I´m currently working on a school project, where we are using Apache cordova (HTML, CSS and JS side) and currently our school has a server, where our .php file is located.
In our project, (one of the HTML files) we use API key and an domain address, that we want to get rid off from source code (so other students cant see it). What would be easiest way to execute this?
We´ve been thinking following;
We use the php-file as a wrapper with the following code;
IE.
<?php
function getJson($data){
$decoded = json_decode($data);
if (isset($decoded)){
// Toteutusten haku
$url = "URL THAT WE DONT WANT TO BE SEEN";
$apiKey = "API KEY GOES HERE";
// curl
$ch = curl_init($url);
// curl_exec returnsanswer (not boolean)
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Asets api key, ":"
curl_setopt($ch, CURLOPT_USERPWD, $apiKey.":");
// Setting message - JSON
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
// Sets false if necessary
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Sends request
$responseJson = curl_exec($ch);
return $responseJson;
curl_close($ch); //close session
**}
}
?>
And in HTML file we have code snippets that looks like following;
// B building rooms
if (buildingcode.startsWith("B", 5)) {
var requestB = new XMLHttpRequest();
requestB.onreadystatechange = function () {
if (requestB.readyState === 4) {
if (requestB.status === 200) {
try {
var jsonB = JSON.parse(requestB.responseText);
for (var fb = 0; fb < jsonB.resources.length; fb++) {
var resB = jsonB.resources[fb];
if (resB.type === "room") {
if (bTilat.indexOf("code")) {
bTilat.push(resB.code + resB.name.slice(resB.name.indexOf(' ('), 50));
}
}
}
} catch (e) {
console.log(e.message);
return;
}
}
}
//console.log(bTilat);
};
requestB.open("GET", 'THIS PART HAS THE DOMAIN WE WANT TO HIDE', true, "THIS PART HAS THE API WE WANT TO HIDE", "");
requestB.send(null);
}
So my question is following; I guess we need to get rid off
requestB.open("GET", 'THIS PART HAS THE DOMAIN WE WANT TO HIDE', true, "THIS PART HAS THE API WE WANT TO HIDE", "");
requestB.send(null);
From html, but how do we request the code from wrapper?
Thank you in advance.
Extracting a link seems easy on regular link by using:
$link = $('a:eq(1)');
var real_link = $link.attr('href');
the hardest part is how to extract link from encrypted link like this:
https://jsfiddle.net/rm7mp8do/
if you hover to the link, on you status bar it will show you fake link like:
hxxp://this_is_fake_link
but after you click it, it will bring you to the original link:
hxxp://mg.com/ghits/xxx/xxx/xxx/xxx/x/x/?h=gdwagdjgawjhvjwhafgdjhwavwxdjhav
You can try this php script using curl return transfer ...
function expand_short_url($url)
{
$ch = curl_init($url);
curl_setopt($ch,CURLOPT_HEADER,true);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,false);
$header = curl_exec($ch);
$fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $header)); // Parse information
for($i=0;$i<count($fields);$i++)
{
if(strpos($fields[$i],'Location') !== false)
{
$url = str_replace("Location: ","",$fields[$i]);
}
}
return $url;
}
<?php
ignore_user_abort(true);
set_time_limit(0); // disable the time limit for this script
$path = "https://vibrantgujarat.com/pressclippingsnew.htm"; // change the path to fit your websites document structure
$dl_file = preg_replace("([^\w\s\d\-_~,;:\[\]\(\).]|[\.]{2,})", '', $_GET['download_file']); // simple file name validation
$dl_file = filter_var($dl_file, FILTER_SANITIZE_URL); // Remove (more) invalid characters
$fullPath = $path.$dl_file;
if ($fd = fopen ($fullPath, "r")) {
$fsize = filesize($fullPath);
$path_parts = pathinfo($fullPath);
$ext = strtolower($path_parts["extension"]);
switch ($ext) {
case "pdf":
header("Content-type: application/pdf");
header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a file download
break;
// add more headers for other content types here
default;
header("Content-type: application/octet-stream");
header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
break;
}
header("Content-length: $fsize");
header("Cache-control: private"); //use this to open files directly
while(!feof($fd)) {
$buffer = fread($fd, 2048);
echo $buffer;
}
}
fclose ($fd);
exit;
I Have a page which has more than 500 press clippings information along with date, name, media name and image path.
I want to download all of them using script but I Don't know how to write download script.
Here is link
Any help would be great.
Thank You.
