I have implemented reCaptcha in TYPO3 website and after integrated Google reCaptcha V2 api even I am getting spam emails. In reCaptcha admin panel I did not see any erros and warnings messages. I also implemented server side validation and Verifying the user's response.
But I did not understand why I am getting spam emails after integrated reCAPTCHA?
Server side Validation
if(isset($_POST['captcha']) && !empty( $_POST['captcha']) && ($_SERVER['REQUEST_METHOD'] == 'POST')){
$captcha=$_POST['captcha'];
}
if (empty($_POST['captcha'])) {
exit('Please set recaptcha variable');
}
$secret="************************************";
$response = $captcha;
$verify = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secret) . '&response=' . urlencode($response));
$captcha_success=json_decode($verify);
if ($captcha_success->success==false) {
echo '<h2>You are spammer ! This user was not verified by recaptcha.</h2>';
}
else if ($captcha_success->success==true) {
echo '<h2>Thanks for posting </h2>';
}
{
"success": true,
"challenge_ts": timestamp,
"hostname": string,
}
Related
I'm trying to integrate webhook into my project, I have verified the webhook successfully, but when I send sample data to the server, my server does not receive anything, my project developed on Codeigniter.
I tried using postman to post Json data to the webhook url that was authenticated, my server received
Postman: [POST] https://xxxxxx.xxx/api/webhook
[RAW]
{
"field": "conversations",
"value": {
"page_id": 4444444,
"thread_id": "t_mid.14833205540:9182a4e489"
}
}
Code:
public function webhook(){
if (isset($_GET['hub_mode']) && isset($_GET['hub_challenge']) && isset($_GET['hub_verify_token'])) {
if ($_GET['hub_verify_token'] == 'EcyUykjnmredclnuYFLShBKHfutRFfDRdfdfb'){
echo $_GET['hub_challenge'];
}
}
$data = file_get_contents("php://input",true);
$myfile = fopen("./my-assets/uploads/text.txt", "w");
fwrite($myfile, $data);
fclose($myfile);
http_response_code(200);
}
I'm trying to get this example to work: https://developers.google.com/analytics/devguides/config/mgmt/v3/quickstart/web-php#enable
The error I'm getting is "Error: redirect_uri_mismatch" .
In order to install the google api resources, I used composer with this command:
php composer.phar require google/apiclient:^2.0.0#RC
This installed the "vendor" folder in my root site folder. My index.php and oauth2callback.php files are located in the "public_html" folder.
Here's a screenshot of my error when going to my site:
The weird thing is that if I navigate to the link above that's included in the error message "Visit ...... to update the authorized..", I get this error message: " The OAuth Client Does Not Exist "
If I click on my only available Client ID, I can navigate to see the URI's which I'll screenshot below as well:
As you can see, under Authorized Javascript origins, I have http://localhost listed, and under authorized redirect URIs, I have my live site followed by the "oauthc2callback.php" file extension.
I don't understand how to get rid of the error I'm getting. I've tried replacing the URI's and putting in different JavaScript origins.
Also, for some reason on that last screenshot, it says that I don't have permission to edit this OAuth client, but I can make edits.
The code I have for index.php:
<?php
// Load the Google API PHP Client Library.
require_once '../vendor/autoload.php';
// Start a session to persist credentials.
session_start();
// Create the client object and set the authorization configuration
// from the client_secretes.json you downloaded from the developer console.
$client = new Google_Client();
$client->setAuthConfigFile('../config/client_secrets.json');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
// If the user has already authorized this app then get an access token
// else redirect to ask the user to authorize access to Google Analytics.
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
// Set the access token on the client.
$client->setAccessToken($_SESSION['access_token']);
// Create an authorized analytics service object.
$analytics = new Google_Service_Analytics($client);
// Get the first view (profile) id for the authorized user.
$profile = getFirstProfileId($analytics);
// Get the results from the Core Reporting API and print the results.
$results = getResults($analytics, $profile);
printResults($results);
} else {
$redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php';
header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}
function getFirstprofileId(&$analytics) {
// Get the user's first view (profile) ID.
// Get the list of accounts for the authorized user.
$accounts = $analytics->management_accounts->listManagementAccounts();
if (count($accounts->getItems()) > 0) {
$items = $accounts->getItems();
$firstAccountId = $items[0]->getId();
// Get the list of properties for the authorized user.
$properties = $analytics->management_webproperties
->listManagementWebproperties($firstAccountId);
if (count($properties->getItems()) > 0) {
$items = $properties->getItems();
$firstPropertyId = $items[0]->getId();
// Get the list of views (profiles) for the authorized user.
