I am creating a facebook wall (stream) look-a-like to put on my site.
This component will read all posts from a specific page`s wall and display them, via the graph api.
I also want the user to be able to LIKE the posts displayed on the "wall".
What I have so far is a script that uses the graph api to get the JSON list of posts and I also have a PHP file that can LIKE a post who`s ID is submitted in the post_id query string parameter, and this does work. I see the LIKE is submitted.
To call this PHP file I use jQuery ajax:
function do_likes(post_id) {
$.ajax({
type: "POST",
url:"http://www.p-art.co.il/facebook_test/action.php?post_id=" + post_id
});
Firebug doesn't show any error, but on the other hand, the LIKE is not posted.
I have been searching for several hours, but I can't find the correct way to call the PHP file, in order for the FB.api call to work.
Thank you in advance.
-Elad
With a HTTP POST, data is normally sent from form inputs with the enctype set to application/x-www-form-urlencoded format. So with an AJAX POST, we would usually send data in this format also and not as a query string parameter, which is how data is usually sent with a HTTP GET request and how you are sending data above.
if you change your code to
function do_likes(post_id) {
$.ajax({
type: "POST",
url:"http://www.p-art.co.il/facebook_test/action.php",
data : { post_id : post_id }
});
}
it should work as expected (I'm not familiar with PHP but I assume that the URL you're posting to expects data in application/x-www-form-urlencoded format). with jQuery.ajax(), if you set the data object to the key/value pairs that you want to send to the server, jQuery will take care of providing the correct enctype for you based on the HTTP request type you are using (you can override the enctype if necessary, but usually this is not required and the defaults will be what you need in the majority of cases).
Also, you may want to set a callback function to be called after the AJAX post has successfully completed. To do this add a success property to the object passed to the $.ajax() call.
It's hard to tell without seeing the source code for your action.php file but I'm guessing its not getting the users access token correctly due to it being called via AJAX.
If you can post your action.php source somewhere I should be able to help some more
Related
I got a URL from a ecommerce website and when i access it i get all the last 5 products that i've visited in their site. I don't know how it works, i guess it's because of the cookie that this ecommerce website have left in my browser.
I would like to use this URL to show in my website something like this: "The Last 5 Products You Have Seen at X Ecommerce Website".
But to do that this URL must be executed in somehow in the client side and i will still need to get the JSON content returned by this URL.
Is there exist anyway to do that by using PHP or any other web technology?
Thank you!
It might be cookies, localStorage (there are other APIs to save data on local computer, imo they are unused or deprecated e.g. openDatabase) or last views could be connected with account and saved on internal database.
You should use AJAX, but by default in browser mechanism called CORS blocks all requests coming from other domain than resource.
In PHP you can download external page using file_get_contents function or cURL library, but without localStorage/cookies (which can be accessed from JS executed on domain, where that cookies are saved).
AJAX is your option for client side requests. Here's the jQuery guide for it.
https://api.jquery.com/jquery.ajax/
Here's a quick example:
$.ajax({
url: "http://ecommerce.com/your/url/here",
method: 'get',
dataType: 'json', //if you're sure its returning json you can set this
success: function(data) {
//handle success json here
//be sure that you're going to receive json though, possibly could receive some other data type and you should handle appropriately
},
error: function(error) {
//handle error json here
}
});
I am creating an application, that accepts a ajax call (jquery) and returns the validated user an entry token to the website.
Say for example the ajax is called checkAuth.php and there are all the other php files in this directory. By changing the JS to validate another file like checkMail.php for example:
var xmlRequest = $.ajax({
url: "checkAuth.php",
processData: false,
data: xmlDocument
});
change the url to checkMail.php and create a vulnerability in the site?
var xmlRequest = $.ajax({
url: "checkMail.php",
processData: false,
data: xmlDocument
});
Although the result would return a different object but by doing so would this create an "open door" perhaps where the malicious user would keep sending requests in order to gain access? I understand that the user would have to know that the php file exists however I am unsure how to process this securely whilst maintaining my directory structure.
Please note this is not my actual code and I cant clarify the answer with these other posts or I am not understanding this correctly.
Edit: In addition - would this mean that any site using jquery would be able to ajax request any file from the server and create a vulnerability?
How to authenticate an AJAX request to a PHP file?
Question regarding Ajax Hacking
Ajax Security questions
How to send secure AJAX requests with PHP and jQuery
In general, any AJAX request can access all files which accessible via http request like as user types full URL as the browser address.
So, you have to check security token or something else in the begining of PHP-scripts.
You can restrict access to folders or files using .htaccess, see https://stackoverflow.com/a/11729748/3325396
I'm currently working on a Symfony2 project where a user can comment on parts of a webpage via contenteditable spans. I now want to save these comments, that are assembled in an array of JSON objects, into the database, with a reference to the page and the user id. This is where I'm stuck.