Checkout the following function, which is not working fully, you need to try out some changes to it.
function saveImageAs(){
var images = document.getElementsByTagName("img");
for(var i=0;i<images.length; i++){
var imgOrURL= images[i].src;
window.win = open(imgOrURL);
setTimeout('win.document.execCommand("SaveAs")', 0);
}
}
<?php
set_time_limit(0);
//File to save the contents to
$fp = fopen ('download.zip', 'w+');
$url = "https://vibrantgujarat.com/pressclippingsnew.htm";
//Here is the file we are downloading, replace spaces with %20
$ch = curl_init(str_replace(" ","%20",$url));
curl_setopt($ch, CURLOPT_TIMEOUT, 50);
//give curl the file pointer so that it can write to it
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$data = curl_exec($ch);//get curl response
//done
curl_close($ch);
This will help you to download images and contents for the 1st page.
Hope this helps.
I'm trying to develop a tool which gets the links from a page, stores them in an array and opens with one click in a new tab. Is there a way to accomplish that without triggering the browser's popup spam filter?
Here's my code:
<?php
$base = "web.archive.org";
$time = "/web/20160101000000*/";
$domain = #$_POST["domain"];
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, "$base$time$domain");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 20000); //in miliseconds
$output = curl_exec($ch);
curl_close($ch);
# REPLACES ALL URLs OF WAYBACK MACHINE
$replacedHrefHtml = preg_replace('/(href=")/', "href=\"https://web.archive.org", $output);
# REPLACES ALL SRCs OF WAYBACK MACHINE
$replacedsrc = preg_replace('/(src=")/', "src=\"https://web.archive.org", $replacedHrefHtml);
#get wbCalendar
$html = str_get_html($replacedsrc);
$elem = $html->find('div[id=wbCalendar]', 0);
#extract the links and store them into an array
$data = array();
$open = '';
foreach($elem->find('a') as $element) {
$extracted = $element->href;
$open .= "window.open('{$extracted}'); ";
$data[] = $extracted;
}
echo "Open multiple links";
?>
You can test it here: seotify.com/archive-opener
Thanks in advance.
As far as I know there is no way you can ensure the popup filter won't catch you. I think the only thing you can do is to make the windows open in an "on-click" event someElement.onclick = function(){ /*POPUP CODE*/ } (so that the code is triggered in response to a user action)
I paid a programmer to make a shop basket script to work with Spreadshirt API. Everything is working perfectly, except that the basket keeps emptying itself. I think the session is lost at some point so the script creates another BasketId.
I tried to find if there was a specific reason it was happening, without any success... I can't reproduce the bug. It just happens randomly without any reason. Closing the browser, resetting apache or even the whole webserver won't provoke session lost.
I've got two different scripts working with cookies on the same domain and they don't have any problem (one is a cookie for the admin login session and the other cookie is to save the user's last viewed articles on the shop)
I tried all solutions found on google without any success : editing php.ini , forcing ini settings through php, tried the htaccess way, ...
Here's the "sessions" part of my phpinfo: http://gyazo.com/168e2144ddd9ee368a05754dfd463021
shop-ajax.php (session handling # line 18)
ini_set('session.cookie_domain', '.mywebsite.com' );
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
$language = addslashes($_GET['l']);
$shopid = addslashes($_GET['shop']);
// if($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
// die("no direct access allowed");
// }
if(!session_id()) {
$lifetime=60 * 60 * 24 * 365;
$domain = ".mywebsite.com";
session_set_cookie_params($lifetime,"/",$domain);
#session_start();
}
// Configuration
$config['ShopSource'] = "com";
$config['ShopId'] = $shopid;
$config['ShopKey'] = "*****";
$config['ShopSecret'] = "*****";
/*
* add an article to the basket
*/
if (isset($_POST['size']) && isset($_POST['appearance']) && isset($_POST['quantity'])) {
/*
* create an new basket if not exist
*/
if (!isset($_SESSION['basketUrl'])) {
/*
* get shop xml
*/
$stringApiUrl = 'http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $config['ShopId'];
$stringXmlShop = oldHttpRequest($stringApiUrl, null, 'GET');
if ($stringXmlShop[0]!='<') die($stringXmlShop);
$objShop = new SimpleXmlElement($stringXmlShop);
if (!is_object($objShop)) die('Basket not loaded');
/*
* create the basket
*/
$namespaces = $objShop->getNamespaces(true);
$basketUrl = createBasket('net', $objShop, $namespaces);
$_SESSION['basketUrl'] = $basketUrl;
$_SESSION['namespaces'] = $namespaces;
/*
* get the checkout url
*/
$checkoutUrl = checkout($_SESSION['basketUrl'], $_SESSION['namespaces']);
// basket language workaround
if ($language=="fr") {
if (!strstr($checkoutUrl,'/fr')) {
$checkoutUrl = str_replace("spreadshirt.com","spreadshirt.com/fr",$checkoutUrl);
}
}
$_SESSION['checkoutUrl'] = $checkoutUrl;
}
/*
Workaround for not having the appearance id :(
*/
if ($_POST['appearance']==0) {
$stringApiArticleUrl = 'http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $config['ShopId'].'/articles/'.intval($_POST['article']).'?fullData=true';
$stringXmlArticle = oldHttpRequest($stringApiArticleUrl, null, 'GET');