$profiles = $analytics->management_profiles
->listManagementProfiles($firstAccountId, $firstPropertyId);
if (count($profiles->getItems()) > 0) {
$items = $profiles->getItems();
// Return the first view (profile) ID.
return $items[0]->getId();
} else {
throw new Exception('No views (profiles) found for this user.');
}
} else {
throw new Exception('No properties found for this user.');
}
} else {
throw new Exception('No accounts found for this user.');
}
}
function getResults(&$analytics, $profileId) {
// Calls the Core Reporting API and queries for the number of sessions
// for the last seven days.
return $analytics->data_ga->get(
'ga:' . $profileId,
'7daysAgo',
'today',
'ga:sessions');
}
function printResults(&$results) {
// Parses the response from the Core Reporting API and prints
// the profile name and total sessions.
if (count($results->getRows()) > 0) {
// Get the profile name.
$profileName = $results->getProfileInfo()->getProfileName();
// Get the entry for the first entry in the first row.
$rows = $results->getRows();
$sessions = $rows[0][0];
// Print the results.
print "<p>First view (profile) found: $profileName</p>";
print "<p>Total sessions: $sessions</p>";
} else {
print "<p>No results found.</p>";
}
}
The code I have for "oauth2callback.php":
<?php
require_once '../vendor/autoload.php';
// Start a session to persist credentials.
session_start();
// Create the client object and set the authorization configuration
// from the client_secrets.json you downloaded from the Developers Console.
$client = new Google_Client();
$client->setAuthConfigFile('../config/client_secrets.json');
$client->setRedirectUri('http://' . $_SERVER['HTTP_HOST'] . '/oauth2callback.php');
$client->addScope('https://www.googleapis.com/auth/analytics.readonly');
// Handle authorization flow from the server.
if (! isset($_GET['code'])) {
$auth_url = $client->createAuthUrl();
header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL));
} else {
$client->authenticate($_GET['code']);
$_SESSION['access_token'] = $client->getAccessToken();
$redirect_uri = 'http://' . $_SERVER['HTTP_HOST'] . '/';
header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL));
}
All of this code was taken from the first website example, except with a few minor additions to make it match my system.
Anyone know how I can get rid of this error? What am I doing wrong?
Remember, as far as Google is concerned, "your" server is hostile until you name it "friendly", you must explicitly whitelist every possible source of an OAuth call TO Google.
Google is a clubbouncer, a big, ugly, unmovable bouncer with a a guest list saying to your application: "I will only deal with your request if your exact name OR id is on the list"
Have you tried including, not only localhost, but all other possible origins?
You must list every possible variation of url "root", including explicit IPs.
http://www.example.com
http://example.com
https://example.com
https://www.example.com
http://222.111.0.111
...
dont forget to include
https://accounts.google.com:443
The redirect Uri in the request MUST be exactly the same as one Uri you stored.
I see a / at the end of the stored one you missed in your request.
just copy the request URI on which error is occurring from error screen and paste it to OAuth credentials "Authorised redirect URIs"
now run the app.
this works for me. Hope I answered your query.
how could i post the form to the rest api action. Or how can i test the rest api for creating a record in the db with all the field values. Should we add create aq queryStringUrl. if its comming from a POST form action its fine. But this yii rest api should also work when called on a android device. I have used $_Request on post of the form , will the same work else where. if i wanna test the same in POSTMAN how can i do it. http://localhost/basic/web/site/create?fname=deepika&uname=deeps&email=deep#gmail.com&pwd=deepika&pwd_confirm=deepika&gender=female says 404 in postman. But works in the yii controller url This is the action i have created.
