I created a valid ticket using a webservice call...code shown below
$url="http://serverip:port/alfresco/service/api/login?u=xxx&pw=xxx";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
$response =curl_exec($ch);
Now using this ticket i want to authenticate alfresco without again entering username and password.Also i want to create a valid cookie JSESSIONID inside browser with this ticket...Is it feasible??
my purpose is to integrate a php application with alfresco....php application already has an authentication system...so i want to bypass the authentication of alfresco
You need to append below parameter
alf_ticket="TICKET_WHICH_YOU_GET"
for further authentication.
Finally i resolved the issue by calling the login page url http://ip:port/share/page/ via Curl with login parameters(username and pwd)...I got JsessionId as response from curl...Now i took that JsessionId and set inside the browser...so wen u click http://ip:port/share/page/ the login page is bypassed
As per your suggestion, we are tried with below curl call but their is no JsessionId in response. can you please check and let me know the resolution
$post = [
'username' => 'user',
'password' => 'pass',
];
$ch = curl_init('http://ip:port/share/page/dologin/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
// execute!
$response = curl_exec($ch);
// close the connection, release resources used
curl_close($ch);
// do anything you want with your response
var_dump($response);
please suggest with the solution
Related
I am trying to make an Auth via JWT Authentication for WP-API plugin. I am trying to follow this tutorial - steps, in this link:
https://firxworx.com/blog/wordpress/using-the-wordpress-rest-api-with-jwt-authentication/
Thus, I made a function in my functions.php file, inside my child theme and call this function in the header of a custom page template I have created, before get_header(); func. So, my code for now is like this:
function getToken() {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,'https://www.example.com/wp-json/jwt-auth/v1/token');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'username=admin&password=password');
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/x-www-form-urlencoded',
"cache-control: no-cache",
));
$server_output = curl_exec($ch);
$token_result = json_decode($server_output);
if(isset($token_result->token)) {
return $token_result->token;
}
else {
return $token_result->message;
}
}
But, still getting this error:
"Invalid response getting JWT token on WordPress for API integration"
I want to make this API Call, in order to validate the user, before proceed my script. Without this validation, PHP should stop being execute.
After doing this API Call, I would like to make a POST in some Advance Custom Fields (ACF Pro plugin) that I have in some custom posts types..but this is another question..
Any advice or any other workarround solution on that, could be helpful please let me know
*EDITED
Found something.. because of Wordfence - captcha I can not get the token. it tells me to verify via email sent. Thus, the wordfence said: The filter “wordfence_ls_require_captcha” can be used to disable the CAPTCHA in circumstances of your choice. This may be useful for plugins that contain REST endpoints with authentication that should not require a CAPTCHA. Your filter should return false to bypass the CAPTCHA requirement when necessary, or otherwise true when the CAPTCHA should be required". How could I use this filter and where? How to return false in this filter like plugin suggests?
There is also the same problem here:
https://wordpress.org/support/topic/recaptcha-and-rest-api/
but no solution posted
Anyone, how to disable the verification send email through Wordfence? cause this is the problem
Finally, I got this working!
thanks to this post
How to disable auth verification email send, from Wordfence?
and #mircobabini help.
I have added the filter in my functions.php file of my child-theme like this:
add_filter( 'wordfence_ls_require_captcha', '__return_false' );
Thus, the validation email for logging in via Wordfence, does not send anymore and I can proceed to my code.
*I have edited my getToken() function, because there were some errors in it!
My website is on an Infomaniak cloud server.
I can create a cron task with Authentification Digest.
So I made a Method "updateAction()" that update my database.
If I run this method in my browser (http://site1.com/update/), then I authenticate with my username and password. (It works and the database is updated)
I create a cronjob in my "Infomaniak Cloud Server" with Digest Authentication and the URL : http://site1.com/update/
I obtain this mail notification :
Cron name : Update
Date : 19/01/2018 16:51:18
Url : https://site1.com/update/
Result : OK
Detail : 204
Reponse : No response
So, the HTTP response is "204 : No content"
And my database is not updated.
Could you help me ?
So the solution is :
$url="http://site1.com/update/";
define('USERNAME','user');
define('PASSWORD','12345');
$ch=null;
try
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, USERNAME . ":" . PASSWORD);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
$resp = curl_exec($ch);
}
catch(Exception $ex)
{
}
I am currently trying to do a News Search on the MS Cognitive Services Bing Search API. I have read many docs, but seem to be stuck.
Here is the code I'm using:
$url = 'https://bingapis.azure-api.net/api/v5/news/search?q=microsoft&mkt=en-us';
$key = '{MY KEY}';
$request_headers = array();
$request_headers[] = 'Ocp-Apim-Subscription-Key: '. $key;
$request_headers[] = 'User-Agent: mozilla';
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);
$data = curl_exec($ch);
curl_close($ch);
echo $data;
This code returns the following result:
{ "statusCode": 401, "message": "Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription." }
As I get the same result from the API Explorer on the site, I think the problem is with my key, rather than my code. But this is the key supplied by Cognitive Services for my subscription, as found on https://www.microsoft.com/cognitive-services/en-us/subscriptions (when logged in).
