I have a JavaScript web app on my server and I'm looking at the possibility of doing an AJAX connection with an existing Java servlet on a different server. I'm collaborating with the servlet developer, but he is currently dealing with other projects, and I'm trying to see how much I can get done without him needing to do anything. He's not too familiar with JS and I don't have any Java experience... but we've got a lot of good intentions!
His servlet has an HTML form interface sending a POST request. As a first step I downloaded his form, uploaded it to my server and changed the form's action to an absolute URL, from
<form action="/path/to/Servlet" [...] >
to
<form action="http://remoteserver.com/path/to/Servlet" [...] >
When I test the form on his server, it works fine, but when I test with the same exact input on the form on my server, the server returns a 500 error with a Java exception:
java.lang.NullPointerException
Filechange_b2.doPost(Filechange_b2.java:322)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
I realize that this is a bit of a black box problem, but based on these clues, is there anything I can do from my end? It's my understanding that a form request wouldn't trigger any CORS-related security issues; my hunch based on the code here is that there is something in his code that is relying on the assumption that input is coming from a local page.
Any ideas to go on here? Thanks very much for your help.
EDIT: Okay, looks like the JSP/Java interaction is more complicated than I originally thought and involves passing a session ID back and forth. That at least gives me something more to go on. Yay learning!
Related
I want to create a php app that will check ticket status from FIFA page that is created in angular js.
I tried to get data by using PHP, PHP curl Method, PHP file_get_content(), Jquery, and Javascript but all the time i got empty array.
hopefully there will some restrictions from angular js and server. link is given below please help me to check data from website.
https://tickets.fifa.com/Services/ADService.html?lang=en
You are talking about screen-scraping. Screen-scraping is a fragile solution because if they change the HTML for their page then your application will break.
That said, in your case the reason you got an empty array is because that site's webserver prevents screen-scraping. If you'd checked your php error log you would have seen a 403 forbidden error.
Simply put.. FIFA does not want their data to be stolen and used for purposes other than what they intended it for.
So i wrote this qml app for mobile in which i am trying to pass some data via http POST request to a php page on a webserver. After having done some research, I am assured that I should be able to do this from a qml document using javascript xmlhttprequest. all seems very neat and simple (I found a few variations on the web like this Https POST / GET with Qml/Qt). From which I used the script in the answer.
For a test scenario, I have spun up a LAMP (with L = Ubuntu server) on a Virtualbox, I try to POST some data in a param (much like in above link) to a .php page but get only http.status = 0 . The php script is never getting any content in $_POST. So first thing to check is that i can actualy do a http POST request to that same server via a webform in a browser. That works without a hitch.
So i am begining to get the idea that doing xmlhttprequest outside of a browser is not the same as within one. And this may mean that i need to do some config voodoo on the Apache side. I am by no means an apache guru So I am at a loss now.
Hopefully someone has done something like this or is spotting what I am missing?
Thanks.
oh my :( I made the most idiotic php scripting error that I overlooked about 200 times. Sorry! well lets say that even geniuses err sometimes.
To make this somewhat usefull: I have to say that I still do not understand why I was handed back http.status = 0 . I discovered that this was the wrong errorcode when I started using curl. doing a POST from curl suddenly gave me back general http errorcode 500. So that made me dive into /var/log/apache2/error.log and there I saw my stupid mistake.
I am trying to use a web service in iOS to replicate the functionality of this form. I am running into a problem though. Anytime I send a post to it, I get an error saying
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
/prod/bwckschd.p_get_crse_unsechas been permanently removed from this server.</p>
</body></html>
When I goto this page and select Spring 2013, it takes me to this page. The problem is, the page 2 only loads if you went through page one to get there. How does the website know whether you went through there or not? I dug around and found it sends a POST request with the value p_calling_proc=bwckschd.p_disp_dyn_sched and p_term=201320(for spring 2013). When I send page2 this POST command I get the same results as if I just visited page 2 without visiting page 1: "/prod/bwckgens.p_proc_term_datehas been permanently removed from this server." I then thought I should behave more like a web browser and initially send a GET request to page one. When I receive a response, I should send a POST request with the aforementioned data filled in. When I do this, I still get the same error. Is there something I am not taking into account? All I want to do is send GET/POST requests so I can get a list of the classes being offered.
The second page basically sends a POST request to this page with the following variables:
term_in=201320&sel_subj=CS&sel_day=dummy&sel_schd=dummy&sel_insm=dummy&sel_camp=dummy&sel_levl=dummy&sel_sess=dummy&sel_instr=dummy&sel_ptrm=dummy&sel_attr=dummy
Can someone help me figure out how to replicate this behavior? I know very little about web development and feel like I am missing a key point here which is hindering me from finishing this app. Thanks.
