce,return_to,signed,sreg.email,sreg.fullname,sreg.nickname
[openid_sreg_email] => jrhodes#roket-enterprises.com
[openid_sreg_fullname] => James Rhodes
[openid_sreg_nickname] => jrhodes
)
This is the header reponse that I am outputting (contains POST data as it was explained to me on IRC that sending the key-values as headers shouldn't be done to the consumer server EDIT: Come to think of it, it doesn't make much sense RESPONDING with POST data. Maybe some here can explain the whole process of check_authentication clearly).
Content-Type: text/plain;
Content-Length: 675;
openid.mode=id_res&openid.assoc_handle=%7BHMAC-SHA1%7D%7B4b00d7b2%7D%7Bvo1FEQ%3D%3D%7D&openid.identity=http%3A%2F%2Fwww.roket-enterprises.com%2Fopenaccount%2Fopenid%3Ahachque&openid.response_nonce=2009-11-16T04%3A40%3A18Zrrz8R4&openid.return_to=http%3A%2F%2Fopeniddirectory.com%3A80%2Fopenidauth%2Fid%2Fc%2Ffinish_auth.php%3Fnonce%3DadCevd6T&openid.signed=assoc_handle%2Cidentity%2Cmode%2Cresponse_nonce%2Creturn_to%2Csigned%2Csreg.email%2Csreg.fullname%2Csreg.nickname&openid.sreg_email=jrhodes%40roket-enterprises.com&openid.sreg_fullname=James+Rhodes&openid.sreg_nickname=jrhodes&openid.sig=MGVhMmQ1Mzg4ZWFlMWY1OWVlYjlmZmY0Njc3OTc5YWIzMjM3NGFjMQ%3D%3D&openid.is_valid=true;
This is the PHP code that my file is using to handle check_authentication (remember that PHP turns all . characters into _ for $_GET and $_POST variables since they aren't valid character in PHP array keys):
// Retrieve the OpenID information from the $_REQUEST data
// I'm not sure whether it's possible that this data might
// come in on the $_GET parameter instead of $_POST, so that's
// what it uses $_REQUEST.
$assoc_handle = $_REQUEST['openid_assoc_handle'];
$sig = $_REQUEST['openid_sig'];
$signed = $_REQUEST['openid_signed'];
// The method for returning data is via the headers outputted
// by the webserver. Create an array that stores the headers
// to be returned.
$keys = array(
'openid.mode' => 'id_res',
'openid.assoc_handle' => $_REQUEST['openid_assoc_handle'],
'openid.identity' => $_REQUEST['openid_identity'],
'openid.response_nonce' => $_REQUEST['openid_response_nonce'],
'openid.return_to' => $_REQUEST['openid_return_to'],
'openid.signed' => $_REQUEST['openid_signed'],
'openid.sreg_email' => $_REQUEST['openid_sreg_email'],
'openid.sreg_fullname' => $_REQUEST['openid_sreg_fullname'],
'openid.sreg_nickname' => $_REQUEST['openid_sreg_nickname']
//'openid_mode' => 'id_res'
);
// The server may request that we invalidate the user's session
// via $_REQUEST['openid_invalidate_handle']. In this case we
// will clear the session data (you may need to change this
// depending on how you implement the session). After doing so
// we continue and tell the server we did via a variable
if (strlen($_REQUEST['openid_invalidate_handle']) > 0)
{
// Reset the session
session_unset();
session_name('openid_server');
session_start();
// Set the header we need to return
$keys['openid.invalidate_handle'] = $_REQUEST['openid_invalidate_handle'];
}
// We need to validate the signature now. This constructs a token_contents
// for signing the data. The signing key is returned as openid.sig
// and is generated with base64(HMAC(secret(assoc_handle), token_contents)
$token_contents = '';
foreach (explode(',', $signed) as $param) {
$post = preg_replace('/\./', '_', $param);
$token_contents .= sprintf("%s:%s\n", $param, $_REQUEST['openid_' . $post]);
}
// Generate our openid.sig and add it to the list of keys to
// return.
$keys['openid.sig'] = base64_encode(hash_hmac('sha1',$token_contents,$assoc_handle));
// Add the data that we are sharing (via SReg) to the headers.
// For now this is fixed data (see action_authorization.php).
//$keys["sreg.fullname"] = 'James Rhodes';
//$keys["sreg.nickname"] = 'jrhodes';
//$keys["sreg.email"] = 'jrhodes#roket-enterprises.com';
// Just accept the request for now..
// phpMyID does some kind of secret-shared-key thing
// here to determine whether it is valid. I'm not
// quite sure how that process works yet, so we are just
// going to say go ahead.
$keys["openid.is_valid"] = "true";
// We need to format the $keys array into POST format
$keys_post = "";
$keys_post_first = true;
foreach ($keys as $name => $value)
{
if ($keys_post_first)
$keys_post_first = false;
else
$keys_post .= "&";
$keys_post .= urlencode($name) . "=" . urlencode($value);
}
// Now output the POST data
header('Content-Type: application/x-www-form-urlencoded');
header('Content-Length: ' . strlen($keys_post));
header($keys_post);
Can anyone help me with my problem? I've been trying to get this working for months and I can't get a straight answer on how this stage of OpenID authentication is meant to work.
First of all, although PHP transforms periods to underscores in parameter names, be sure you're sending periods and not underscores.
Secondly, your check_authentication response should only have three parameters, but you have six. Check the spec and fix up your response and see if that helps.
Andrew Arnott,you're wrong!
documentation from openid.net:
11.4.2.1. Request Parameters
openid.mode
Value: "check_authentication"
Exact copies of all fields from the authentication response, except for "openid.mode".
may be more than three fields!
I had a similar issue. In my case, the client (relying party) failed to resolve the name of the OpenId provider to the correct ip. Although this is unlikely to be the case, please check name resolution on your relying server.