I have created a method that I want to expose to outside world. My application is controlled by ACL. so to consume restful service you send the data in get or post to that method via url.
http://mysite.com?action=this&data=this etc
but I think I need to send the username and password too with it dont I? Also if I do, then where do I add it?
** WHAT HAVE I TRIED **
<?php
$ch = curl_init("http://test.local/sites/loginData");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curl, CURLOPT_USERPWD, 'user:password');
// sending username and pwd.
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl, CURLOPT_USERAGENT, 'Sample Code');
curl_setopt($curl, CURLINFO_HEADER_OUT, true);
$output = curl_exec($ch);
print_r($output);
curl_close($ch);
echo '<br><br>';
echo $output;
?>
but it doesnt show me any response
If you are using http basic auth you have to configure the auth component in CakePHP properly to use that authentication mechanism.
See http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#authentication for authentication
and this http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#configuring-authorization-handlers for authorization via ACL.
Related
I want to upgrade my SuiteCRM to latest generation of SuiteCRM versions. Since I am using REST API4.1 for my existing SuiteCRM and came to know that I have to use API v8 for latest generation of SuiteCRM versions, I installed SuiteCRM 7.11.3 with dummy data on our demo server running on https with PHP version 7.1.17.
After this, I generated "client_id" and "client_secret" for "Client Credentials" Grant type by navigating at "Admin" - "OAuth2 Clients and Tokens" - "New Client Credentials Client" on this.
Now I am checking the CRM API for Authentication with Client Credentials and trying to obtain a session using below code but neither getting any array or session nor any error for this.
$ch = curl_init();
$header = array(
'Content-type: application/vnd.api+json',
'Accept: application/vnd.api+json',
);
$postStr = json_encode(array(
'grant_type' => 'client_credentials',
'client_id' => 'xxxxxxxxxx',
'client_secret' => 'xxxxxxxxxx'
));
$url = 'https://url/Api/access_token';
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $postStr);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$output = curl_exec($ch);
$tab = json_decode($output);
print_r($tab);
curl_close($ch);
I have tried by adding "'scope' => ''" in $postStr as suggested in one of posts but did not return anything.
Can anyone please guide regarding this?
Make sure you generate your private and public keys first or it wont work. https://docs.suitecrm.com/developer/api/version-8/json-api/#_before_you_start_calling_endpoints
Also your post variables should be in the body.
I have a CakePHP API Server that triggers the sending of Push Notifications to devices using the following code:
$url = 'https://fcm.googleapis.com/fcm/send';
$headers = array(
'Authorization:key = <<Authorization Key>',
'Content-Type: application/json'
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
$result = curl_exec($ch);
if ($result === false ){
die('Curl failed: '. curl_error($ch));
}
curl_close($ch);
When endpoint calls are made to the Server and triggers the above code, there is a delay due to its execution (The above code works fine).
I would ideally like this time eliminated as the code does not affect the response message. Is there a way of managing push notifications in a way that can eliminate the response time on the endpoint request?
Implement a queue. Send the task of sending the API call to a worker and you don't have to wait until it's finished.
Check this plugin out https://github.com/josegonzalez/php-queuesadilla it will allow you to create tasks and queue them. Or this CakePHP specific plugin https://github.com/dereuromark/cakephp-queue
I use Google App Engine with Curl Function. I have enabled my payment so it should work fine.
I create a PHP file in Google App Engine that contains curl function. I call it with cron job every minute. The cron job is running well every minute for 24 hours, but the curl function can't be executed for 24 hours. Here is the screenshot of my Google App Engine activities:
Everyday my curl function can't be executed from 1 AM to 1 PM, and run again normally from 1 PM to 1 AM.
I don't know what's wrong, I have checked my program and cron job setting and there is nothing wrong.
Is there something wrong in my Google App Engine setting?
Please help me
Thank you
NB. I have enabled extension = "curl.so" in my PHP.ini file
=====
UPDATE
Here is some of our code that be used:
$api = "https://api.instagram.com/v1/media/search?lat=-1.597146899999999&lng=65.21213&distance=5000&count=100&access_token=$accesstoken&sig=$sig";
$response = get_curl($api);
function get_curl($url) {
if(function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$output = curl_exec($ch);
echo curl_error($ch);
curl_close($ch);
return $output;
} else{
return file_get_contents($url);
}
}
I'm trying to perform a post request and I'm trying to do it with the digest authentication. with libcurl, I set the options:
curl_easy_setopt(curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
curl_easy_setopt(curl_handle, CURLOPT_USERPWD, "username:password");
before setting all the other option (post, url and everything). The server closes my connection and I think that no digest is made. I just don't know how to automatically obtain the challenge-response behaviour of the digest. If I set HTTPAUTH to CURLAUTH_BASIC it encodes the stuff, I see with the VERBOSE option the header containing authorization = basic. With digest no headers.
Do you know how can I do it, or can you give me some example? I really searched everywhere.
For a basic POST request you should do:
curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:pwd");
curl_easy_setopt(hnd, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
For a multipart POST (a.k.a multipart/form-data):
struct curl_httppost *post;
struct curl_httppost *postend;
/* setup your POST body with `curl_formadd(&post, &postend, ...)` */
curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:pwd");
curl_easy_setopt(hnd, CURLOPT_HTTPPOST, post);
curl_easy_setopt(hnd, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST);
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
Pro-tip: use curl command-line tool with --libcurl request.c: it outputs into this C file the list of options used to perform the corresponding request.
I wanted to use published GoogleDocs documents and twitter tweets as the datasource of a Silverlight application but ran into clientaccesspolicy issues.
I read many articles like this and this about how difficult it is to get around the clientaccesspolicy issue.
So I wrote this CURL script and put it on my PHP site and now I can get the text of any GoogleDocs document and twitter feed into my Silverlight application:
<?php
$url = filter_input(INPUT_GET, 'url',FILTER_SANITIZE_STRING);
$validUrls[] = "http://docs.google.com";
$validUrls[] = "http://twitter.com/statuses/user_timeline";
if(beginsWithOneOfThese($url, $validUrls)) {
$user_agent = 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)';
$ch = curl_init();
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie");
curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/cookie");
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
curl_setopt($ch, CURLOPT_VERBOSE, 0);
echo curl_exec($ch);
} else
echo "invalid url";
function beginsWithOneOfThese($main, $prefixes) {
foreach($prefixes as $prefix) {
if(beginsWith($main, $prefix))
return true;
}
return false;
}
function beginsWith($main, $prefix) {
return strpos($main, $prefix) === 0;
}
?>
So it makes me wonder:
Why is there so much discussion about whether or not URLs support clientaccesspolicy or not, since you just have to write a simple proxy script and get the information through it?
Why aren't there services, e.g. like the URL shortening services, which supply this functionality?
What are the security implications of having a script like this?
While you might think that a proxy gives you the same capabilities as having the client make the request, it doesn't. More specifically, you won't have the client's cookies/credentials for the target site, and in some cases, a client can reach the target site but your proxy can't (e.g. Intranet).
http://blogs.msdn.com/ieinternals/archive/2009/08/28/Explaining-Same-Origin-Policy-Part-1-Deny-Read.aspx explains Same Origin Policy at some length.
In terms of the security implications for your proxy-- well, that depends on whether you have access control on that. If not, a bad guy could use your proxy to hide his tracks as he hacks sites or downloads illegal content.