My question can look stupid but I need to get in touch and get a decision. I want to pass parameters to url without the parameters being seen in the url. this is to secure my server. Because the url looks like this
controller/edit/123
and the '123' is the user ID in the database.
I can simple do this
public function action_edit($id) {
get_db_info($id);
}
Is it possible to hide the parameter while redirecting to this url from a view? ie in the view file
// Do something to set the ID
<?php Kohana_Request::post("user_id", $id); ?>
Click
and get the ID like this
public function action_edit() {
$id = $this->request->post("user_id");
get_db_info($id);
}
But the problem I can't access the KOhana_Request instance and get this error
*Non-static method Kohana_Request::post() should not be called statically*
Can someone gives a secured approach to this ?
I think I found a solution by encoding and decoding the parameters.
Since Kohana 3.3 do not allow parameters in controller functions see .
I do this in my view
$user_id = Encrypt::instance()->encode($liste->user_id);
$encode_id = base64_encode($user_id);
$encode_ure_id = urlencode($encode_id);
And from the controller,
$encoded_id = urldecode($this->request->param('uri_id'));
$encode_base_url = base64_decode($encoded_id);
$user_id = Encrypt::instance()->decode($encode_base_url);
If this can help others.
Related
Here I like to explain my problem clearly, How can I restrict get request through URL in Yii2
this is my url:
http://localhost/school/backend/web/index.php?r=user%2Fview&id=42
here if I change the view id = 43, it showing the data of id 43, I don't want to get data through url. I want to restrict get request through url or how can I encrypt the id value
If I change my url manager to
'urlManager' => [
'enablePrettyUrl' => true,
'showScriptName' => false,
],
then am getting url like below
http://localhost/school/admin/user/view?id=42
here also if I change id=43 am getting the data of id 43
How can I do this. Help will be really appreciated.
Assuming the current scenario (let me know if i misunderstood something):
Company can see/add/edit People (that part you already did). Now, each Company can only do actions on your own People, not the others.
One Solution:
In your Company model you must have something like:
public function getPeoples()
{
return $this->hasMany(People::className(), ['id_people' => 'id']);
}
You can add another function just to return the Ids of the People:
public function getPeoplesIds()
{
return ArrayHelper::map($this->peoples, 'id', 'id');
}
Now in your controler you must rewrite your beforeAction function:
public function beforeAction($action){
$id = Yii::$app->request->get('id');
if($id && !Yii::$app->user->isGuest) {
$user = User::findOne(Yii::$app->user->getId());
$company = //Do the logic to get the company's user
if (! in_array($id, $company->peoplesIds) {
throw new NotFoundHttpException('The requested page does not exist.');
}
}
return parent::beforeAction($action);
}
With that, you are checking the $id before runing each action.
first of all you should think about your purpose .
why do you want to prevent user from getting another IDs ?
if they are not authorized to see other IDs you can easily authorize their requests : Yii2-authorization
otherwise , you can use a string key for your table and generate random strings for keys using Yii built in classes .
Yii2-security
I was wondering how I would get a specific ID from an URL. ( If something like this is possible )
For example:
// You are here: http://test.be/certificate/create
// Saving new certificate
$search11 = $this->webDriver->findElement(WebDriverBy::id('certificate_save'));
$search11->click();
// You are here: http://test.be/certificate/11/basicinfo
// Here I need to get the ID so I can go to the next page
// You are here: http://test.be/certificate/11/holders
Basically I need the number after the /certificate/
Any suggestions? If something isn't clear feel free to ask.
Thanks in advance
Kind regards
You can get the url from the Driver object and extract the id from that, something like this:
string url = Driver.Url;
string[] parts = url.Split(new string[] { "/" }, StringSplitOptions.RemoveEmptyEntries);
int id = int.Parse(parts[3]);
EDIT: Sorry just seen you are using php, my code was in c#, the same logic can be used for php as well
$url = $driver->getCurrentURL();
$parts = explode('/', $url);
$id = $parts[4];
I've got a simple Grails app with the following RESTful uri...
http://localhost:8080/kennis-api/funds/test/700
The mapping in my URIMappings is
"/funds/test/$fcode" (controller: "fundCache"){
action = [GET: "show"]
}
In my controller, I need to extract the request URI, in this case "/funds/test/700", but invoking request.uri or request.getRequestUri does not work. I tried using request.requestURL, but that gives me
http://localhost:8080/kennis-api/grails/fundCache/show.dispatch
Is there a special member or function from which to get the request uri?
Its Simple, You need the Original address, that is same as the one where your response will be forwarded, its simply stored in the Request, and can be retrieved by:
.
String originalURI = request.forwardURI
//Do this where request is available, ex: Controllers :)
// Everywhere else you can use RequestContextHolder
.
.
Hope that helps
Regards
Kushal
I am trying to create and iOS app that takes a users credentials and verifies it with the AD server. Is there some built in library in xCode to do that, or is it third party?
Any advice on direction to look would be greatly appreciated.