What steps are needed to put the data from the JavaScript code into the specific DB table?
I already created a Comment class in the Entity folder. And based on this
answer I added the following code in my saveComment() in JavaScript:
$.post('saveComments.php', {
page_id : getPageId(),
user_id : getUserId(),
comments : getJSONcomments(),
});
What next...?
Ok, let's create a saveComments.php ... but where in the bundle? Or could this be done with a Controller? If so, how and what would I need to replace the url ("saveComments.php") in the $.post(...) call with?
Don't post to a PHP page as this breaks the Symfony 2 model. Instead post to a route, like save/comment or along these lines.
Configure the route to point to an action in a controller.
Implement the controller and the action so that it does not take any parameters. Inside the action unpack the posted data the usual PHP way using (because you won't have a form to bind your data to):
$_POST
Just to get it working, echo a var_dump() to the console and see what you get. This is an example on how to write to the console.
Decode the JSON data with the serializer.
The decoded data will be a simple associative PHP array. Interpret the data you received and act accordingly (don't forget to handle security and all that stuff, too -- you don't want to open up security holes through AJAX).
Best is, you check that the route you chose falls into the security tier you need and probably already have configured in the Symfony 2 application. This way you don't need to handle security manually in the action.
Once this is done return an HTTP response with code 200 OK.
return new Response('', Response::HTTP_OK); // no response text at all
If there's any error reply with a 500 class HTTP server error:
return new Response('', Response::HTTP_INTERNAL_SERVER_ERROR); // 500
Also, don't forget to handle client-side errors with the .error() method.
I am looking for a way to manually submit a Post request to a server, without using the website's UI. I can see the request headers and the post parameters in Firebug when I perform the action manually (clicking the UI's "submit" button). I am hoping there is a way to reverse engineer some Javascript using these headers and parameters so that we can automate this process.
Reason: My company recently purchased some process automation software that enables us to write automation bots that access out business partner's portal site and automatically adjust our digital marketing bids. For one of our partner sites, front-end manipulation doesn't appear to work, because the Post request is submitted via AJAX.
The software does allow us to execute custom javascript within the environment, so I am trying to construct some Javascript using the headers and request parameters.
Is there a standard template into which I can plug these parameters to execute Javascript that will send the Post request to the server?
Thank you
UPDATE:
Thank you all for your help! I've made some progress but am still having difficulty implementing the solution within the software.
The following request works when I run the code in Firebug in Firefox:
$.ajax({
type: "POST",
url: "http://acp.example.com/campaigns/122828",
data: "data-string"
});
However, the software we're using might be a little out of date and I'm not sure it recognizes the AJAX syntax.
Is there a way to effectively write the same statement above, but in Javascript rather than AJAX? Then I think it would work.
You can use AJAX to post data to a server without any direct UI interaction. I will break down a simple jQuery example below:
$.ajax({
type: "POST",
url: url,
data: data,
success: success,
});
$.ajax Is a method offered by the jQuery framework to make AJAX requests simple and cross browser compatible. As you can see I have passed in a JSON object containing various values:
type - This is the first key I have specified, in this instance you'll want this to be of the value POST as this determines the HTTP Request Method.
url - This specifies the server end point, for example: post/data/here.php would post the data to that url so that it can be picked up and handled correctly.
data - This key expects a JSON object, string or array of data to send in the POST request.
success - This key expects a function, it is called on the server's response to the request, with any relevant data passed through.
More documentation is available at: http://api.jquery.com/jquery.ajax/
If all you want to do is POST data, no JavaScript needed.
You should be able to use a browser extension for this. I have one called REST Console that is similar to what you describe. I believe REST Console is for Chrome only, but a quick Google search yielded a similar looking extension for FireFox called RESTClient.
actually i have webservice running and i want to retrieve the response or output of web service (xml output) and want to show it on some web page. i am trying to give some parameters as input and sending to webservice by AJAX POST and getting some dummy response.. i have problem while sending the parameters with URL. WOULD YOU TELL ME ABOUT THE FORMAT OF AJAX POST PARAMTERS?
var params="text=text1&target=target1";
It returns some error value in response, but with the same data i am able to access with the terminal.
text=text1&target=target1 these paramters are passing as one string not different paramters
I have tried in other way also
var params='text='+text1+'&target='+target1;
but it returns nothing in response
What should I set for params value?
You can't send POST data via url query string.
You will need to either use cURL from the command line, or use a POST tool like POSTMAN to pass form data and the appropriate POST headers.
Edit: your tags suggest you're using javascript/ajax.
You can do this natively with javascript, but you'd have a significantly easier time using jQuery's $.ajax or $.post:
$.ajax({
type: "POST",
url: "http://myapp.com/someendpoint",
data: {
text: "text1",
target: "target1"
}
});