if ($stringXmlArticle[0]!='<') die($stringXmlArticle);
$objArticleShop = new SimpleXmlElement($stringXmlArticle);
if (!is_object($objArticleShop)) die('Article not loaded');
$_POST['appearance'] = intval($objArticleShop->product->appearance['id']);
}
/*
* article data to be sent to the basket resource
*/
$data = array(
'articleId' => intval($_POST['article']),
'size' => intval($_POST['size']),
'appearance' => intval($_POST['appearance']),
'quantity' => intval($_POST['quantity']),
'shopId' => $config['ShopId']
);
/*
* add to basket
*/
addBasketItem($_SESSION['basketUrl'] , $_SESSION['namespaces'] , $data);
$basketData = prepareBasket();
echo json_encode(array("c" => array("u" => $_SESSION['checkoutUrl'],"q" => $basketData[0],"l" => $basketData[1])));
}
// no call, just read basket if not empty
if (isset($_GET['basket'])) {
if (array_key_exists('basketUrl',$_SESSION) && !empty($_SESSION['basketUrl'])) {
$basketData = prepareBasket();
echo json_encode(array("c" => array("u" => $_SESSION['checkoutUrl'],"q" => $basketData[0],"l" => $basketData[1])));
} else {
echo json_encode(array("c" => array("u" => "","q" => 0,"l" => "")));
}
}
function prepareBasket() {
$intInBasket=0;
if (isset($_SESSION['basketUrl'])) {
$basketItems=getBasket($_SESSION['basketUrl']);
if(!empty($basketItems)) {
foreach($basketItems->basketItems->basketItem as $item) {
$intInBasket += $item->quantity;
}
}
}
$l = "";
$pQ = parse_url($_SESSION['checkoutUrl']);
if (preg_match("#^basketId\=([0-9a-f\-])*$#i", $pQ['query'])) {
$l = $pQ['query'];
}
return array($intInBasket,$l);
}
// Additional functions
function addBasketItem($basketUrl, $namespaces, $data) {
global $config;
$basketItemsUrl = $basketUrl . "/items";
$basketItem = new SimpleXmlElement('<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<basketItem xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://api.spreadshirt.net">
<quantity>' . $data['quantity'] . '</quantity>
<element id="' . $data['articleId'] . '" type="sprd:article" xlink:href="http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $data['shopId'] . '/articles/' . $data['articleId'] . '">
<properties>
<property key="appearance">' . $data['appearance'] . '</property>
<property key="size">' . $data['size'] . '</property>
</properties>
</element>
<links>
<link type="edit" xlink:href="http://' . $data['shopId'] .'.spreadshirt.' .$config['ShopSource'].'/-A' . $data['articleId'] . '"/>
<link type="continueShopping" xlink:href="http://' . $data['shopId'].'.spreadshirt.'.$config['ShopSource'].'"/>
</links>
</basketItem>');
$header = array();
$header[] = createAuthHeader("POST", $basketItemsUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketItemsUrl, $header, 'POST', $basketItem->asXML());
}
function createBasket($platform, $shop, $namespaces) {
$basket = new SimpleXmlElement('<basket xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://api.spreadshirt.net">
<shop id="' . $shop['id'] . '"/>
</basket>');
$attributes = $shop->baskets->attributes($namespaces['xlink']);
$basketsUrl = $attributes->href;
$header = array();
$header[] = createAuthHeader("POST", $basketsUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketsUrl, $header, 'POST', $basket->asXML());
$basketUrl = parseHttpHeaders($result, "Location");
return $basketUrl;
}
function checkout($basketUrl, $namespaces) {
$basketCheckoutUrl = $basketUrl . "/checkout";
$header = array();
$header[] = createAuthHeader("GET", $basketCheckoutUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketCheckoutUrl, $header, 'GET');
$checkoutRef = new SimpleXMLElement($result);
$refAttributes = $checkoutRef->attributes($namespaces['xlink']);
$checkoutUrl = (string)$refAttributes->href;
return $checkoutUrl;
}
/*
* functions to build headers
*/
function createAuthHeader($method, $url) {
global $config;
$time = time() *1000;
$data = "$method $url $time";
$sig = sha1("$data ".$config['ShopSecret']);
return "Authorization: SprdAuth apiKey=\"".$config['ShopKey']."\", data=\"$data\", sig=\"$sig\"";
}
function parseHttpHeaders($header, $headername) {
$retVal = array();
$fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $header));
foreach($fields as $field) {
if (preg_match('/(' . $headername . '): (.+)/m', $field, $match)) {
return $match[2];
}
}
return $retVal;
}
function getBasket($basketUrl) {
$header = array();
$basket = "";
if (!empty($basketUrl)) {
$header[] = createAuthHeader("GET", $basketUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketUrl, $header, 'GET');
$basket = new SimpleXMLElement($result);
}
return $basket;
}
function oldHttpRequest($url, $header = null, $method = 'GET', $data = null, $len = null) {
switch ($method) {
case 'GET':
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
if (!is_null($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
break;
case 'POST':
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true); //not createBasket but addBasketItem
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
break;
}
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
?>
There's also 2 other parts of the script : a form to add a sample tshirt to the basket (example.php) and a script to call the ajax (shop-controller.js). Can post it if needed but there's no session handling stuff.