If this is not the correct key, what should I be using?
I'm on the Cognitive Service team at Microsoft. You may hit this issue for the Bing APIs if you generated your subscription keys after 22 June (or renewed your key) and are currently using the https://bingapis.azure-api.net/api/v5/ base URI.
When updating to use the new subscription keys, you must update your application to use the https://api.cognitive.microsoft.com/bing/v5.0/ base URI.
Additionally, If you were using the API Reference for Bing APIs, you can try the following links below which should work with the new keys.
Apologies for the inconvenience and thanks for reporting the issue- we are getting the link updated.
I don't use javascript, so I'm completely new to it.
I have a link where I want to login per POST request. Just send a POST request with pre-defined correct login and password and get the data on the next page.
I'm using developer mode in Chrome to look on the requests sent by browser.
But when I type in correct combination of username and password, I don't see a single POST request, only GETs.
With incorrect username and password I'm able to see a POST request with following Form Data values:
xjxfun:_validateLogin
xjxr:1389197444586
xjxargs[]:<xjxobj>
<e><k>Username</k><v>SmyUsername</v></e>
<e><k>Password</k><v>SmyPassword</v></e>
<e><k>Autologin</k><v>S1</v></e>
<e><k>REFERER</k><v>Sdailyfield</v></e>
</xjxobj>
Here I typed in myUsername for Username and myPassword for Password.
My question is
What POST request do I need to send to this server to imitate form filling and submitting?
Thank you for answering. The best answer you can give is to describe the POST request with necessary data/headers/values, so that I can prove it fast in some REST client in browser
Here is the data I got sent from a valid login:
xjxfun:_validateLogin
xjxr:1389422948740
xjxargs[]:<xjxobj><e><k>Username</k><v>S<![CDATA[myemailhere]]></v></e><e><k>Password</k><v>Smypasswordhere</v></e><e><k>Autologin</k><v>S1</v></e><e><k>REFERER</k><v>Sdailyfield</v></e></xjxobj>
And this is what I got returned:
<?xml version="1.0" encoding="utf-8" ?><xjx><cmd cmd="js">Slocation.href = 'sudoku_des_tages.htm';</cmd></xjx>
By the way, this was a POST request.
I think the reason that you can only see GET requests, was because an HTTP redirect occurred on the server-side with your authentication details, and that request (as with all page requests) is a GET request, which is probably why you can only see GET requests with successful authentication.
Update: From what I understand, you are sending the values as header values (in others words, alongside Content-Type and the like), while you should send them in the post formdata. This is why you are finding your answer.
You can always use CURL :
$fields_string = '';
$url = "yourProceesfileURL";
$userdata = array(
'email' => youremail,
'password' => yourpassword
);
foreach ($userdata as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($userdata));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$result = curl_exec($ch);
curl_close($ch);
:)
Note: This solution was suggested when the question was tagged with JavaScript and PHP and without Objective-C.
You can use JQuery to simulate the form filling like this:
$(function(){
$('#Username').val('MyUsername');
$('#Password').val('MyPassword');
$('input[type=submit]').trigger("click");
});
Working example here
First you want to set the values by getting the input element with his id and then setting his value. Once you finish updating all the requested values just trigger the submit button.
This will simulate you filling the form and submitting it. To do this automatically I would use PHP to get the content of the page and then firing the JQuery function:
echo file_get_contents("http://www.sudoku-knacker.de/anmeldung.htm?ref=dailyfield");
$agent = "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)";
$ch=curl_init();
curl_setopt ($ch, CURLOPT_URL,$url );
curl_setopt($ch, CURLOPT_USERAGENT, $agent);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch,CURLOPT_VERBOSE,false);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch,CURLOPT_SSLVERSION,3);
curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, FALSE);
$page=curl_exec($ch);
//echo curl_error($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
I'm using cUrl at my project. I'm getting HTTP CODE of web sites. But when i try "asdasd" ($url="asdasd") , returned HTTP CODE is 200 . But "asdasd" isn't a web site. Why HTTP CODE is 200 ?
You might want to check the return value from curl_exec first. It says in the manual:
Returns TRUE on success or FALSE on failure. However, if the CURLOPT_RETURNTRANSFER option is set, it will return the result on success, FALSE on failure.
For curl_getinfo there's a side note:
Information gathered by this function is kept if the handle is re-used. This means that unless a statistic is overridden internally by this function, the previous info is returned.
So that HTTP 200 might well be the result of a previous cURL invocation.
Another possible error can happen if you develop in local and you use custom managed DNS services, then you probably can get some managed error pages like OpenDNS is doing.