Most likely the first page sets a cookie that the second page checks.
i am using gwt.
i need to check some input data.
all checking functions are located in PHP server check.php
i am not using javascript checking executed from locally.
all i am doing is to send user input to server by ajax and validate in that place
and error message comes from server to client's gwt widget.
is it best approach??
i can do all checking from locally.but not doing.because server side is importent.
all checks must be resides in server so i am doing all checking from server.
if i do check locally and serverside two times ,then will it be best approach??
What you'll want to do is:
Use this account the next time you come back, or any of the others you've created, instead of creating an account each time you come to the site. Avoid this mess.
Create a .php page that accepts JSON-encoded data that you'd like to verify, and respond with some text like "OK" if it's valid. (I'm no PHP expert, but I'm sure there are plenty of them here)
Use GWT's RequestBuilder to send this data to the .php page, and call the RequestCallback's Response's getText() method. Check if the text is "OK" -- if so, the result is valid!
If you need more detail on any of the specifics, just let me know and I'll edit to clear things up.
Generally I agree with Jason (especially the with the first point :D).
I'd like to add that you should do validation on the client side first. Why? Because it allows you to weed out some obviously wrong inputs => less load on the server. But never accept the values from the client, just because your JS code said so - the general rule is to never trust the client side (because, well, it's the client side and the client can change the way your code works).
So in summary, I usually take these steps in my apps, they offer security and lower the load on your server, but may require a bit more work to write and maintain (especially if your client side and server side use different languages):
Validate input client side. If it doesn't pass, don't bother sending it to the server, just show an appropriate message.
If it does pass, send it to the server, but you must rerun the validation on the server side too.
If the server side validations report an error, send it back in some form (JSON with the error message and/or error code, set a HTTP response code, etc).
First off, let me say that I know this does not seem like an uncommon issue. I do not intend to clutter these forums with questions that have already been answered, but, I have worked through probably about 3 dozen threads with similar issues and have been unable to reach a solution.
The short description of my issue is this: I am trying to redirect after submitting a form using php's header(location:) function, and it's not redirecting. It is a little bit complicated because the form is submitted via AJAX. The steps my code goes through are as follows:
User submits form > form data sent via AJAX > form processing page validates data > if valid, form processing page inserts data into database > if submission is successful, form processing page adds redirect URL to $_SESSION > form processing page returns a 'redirect' variable > javascript/AJAX checks for redirect variable, and refreshes page if found > page header checks $_SESSION for redirect URL, and if found, sets appropriate headers and exits.
I guess the first thing I want to ask is, is this the right way of going about this? It seems to me that there should be a simpler way of doing this. It's obviously much simpler to pass the redirect URL to the javascript and do a window.location redirect, but I read that it's much better/more secure to handle that on the server side, so I'm trying to do that.
Assuming I'm going about this in the right direction, what could be going wrong here? I've checked for leading and trailing whitespace, BOM characters, I've even tried output buffering and I still have the same issue.
What happens on form submission is, the page refreshes, but it returns to the original form page rather than the redirect url. I have turned on the most detailed error reporting and get no errors at all.
One thing that may or may not be of interest, I have an error_log function set up to log all headers to a file right after I set the Location: header. When I redirect outside of AJAX (which works), the accept: header is set to html, but when I try to do it via AJAX, the accept header is set to JSON. Could that cause a problem?
Thank you so much for taking the time, and again, apologies if this is a dumb question. I have used this forum for years and have never once had to post a question on it because it has always solved my problems until now. Thanks in advance!
PHP is too generous to include in your code not only HTML code, but also JavaScript code. I'll explain one thing. When you send data by ajax, it is often difficult return Boolean data (whether true or false, depending on the conditions we work side server with php in some file established in our direction ajax) to give a final answer.
On the other hand, returning to the generosity of PHP, always when we try to validate data server-side and through ajax, we can manipulate the section where work freely to show some response message, a redirect to somewhere on your page or create a session. Anyway, whatever.
What I mean is that in your controller section where you will work with AJAX, you can set different conditions. That is, if the user data are correct, then you could send to call a script from Javascript to redirect him with a location.reload (); and also assign a session automatically. If the user does not have the correct data, then what we should do is return a warning message or alert to the exit AJAX, usually it goes after a:
function (response) {
$ ('.answer').html(response);
}
Note that it is not necessary require, for example, a $ ('.answer').html(response); to return an answer, because ajax only sends data to the server and if there is a reply message well, and if not well. Many times what I do, is to send messages via console, although it is often convenient to do so, because as often work with several conditions and that depends on the result of our request, we will be forced to show some response in some element within our code.
What I advise you is that you work javascript in PHP, and hence redirect to other pages, assign sessions or simply return a message. Remember that an ajax request is not only asynchronous, but repetitive and can send it to call as often as you need. The fact that you sent your ajax call php file and you have returned an answer, does not mean you can go back to work with it once you finish your ajax request.
It is the right way to do what you want, it is often easier to manipulate our server-side code that client side. Greetings.