I'm trying to pass a username and password variable to the twitter credentials but it keeps returning that I'm not authenticated. However, when I use the actual username and password, instead of the variables, it successfully authorizes.
$username = $_POST["username"];
$password = $_POST["password"];
$url = "http://search.twitter.com/search.atom?q=golf&show_user=true&rpp=100";
$search = file_get_contents($url);
$regex_name = '/\<name\>(.+?) \(/';
preg_match_all($regex_name,$search,$user);
for($i=0;$user[1][$i];$i++)
{
$follow = $user[1][$i];
define('TWITTER_CREDENTIALS', '$username:$password');
$url = "http://twitter.com/friendships/create/".$follow.".xml";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_USERPWD, TWITTER_CREDENTIALS);
$result= curl_exec ($ch);
curl_close ($ch);
I'm thinking it has something to do with the colon in between the username and password, or perhaps trying to use variables within define function.
Any clues?
$username = $_POST["username"];
$password = $_POST["password"];
// INCORRECT. Will literary assign TWITTER_CREDENTIALS as $username:$password
// define('TWITTER_CREDENTIALS', '$username:$password');
// CORRECT, will parse the variables and assign the result to TWITTER_CREDENTIALS
define('TWITTER_CREDENTIALS', "$username:$password");
Remember strings with double quotes (") parse variables in the string, strings with single quotes (') do not.
Read more about strings in PHP:
PHP strings
Variable parsing in PHP strings
PHP string functions
it has something to do with using single quotes instead of double quotes.
You are using define inside a loop, that´s not gonna work because you can only define e constant once.
Related
I've scoured the threads inside and outside of SO, but nothing has solved the issue.
Background: Creating a small login system with PHP, Wordpress, and ACF (Advanced Custom Fields). Upon saving of the Post containing the Password, the password gets hashed, and the value replaced in the database. So far so good (as far as I can tell). When a user visits the login page, submits a password-attempt, the validation php file calls the Wordpress API, retrieves the stored-hashed PW, and then runs password_verify. Every time this runs, it returns false. Code below...
$pw_submit = $_POST['pw-submit'];
//Call WP API
$urlPrefix = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ?
'https' : 'http';
$siteURL = $urlPrefix . "://" . $_SERVER['SERVER_NAME'];
function callAPI($method, $url, $data){
$curl = curl_init();
$url = sprintf("%s?%s", $url, http_build_query($data));
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type:
application/json'));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
// EXECUTE:
$result = curl_exec($curl);
if(!$result){die("Connection Failure");}
curl_close($curl);
return $result;
}
$get_data = callAPI('GET', $siteURL . '/wp-json/acf/v3/pages/25', false);
$response = json_decode($get_data, true);
$db_password = $response[acf][portal_password];
if( password_verify( $pw_submit, $db_password) ){
echo "Well that worked";
}
else{
echo "No it didn't";
}
Even if I copy/paste the hashed password over and try to verify, it still returns false...
$hash = '$2y$10$2/PuBIYuhEJ69fSc2/ae.OOVr4nMrpKu.9ahRm90TuSBu0EJulWki';
$verify = password_verify('foobar', $hash);
var_dump($verify);
...it returns bool(false).
The ONLY way password_verify ever returns true is if I create the hashed-password and verify it right away. So in the validation script...
$pw_hash = password_hash('foobar', PASSWORD_DEFAULT);
$verify = password_verify('foobar', $pw_hash);
var_dump($verify); // Returns TRUE
I've checked the database and made sure the table cell is holding the entire hash (when I var_dump the pulled value, I get a 60 character string). I've made sure there are no empty spaces before/after by using trim(). I've tried replacing the containing double-quotes containing the hashed-string with single-quotes. I have no idea what's missing/going wrong. Any help/guidance is GREATLY appreciated. Thanks!
UPDATE
So the error in this was that I had forgotten to update a variable when fixing a previous issue. For those who might stumble upon this, the original issue was that Wordpress was running my hashing script twice, resulting in a hash of the first hashed password. So always check what wordpress is actually doing. Also, one thing I ran into was using the ACF get_field() to grab the unhashed password, but because I was using the wp_insert_post_data() filter, I was actually grabbing an old/current value, instead of getting the new/input password. Fixed this by using the 'acf/save_post' filter. Thank you everyone for the help!
$db_password = $response[acf][portal_password]; doesn't have properly formatted indexes. Use $db_password = $response['acf']['portal_password']; instead.
Because of this error, password_verify($pw_submit, $db_password) is verifying the users entered password with the variable $db_password which doesn't contain any information.
I use the curl function to get information from a certain webpage. In the following code the URL is static:
$curl = curl_init('http://00.00.0.00/route/v1/driving/12.869446,54.990799;12.045227,54.044362?overview=full&steps=true');
curl_setopt($curl, CURLOPT_PORT, 5000);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 5000);
$result = curl_exec($curl);
But the part's lat lng (12.869446,54.990799) in the URL need to be php variables like: $lng, $lat.
My first solution doesn't work:
$lat = '54.990799';
$lng = '54.990799';
$curl = curl_init('http://00.00.0.00/route/v1/driving/$lng,$lat;12.045227,54.044362?overview=full&steps=true');
My second solution with " doesn't work either:
$curl = curl_init('http://00.00.0.00/route/v1/driving/"$lng","$lat";12.045227,54.044362?overview=full&steps=true');
Can anyone help me with the best solution?
Variables can be used inside "".
$curl = curl_init("http://00.00.0.00/route/v1/driving/{$lng},{$lat};12.045227,54.044362?overview=full&steps=true");
You can embed variables in a string this way:
$curl = curl_init("http://00.00.0.00/route/v1/driving/$lng,$lat;12.045227,54.044362?overview=full&steps=true");
Or for better readability also add {} around variables (IDE can often make a proper code highlighting to such syntax):
$curl = curl_init("http://00.00.0.00/route/v1/driving/{$lng},{$lat};12.045227,54.044362?overview=full&steps=true");
Or alternatively you can concatenate strings with variables.
