PHP: transfer a large array between two sites - php

I'm trying to transfer a large array between two sites in PHP. I'm the admin in both.
The array is created on one site, and after its creation I wish to automatically redirect the user to the other site, and pass the processed array along.
I cannot use the SESSION superglobal, as it is limited to a specific domain.
GET is not suitable, as the array is too long.
I'm not sure if POST is suitable, and if there is a way to automatically send the data without forcing to user to click a button and submit some form. I know javascript can be used for this, but prefer to have something more robust.
I'm relatively new to PHP, and would love to hear of any other ways of performing this.
Thanks!

The easiest way would be to use a HTTP library like cURL and setup and send a POST request to the other site. Also including the users IP address would allow you to associate the posted data. Without JavaScript you cannot redirect a user with POST data.
One thing you may want to be aware of with the above method is that depending on how it is implemented the user may arrive before the data does.
There is no limit on POST as defined in the HTTP specs, but you may run into issues handling it on your other server (depending on what you mean by large) depending on php configuration. (POST limit is I believe set to 8MB by default)

Send an HTTP POST request via cURL functions and add the serialize()ed array to the request body.

I'd do something like this:
generate a token on Server A (e.g. sha1(timestamp + session id + random()))
use cURL to post the serialized array to the Server B, passing along the token you generated
On Server B, store the serialized data and token in a database table - fields: token (CHAR), data (BLOB)
redirect the user to http://ServerB/?data_token=[TOKEN GENERATED IN STEP 1]
Server B fetches the data associated with the token from the db, deletes the db entry, and stores the array in the new user session.

Well, if they are both on the same server, you can have one hijack the others session. I have used this to jump to a secure server before, use the session_id() function on the first host to get the session, then use the same function to set it on the second host.
See http://www.php.net/manual/en/function.session-id.php

I would suggest that after you create the "Array" you associate it with an ID(and store somewhere) and then redirect to the other with this ID. From site 2 using the ID, you can call a page on site 1 which returns the "Array"

Your problem:
sent array(ar) From Server(a) to Server(b)
My solution:
Server(a) generates an unique url(url) for Server(b) which contains Array(ar) encoded in for example json using json_encode(ar). This Array(ar) should be stored at url using for example mysql or just a simple text file.
$uid = md5(uniqid(mt_rand(), true)); // to generate unique id
Server(a) redirects browser to Server(b) also containing $uid
$url = "http://server-b/page"; // url to page
header('Location: $url?uid=$uid');
Server(b) gets the content from url on Server(a) and decodes content back to Array(ar)
$uid = $_GET['uid']; // uid
$url_server_a = "http://server-a/webservice?uid=$uid";
$ar = json_decode(file_get_contents($url_server_a));

I guess you could serialize it, save it as a file that is accessible from the other server and load it again from the other server. That way, no user action would be required but you'd have to protect the directory where you save the file to avoid privacy problems.
Edit: I´m assuming they're on different servers, otherwise it would be even easier...

If it were me, I'd store the information in some other medium: a memcache type environment for example, or a database that both can access.

After the array is created you could quickly generate a page that has a form which contains the data in a hidden field. This page could then automatically submit the form (with method="POST") to your redirect.

You could decode the array into JSON and send a link to the second server, which contains the download for the temporary JSON file, just re-decode the JSON file back into PHP and you do not have to use LONG URLs.

Related

GET vs POST when requesting data on button click?

I'm using Laravel 5.3.
Essentially, when a user clicks a button on the screen, I need to get data from the database (using AJAX), and then display that data on the screen.
However, I'm not sure if I should be using a GET or POST request? I've only ever used GET requests for routing when the user wants to get to a specific page, like a GET request for /index or /profile.
Which should I use?
There is a difference between GET & POST method in Laravel
GET is used when we want to get some data from the server and we do not send any parameter in request. And the security threat is not a concern, like you are opening a page on browser
POST is used when we want to send some parameter to the server and based on that parameter some processing is done. In laravel it is mandatory to include CSRF token wit the request for security concern.
So choose as per your requirement.
easy! Use GET when you're to getting data, and POST when you're posting data.
There are even more of these request methods (or verbs, if you like). For example a PUT request to edit data, DELETE request to delete data etc. However, these aren't supported in most browsers yet, but i know laravel has a clever workaround so you can use them anyway. check this links:
https://laravel.com/docs/5.3/routing
This is actually something of your own choosing. If the operation is a sensitive one you might consider using POST so that you can have protection over CROSS-SITE REQUEST FORGERY from attackers but if not so you can simply use GET
If you only want save data in database(no return data) so you should use POST. And whenever you want to get data from database so you should use GET.
Ex - If you want to insert a new user information in database so here you use GET method and if you want to edit existing user information and return updated information so you will use GET method.