Thanks
Zach
Ok, so this was the PHP i used to make the connection to the ldap server. i am not 100% sure what is happening here, i got this code from IT Coordinator at my company. I understand all the binding and searching parts, but i dont get the the ldap_set_option part of this whole thing. Anyway after setting it up this way, you can then call the URL of the php script and pass it parameters. take a look at the PHP, and the url example with be below.
<?php
//Connection parameters
$dn = "DC=network,DC=net";
$host = "ldap://ldap.network.com";
$port = 1111
$user = $_GET['user'];
$pass = $_GET['pass'];
//$user = "user#network.net";
//$pass = "pass";
$filter = "memberof";
$keyword = "CN=USSC_ALL,CN=Users,DC=network,DC=net";
$filter = "objectclass";
$keyword = "user";
$filter = "objectcategory";
$keyword = "CN=Person,CN=Schema,CN=Configuration,DC=network,DC=net";
//The real thing with PHP
if (!empty($keyword) and !empty($dn)) {
//Connect to the AD
$adConn = ldap_connect($host, $port) or die("Could not connect!");
//Set protocol verison
ldap_set_option($adConn, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap protocol1");
//Set referrals... Won't work without this...
ldap_set_option($adConn, LDAP_OPT_REFERRALS, 0) or die ("Could not set ldap protocol2");
//Bind the user
$bd = ldap_bind($adConn, $user, $pass) or die ("Could not bind");
echo $bd;
//End binding
ldap_unbind($adConn);
} else {
echo "<p>No results found!</p>";
}
?>
</body>
</html>
Ok so now all you have to do is pass a username and password to the script and it will return the bind. that will give you either true or false. meaning if it bound successfully it is a correct combination of username and password.
this is how i am calling it:
http://192.268.192.1/ldap.php?user=(username here)&pass=(password here)
This is the approach that i took, and i think it is a very simple answer.
So what I have been able to find out is that i need to use PHP to do this. By creating a php file on the server, i can use built in ldap protocol to take a user name and password to the ldap server for verification. The query should then return true or false. As soon as i get this working ill post my code
I am having a problem with Twitter's oauth authentication and using a callback url.
I am coding in php and using the sample code referenced by the twitter wiki, http://github.com/abraham/twitteroauth
I got that code, and tried a simple test and it worked nicely. However I want to programatically specify the callback url, and the example did not support that.
So I quickly modified the getRequestToken() method to take in a parameter and now it looks like this:
function getRequestToken($params = array()) {
$r = $this->oAuthRequest($this->requestTokenURL(), $params);
$token = $this->oAuthParseResponse($r);
$this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']);
return $token;
}
and my call looks like this
$tok = $to->getRequestToken(array('oauth_callback' => 'http://127.0.0.1/twitter_prompt/index.php'));
This is the only change I made, and the redirect works like a charm, however I am getting an error when I then try and use my newly granted access to try and make a call. I get a "Could not authenticate you" error. Also the application never actually gets added to the users authorized connections.
Now I read the specs and I thought all I had to do was specify the parameter when getting the request token. Could someone a little more seasoned in oauth and twitter possibly give me a hand? Thank You
I think this is fixed by twitter by now or you might have missed to provide a default callback url in your application settings, which is required for dynamic callback url to work as mentioned by others above.
Any case, I got this working by passing the oath_callback parameter while retrieving the request token. I am using twitter-async PHP library and had to make a small tweak to make the library pass the callback url.
If you are using twitter-async, the change is below:
modified getRequestToken and getAuthenticateURL functions to take callback url as parameter
public function getRequestToken($callback_url = null)
{
$params = empty($callback_url) ? null : array('oauth_callback'=>$callback_url);
$resp = $this->httpRequest('GET', $this->requestTokenUrl, $params);
return new EpiOAuthResponse($resp);
}
public function getAuthenticateUrl($callback_url = null)
{
$token = $this->getRequestToken($callback_url);
return $this->authenticateUrl . '?oauth_token=' . $token->oauth_token;
}
And pass the callback url from your PHP code.
$twitterObj->getAuthenticateUrl('http://localhost/twitter/confirm.php');
#Ian, twitter now allows 127.0.0.1 and has made some other recent changes.
#jtymann, check my answer here and see if it helps
Twitter oauth_callback parameter being ignored!
GL
jingles
even me to was getting 401 error.. but its resolved..
during registering your application to twitter you need to give callback url...
like http://localhost:8080.
i have done this using java...
so my code is: String CallbackURL="http://localhost:8080/tweetproj/index.jsp";
provider.retrieveRequestToken(consumer,CallbackURL);
where tweetproj is my project name
and index.jsp is just one jsp page...
Hope this may helps u...
After the user authorizes the application on twitter.com and they return to your callback URL you have to exchange the request token for an access token.
Twitter does not honor the oauth_callback parameter and will only use the one specified in the registered application settings.
It also doesn't allow for 127.0.0.1 or localhost names in that callback, so I've setup http://dev.twipler.com which is setup for 127.0.0.1 in DNS so you can safely use;
http://dev.twipler.com/twitter_prompt/index.php