$curl = curl_init('http://00.00.0.00/route/v1/driving/' . $lng . ',' . $lat . ';12.045227,54.044362?overview=full&steps=true');
I'm using the following code to find all properties for a user and in turn delete them. My problem is that I'm getting a warning: Warning: sprintf(): Too few arguments for each of the properties.
However, when I manually enter the $user_id for the delete string as first_last%%40ourwiki.com it works!
Seems like sprintf requires double '%' but not sure why. Is there a way to get around this? Also, I'm using the same variable for file_get_contents and this works fine.
The Code:
$user="first_last#ourwiki.com";
$user_id=str_replace(array('#', '#'), array('%40', '%23'), $user);
print $user_id;
$url=("http://admin:password#172.16.214.133/#api/users/=$user_id/properties");
$xmlString=file_get_contents($url);
$delete = "http://admin:password#172.16.214.133/#api/users/=$user_id/properties/%s";
$xml = new SimpleXMLElement($xmlString);
function curl_fetch($url,$username,$password,$method='DELETE')
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch,CURLOPT_USERPWD,"$username:$password");
return curl_exec($ch);
}
foreach($xml->property as $property) {
$name = $property['name'];
$name2=str_replace(array('#', '#'), array('%40', '%23'), $name);
print $name2;
curl_fetch(sprintf($delete, $name2),'admin','password');
}
Thanks in advance!
% is a special character in sprintf(). So you have to escape all % before processing it, %% is a literal %s.
$delete = str_replace("http://admin:password#172.16.214.133/#api/users/=$user_id/properties/", '%', '%%').'%s';
You do not have to use sprintf here, you can use the concatenation operator too, like:
$delete = "http://admin:password#172.16.214.133/#api/users/=$user_id/properties/";
curl_fetch( $delete . $name2, 'admin', 'password' );
I'm trying to use file_get_contents but it tells me failed to open stream.
My code:
$user="first_last#ourwiki.com";
$user_id=str_replace(array('#', '#'), array('%40', '%23'), $user);
print $user_id;
$url=('http://admin:password#172.16.214.133/#api/users/=$user_id/properties');
$xmlString=file_get_contents($url);
This is what I get when I try to run it:
Warning:
file_get_contents(http://...#172.16.214.133/#api/deki/users/=$user_id/properties):
failed to open stream: HTTP request
failed! HTTP/1.1 500 Internal Server
Error
However, if I manually type in the $user_id first_last%40ourwiki.com then it works! What am I doing wrong? Shouldn't I be able to just use the variable name?
Remaining code:
$delete = "http://admin:password#172.16.214.133/#api/users/=$user_id/properties/%s";
$xml = new SimpleXMLElement($xmlString);
function curl_fetch($url,$username,$password,$method='DELETE')
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch,CURLOPT_USERPWD,"$username:$password");
return curl_exec($ch);
}
foreach($xml->property as $property) {
$name = $property['name'];
$name2 =str_replace(array('#', '#'), array('%40', '%23'), $name);
print $name2;
curl_fetch(sprintf($delete, $name2),'admin','password');
}
Variables contained in single-quoted strings are not interpreted.
You could do this:
"http://admin:password#172.16.214.133/#api/users/=$user_id/properties"
But a better habit is to do this:
'http://admin:password#172.16.214.133/#api/users/=' . $user_id . '/properties'
or this:
"http://admin:password#172.16.214.133/#api/users/=" . $user_id . "/properties"
or this:
sprintf("http://admin:password#172.16.214.133/#api/users/=%s/properties", $user_id)
The faster is with single-quoted strings, because php doesn't try to find variables in them.
This is because you have used single quotes. The content within single quotes is not parsed, so:
echo '$test';
won't display the value of the $test variable, but just the "$test" string. You can use double quotes instead, but anyway this is the best way to do it:
$url=('http://admin:password#172.16.214.133/#api/users/='.$user_id.'/properties');
Special characters such as \n, \t or \r also won't be parsed in single quotes.
I need to encode only part of the $delete path. Only the # in the email address and # in the property. I know how to use urlencode for the whole thing but not on just that. The way it works, is it loops through to get the properties and most of them include # in the name. Anyone who can help modify so that this works would be greatly appreciated!
The delete:
$delete = "http://admin:12345#192.168.245.133/#api/deki/DELETE:users/$user_id/properties/%s";
Here you can see $user_id this will be an email address BUT the # symbol needs to be encoded.
The properties which follow at the very end, has a # within the name, this needs to also be encoded. For example, one property name userprofile#external.created_date
Here is the code so far:
<?php
$user_id="john_smith#ourwiki.com";
$url=('http://admin:12345#192.168.245.133/#api/deki/users/=john_smith#ourwiki.com/properties');
$xmlString=file_get_contents($url);
$delete = "http://admin:12345#192.168.245.133/#api/deki/DELETE:users/$user_id/properties/%s";
$xml = new SimpleXMLElement($xmlString);
function curl_fetch($url,$username,$password,$method='DELETE')
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); // returns output as a string instead of echoing it
curl_setopt($ch,CURLOPT_USERPWD,"$username:$password"); // if your server requires basic auth do this
return curl_exec($ch);
}
foreach($xml->property as $property) {
$name = $property['name']; // the name is stored in the attribute
curl_fetch(sprintf($delete, $name),'admin','12345');
}
?>
Have you tried this? str_replace($string, array('#', '#'), array('%40', '%23'));
The urlencode function does not allow you to limit it to a subset of characters.