My web app was previously using the following function to check the existence of a twitter account:
var checkTwitter = function(username){
$.ajax({
url: 'http://twitter.com/statuses/user_timeline.json?screen_name='+username+'&count=1&suppress_response_codes=true&callback=?',
dataType: 'json',
success: function(data, success){
if(data.error){
//gone bad code
} else {
//gone good code
}
}});
}
Which has been happily working for a month or two. Now the url returns:
{"error":"Not found","request":"\/statuses\/user_timeline.json?screen_name=mildfuzz&count=1&suppress_response_codes=true&callback=?"}
when checking for my own twitter account (#mildfuzz).
What's gone wrong?
Twitter recently changed their API rules maybe it is coz of that?
Try changing to https.
According to Twitter Dev use HTTPS
And you must have an authentication context.
https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=twitterapi&count=2
You should also change your success function to :
if(data="[]" || data.error || data.errors){
//gone bad code
} else {
//gone good code
}
error (when not authorised) : https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=test&count=2
errors (when user does not exist): https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=qsdsqdq&count=2
Also when the user does not exist, it can return an empty array (although i have no idea why) : https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=dsf&count=2
https://dev.twitter.com/docs/api/1/get/users/lookup
this link fixes it. Twitter now have a function for simply looking a user up, which does not require authentication.
Related
I have a Javascript file that handles a button click on my html page. It works well and detects the button tap, however I can't make the POST request work inside the addEventListener method. I get no errors in the console of my browser, it just simply doesn't work. My question is that what is missing? Based on the POST requests I checked this implementation should work fine.
// my .js file:
(function(){
const btnSignUp = document.getElementById('btnSignUp');
const txtEmail= document.getElementById('txtEmail');
btnSignUp.addEventListener('click', e => {
const email = txtEmail.value;
console.log('test log');
if (email.length < 4) {
$.ajax({
type: "POST",
contentType: "application/json",
url: "/signup/",
data: JSON.stringify({title: email}),
success: function (data) {
console.log(data.title);
},
dataType: "json"
});
}
});
}());
Remove the alert call from your object, that’s a syntax error, thus your snippet will not run because of that.
Also, unsure if this will make a difference but you could either replace the self executing function (IIFE) with jquery onload function, both provide an encapsulated scope... example below
(function () {
//...
})();
Becomes
$(function () {
//...
});
Where
//...
Is your code.
I would also add an error field to your jquery Ajax call, that way you can log any error.
error: function (err) {
console.log(err);
}
That’s about all I can advise, given you have a syntax error in your question.
Become friends with the browser development tools, specifically the console and network tabs, console tab would pick up your syntax error, and network tab will yield the answers you’re looking for, when asking “is the endpoint being hit”, and “what response is the endpoint giving”.
Lastly, I’d add any else statement, after your if, which checks for the length of the email, a simple log will do, could be that you’re fetching the wrong email field, or it isn’t long enough.
Okay, so, I have a PHP and JS-based webapp that does mostly what it's supposed to do. This being said, before I show any code, bear in mind a few things.
1.)The top two location headers inside the 'if' loops work as intended.
2.)In the development tools in Chrome, the location is in the header for this request.
PasteBin to my code here.
In my JQuery (defined in html head), we see a button name "subAll2", which is supposed to post the intended data, and do a redirect using aforementioned JQuery. The other two redirects work via intended forms. Why does this one not work?
$('#subAll2').click(function() {
var action = $('#frmUser').attr('action');
$.ajax({
url : action,
type : 'POST',
data : $('#frmUser,
#frmUser2').serialize()+"&butSubmitAll=submitAll",
success : function() {
window.location.replace(action);
}
});
return false;
});
Obligatory codeblock for requirements. Please check the PasteBin.
I found the answer. In the JS, replace the success function with
success : function(data) {
if (data == "success")
windows.location = "list_user.php";
else
alert("Form didn't go through.");
}
And instead of
header("Location:list_user.php");
Replace with
echo "success";
Say I have this code here (somewhat pseudocode)
$.ajax({
url: "/api/user",
success: function(resp) {
var data = JSON(resp)
if (data.user.is_admin)
// do admin thing
else
// do something else
}
});
Basically the endpoint returns some info about the user and the callback handles the rest. Can I put a breakpoint before the if statement and change data.user.is_admin to be true before the statement is ran? Is that possible?
It is absolutely possible. You can't trust on client code for any security check. Anyone could play with it using something as simple as browser developer tools.
That kind of logic must be on server side, I'm afraid that you have no choice if you need yo keep that safe.
I'm feeling scared about a solution i'm using in one of my app.
Basically, i use this snippet :
var username = ...;
$.ajax({
type: "POST",
url: "getFeed.php",
data: "username="+username,
success: function(html) {
// do the stuff
}
});
My question is : is this hackable ? If you use the chrome/firefox/... build-in code editor and replace var username = ... by var username = 'user1';, would it work ?
Thanks
Yes, anyone with a javascript debugger will be able to change the variable to whatever username they want. JavaScript is always open to the user and can be modified easily.
Typically you would have a login page to authenticate the user (often cookie based), and then on every subsequent request (Ajax or otherwise) you would be able authenticate the cookie and make sure the user is who he says he is. This will however require a server side solution to the authentication.
In my app, I have a facebook field that can refer to a facebook user or to a facebook user fanpage.
I want to render the facebook fan page like box only if the fanpage exists in Facebook. Is there a way to do this with the Javascript SDK?
If you use jQuery and can figure out the pattern for the URL of those pages, you can use jQuery.get to check whether they exist or not. If you don't use jQuery, you can do the same thing with raw XmlHttpRequests.
For example, if the URL is "www.facebook.com/fanpage/{{username}}", you can do:
function startCheckForFanPage(username) {
$.get("www.facebook.com/fanpage/" + username, function(response) {
// if response.showsThere'sAPageThere, do X
// otherwise, do Y
}
}
if you use the Facebook JS SDK you can do this after initializing the FB object
FB.api('/the_fanpage_path', function(response) {
if(response.is_published) {
// it is a Fan Page!
}
});
If you don't want to load the FB SDK, you can do an AJAX get request to eg. http://graph.facebook.com/facebook. This works with the cross origin policy because graph.facebook.com allows different domains.
The response is in JSON so something like this would work:
function startCheckForFanPage(username) {
$.get("graph.facebook.com/" + username, function(response) {
if (response)
// otherwise, do Y
}, function() {
// Handle 404 or other failures here
})
}
EDIT: This no longer works