update - Maybe the problem is not related to sessions. The BasketId is lost, but PHPSESSID stays the same in the browser cookies.
I did the following tests for the last 3 days (tested with diferent computers and browsers):
Empty browser cookies then start a new session during the afternoon
Add 1 item to basket, i write down the BasketId and check the browsers cookies to write down the PHPSESSID
Usually always around midnight, the basket empty itself
PHPSESSID stays the same in my browser cookies, even after basket empty itself
However the BASKETID is not the same, the one used during the afternoon is lost and a new one is regenerated
Server is CentOS 5.9 - PHP Version 5.2.9 (from OVH). Dedicated server on a dedicated IP.
First you need to find if the problem is in session's garbage collection or a logical error within the code. For that, you can:
// Add this right after session_start()
if (!isset($_SESSION['mySessionCheck'])) {
$_SESSION['mySessionCheck'] = "This session (" . session_id() . ") started " . date("Y-m-d H:i:s");
}
// For HTML pages, add this:
echo '<!-- ' . $_SESSION['mySessionCheck'] . ' -->';
// For AJAX pages, add "mySessionCheck" to the JSON response:
echo json_encode(
array(
"c" => array(
"u" => $_SESSION['checkoutUrl'],
"q" => $basketData[0],
"l" => $basketData[1]
),
"mySessionCheck" => $_SESSION['mySessionCheck']
)
);
If this message changes at the same time the basket empties, then you'll know for sure it's a problem with PHP sessions.
In that case, there are a few things you can try:
1) You are doing
$lifetime=60 * 60 * 24 * 365;
$domain = ".mywebsite.com";
session_set_cookie_params($lifetime,"/",$domain);
#session_start();
But according to a user contributed note from PHP.net docs:
PHP's Session Control does not handle session lifetimes correctly when using session_set_cookie_params().
So you may try using setcookie() instead:
$lifetime=60 * 60 * 24 * 365;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
Even though it's a 4 year old note as pointed in the comments, I tested it and it still happens (I'm on PHP 5.5.7, Windows Server 2008, IIS/7.5). Only setcookie() produced the HTTP headers to change the expiring date (example setting $lifetime to 600):
Set-Cookie: PHPSESSID=(the id); expires=Mon, 22-Jun-2015 15:03:17 GMT; Max-Age=600
2) If you're using a Debian servers or some derivative, they use a cron job to clear out PHP sessions, so you might try:
Increasing server's configured maxlifetime;
Saving your sessions somewhere else;
Using memcached.
3) To find out if there is some process clearing your sessions, you can place a watch on the directory where the session files are stored (actual path varies from server to server, use session_save_path to find out the location on yours). I'm no server admin, but I've read you can use auditctl for that, just make sure you log who made the changes to your files.
4) If you don't have access to server configuration, or don't want to depend on server config (good if you switch hosts), you can implement your own session handler. Check out this example by Pedro Gimeno.
You put only #session_start(); in the top of your all script.
An also put in the top of your ajax script.
Example Like following:
#session_start();
// you may use session script here or header file
include("header.php");
//some code. you may use session script here or header file
include("main.php");
//-----------next code
I post here, even if is an old post, in case someone experience this problem, check in php.ini session.gc_maxlifetime, or print ini_get('session.gc_maxlifetime'); you have to set it in your php script or php.ini, on my php version the default is 1440 seconds, I have changed it to 1 month, is enough in my case.
Also after start session you can
setcookie(session_name(),session_id(),time() + $sessionLifetime, "", "", false, true);
I hope this helps.
I my case, I replaced session_destroy(); with session_unset(); and problem was solved.