Laravel 4 store temporary data

I want to temporary store a series of array which will be used by next request. The stored information contains some sensitive data which will be used for navigating around that page with ajax call. The data were different from pages to pages. So, I just need to temporary store it for use when user is on that page.
First, I try to do it with cache: Cache::put($dynamickey, $multiArray, 20); But this will result in huge amount of "junk" cache store inside the folder even after it is expired.
So, I tried with session flush: Session::flash($dynamickey, $multiArray);. This works when user is open only 1 tab of webpage. But if user is open multiple tab of this website, it breaks.
For example:
1. User browse this website on tab1.
2. Then, user browse this website on tab2. As soon as after user browse website on tab2, the session data for tab1 is removed.
3. User come back and navigate tab1 content. The system break, and not working.
How can I store temporary data which will be deleted once it is no longer required, but also works well with multiple tab?
Thank you.
So, on the page that actually sets the session data you will need to generate a dynamic key which you can also generate when the ajax call is made. So:
Session:put($dynamicKey, $data);
Since the server doesn't know if you have multiple tabs open it just processes more requests, we need to distinguish AJAX requests from standard ones. This can be achieved via:
if (Request::ajax())
{
if (Session::has($dynamicKey)) {
Session::forget($dynamicKey);
// Do your application logic
}
}
So the session will not be removed until an ajax request is made where you can regenerate that key, now if you cannot regenerate that key from the data provided then you cannot tell apart two different requests. So you will need to get this key to the client side some how such as echoing it into a bit of javascript.
Now the AJAX call can utilise this key and send it in the request, where your server can pick it up and find the correct session of that tab.
Hope you understand this.

protecting/authenticating JSON requests to server

i am using Ajax to send JSON data over to my server for a php script to parse.
for example this is the JSON which will be outputted:
http://myserver.com/parse.php?user=123&point=100&callback......
and the "parse.php" script will GET the points in the URL and give it to that user which the user id is stored in the user=123.
However , if a person directly use "http://myserver.com/parse.php?user=123&point=100&callback......" on their browser without letting my javascript to initiate it , they can cheat their points , which they can set to any amount they like in the URL.
So how can i protect/authenticate the JSON request??
If you're passing the user points via an AJAX request or something similar client-side, then you simply cannot protect your application against cheating. Your user is telling the script he/she scored 100 points, how can you be sure that's the fair number? Pass over the initial data you're using to compute your score, like valid answers for the questions or whatever it is you're measuring.
If you have a login mechanism in your application, you could check for the valid credentials on the server-side when executing your script, without actually passing the user identifier via GET/POST.
Lastly, in your method you can check for the AJAX header and the referer ($_SERVER['HTTP_X_REQUESTED_WITH'] and $_SERVER['HTTP_REFERER']) to make sure the request comes from your JS code, but this is really just a minor tweak which is easy to compromize. Also, not every browser passes the referer header (depends on privacy settings), so further problems may arise.
Require Users to be logged in to invoke parse.php. If the request doesn't supply a valid session id, refuse to take action.
Don't put any game data and logic in client side.
Never trust the client. You always must calculate server-side.
More infos (don't rely on link title, there is a lot infos in answers) : https://gamedev.stackexchange.com/questions/3695/how-do-you-prevent-your-javascript-html5-web-game-from-being-copied-or-altered

Can i pass a session data from a aspx page to a php page?

I need to add in a survey form to an old asp.net application. I tried using creating another asp.net application but the server doesn't allow.
the survey form will get the user's particulars from a database, after everything is filled up and validation is done, a submit will create an excel spreadsheet, send a email to the user and update the database.
However the web server is not running the page of the new application, error says that a virtual directory is not created for the application and i do not have the access to the IIS manager, i only have the ftp access.
I am thinking of using php to do the job instead. My plan is to pass the session("userid") of the apsx page and call a response.redirect(survey.php). From there the php must know which user had done the survey, so i need to pass a session variable from aspx to php so that i only who is doing the survey.
Is this method possible? If so, how can i pass that session variable?
This seems like a hacky solution. If you are modifying the ASPX to do the response.Redirect, surely you and put your logic there instead of creating a PHP solution alongside?
If you really want to do this (which I don't recommend), just pass it in the QueryString.
response.redirect("survey.php?userid=" + Session["UserId"]).
You could store the session information in the database, to be shared, which would avoid showing the values in the querystring (unless you encrypted it). ASP.Net has a SQLServer mode for session which you might be able to use by querying the DB from PHP. Otherwise just a custom table with the usual expiry date, user id etc. could work.

php: pass large arrays of data through pages

I am trying to to solve a problem where I need to pass large arrays of data to another page, this is my scenario:
The user input his/her gmail login information inside a form, I then send this information to an ajax page where i authenticate and fetch all the contacts, if the login is invalid they can try again but if it authenticated I need to send them to the next page where I parse all the emails and check if they match any users on the site.
Method 1 (didn't work):
Store all the data inside a session, this only work if the array is small as there is a size limit for the sessions.
Method 2 (didn't work):
Add an hidden input with javascript and then submit the form (also with javascript).
As it turns out you can't submit the form and return true (change page) unless the user triggers the event.
So how should I go on, should I just skip the ajax authentication and send them back to the previous page if it didn't work or is there some workaround to my problem?
Why don't you store the data in a database, MySQL, or SQLite if MySQL is not available to you. In there, you would store a serialized version of your array linked to the users session id.
The MySQL table I'm thinking of:
id | session_id | data
http://php.net/manual/en/function.serialize.php on how to serialize your array.
If you are able to fetch the data again on the next page, you could do that instead of passing it between pages.
Since you are using jQuery you can submit the data directly or as a hidden element on the form without a user click. Assuming the second submission is via AJAX you can:
$("#mydiv").load("secondpage.php", {email1: 'blah'}, function(){
alert("Submitted everything nicely");
});
Depending on your webserver, but session variables do not typically have a size restriction. Apache+PHP you could handle extremely large sizes, instead you should care about
http://ca.php.net/manual/en/ini.core.php#ini.memory-limit. In addition, PHP.ini carries session.size variable that you could adjust. I am not sure how it did not work for you; you used $_SESSION, right?
Finally, to make a better persisting yet fast (faster than Database) volatile storage I would recommend using Danga's memcached. It is very stable, widely used and has wrappers for every possible language flavor.

Categories