public function actionCreate()
{
$params=$_REQUEST;
//echo $params;
$model= new UsersForm();
if(isset($params['fname']))
$fname=$params['fname'];
if(isset($params['uname']))
$uname=$params['uname'];
if(isset($params['email']))
$email=$params['email'];
if(isset($params['pwd']))
$pwd=$params['pwd'];
if(isset($params['gender']))
$gender=$params['gender'];
if($fname == "" || $uname == "" || $email == "" || $pwd == "" || $gender == ""){
$this->setHeader(400);
echo "<pre>".json_encode(array('status'=>0,'error_code'=>400,'errors'=>"Something went wrong"),JSON_PRETTY_PRINT)."</pre>";
}else{
$model->fname = $fname;
$model->uname = $uname;
$model->email = $email;
$model->pwd = $pwd;
$model->pwd_confirm = $pwd;
$model->gender = $gender;
if($model->save()){
if($model->status == 0){
$mailSent = Yii::$app->mailer->compose()
->setFrom("noreply#gmail.com")
->setTo($model->email)
->setSubject("Proceed by Verification")
->setTextBody('Plain text content')
->setHtmlBody('<b>HTML content</b>')
->send();
// VarDumper::dump($mailSent, 10, true);die();
}
$this->setHeader(200);
echo "<pre>".json_encode(array('status'=>1,'success_code' => 200,'verification_mail'=>$mailSent,'message'=>'Registered Successfully'),JSON_PRETTY_PRINT)."</pre>";
}else{
$this->setHeader(400);
echo "<pre>".json_encode(array('status'=>0,'error_code'=>400,'errors'=>$model->errors),JSON_PRETTY_PRINT)."</pre>";
}
}
// VarDumper::dump($params, 10, true);die();
}
Without code examples its hard to say what goes wrong in your app. I think first of all if you creat new item by GET method, its not REST. In REST API cretion of new item goes by POST method (I say nothing about URL appearance). When I was realized REST in some project, I create simple methods at the backend application and then on frontend (JavaScript app) create simple method for send request to API URLs, and when I preparing headers to send, and then depending of url I set method to headers GET, POST, or PUT (no DELETE because we not deletin items throgh API). So it may be little bit confusing... But I believe when you will get things about REST you will resolve your problem.
I'm trying to use the new Gmail API with the Google API Node client. I created a new project from the developer console, set up a new "Service Account" Client ID, and enabled access to the API.
As a proof of concept, I am simply trying to list the threads in my inbox. When I enable the OAuth 2.0 toggle for the API explorer and enter my email address, the request succeeds and I see a JSON response with data.
Now I try to do the same in Node:
var googleapis = require('googleapis');
var SERVICE_ACCOUNT_EMAIL = '...SNIP...';
// generated by: openssl pkcs12 -in ...SNIP...p12 -out key.pem -nocerts -nodes
var SERVICE_ACCOUNT_KEY_FILE = 'key.pem';
var jwt = new googleapis.auth.JWT(
SERVICE_ACCOUNT_EMAIL,
SERVICE_ACCOUNT_KEY_FILE,
null,
['https://www.googleapis.com/auth/gmail.readonly']);
googleapis
.discover('gmail', 'v1')
.execute(function(err, client) {
jwt.authorize(function(err, result) {
if(err) console.error(err);
else console.log(result);
client.gmail.users.threads.list()
.withAuthClient(jwt)
.execute(function(err, result) {
if(err) console.error(err);
else console.log(result);
});
});
});
First I print the results of the authorize() call, which looks like it returns a token, so I think I have all the OAuth stuff setup properly:
{ access_token: '...SNIP...',
token_type: 'Bearer',
expires_in: 1404277946,
refresh_token: 'jwt-placeholder' }
Then I try to actually use the API, but I get an error:
{ errors:
[ { domain: 'global',
reason: 'backendError',
message: 'Backend Error' } ],
code: 500,
message: 'Backend Error' }
At this point, I don't know what else to try. I think the OAuth stuff is working properly, because I haven't gotten any authentication errors. I also think the API itself is working and my account is fine, because I can use it through the API Explorer. I don't see any indication that the Node library is at fault either. In short, I have no idea what the problem is. Any ideas?
You are using the Service Account to authenticate your requests to GMail. Your Service Account will not have a Gmail as far as I know, only users have GMail. For this reason you will need to do the OAuth2 flow with the user (see here for example).
with help of docs, tutorials and this forum I managed to create an event for the logged in user on his profile or page, as he chooses.
I also figured, that for inviting friends I'd have to use events.invite.
Since I don't want to invite all of the user's friends but several, I implemented a request, which as a result returns the selected friend's ids.
Those I'm using for the events.invite call. I get bool 1 as result (which means, the invitation was sent successfully) but there is no invitation to be seen in friends bookmarks or event page.
Everything besides invitation is working.
3 questions come up:
1) Does events.invite need additional permission besides 'create_event' ?
I tryed events.invite independently and couldn't get results either...
2) Is there a better way to select friends before sending invitation? I do not want app request being sent out each time an event is created.
3) If 2 is negative, how can the app request (and bookmark) be subdued or removed from friend's profile? Deleting the request via API obviously doesn't remove the message in application requests.
* in main script: [javascript]
function sendRequest() {
FB.ui({
method: 'apprequests',
message: 'Test',
title: 'event invitation for up to 20 friends',
max_recipients: 20,
},
function (response) {
if (response && response.request_ids) {
var requests = response.request_ids.join(',');
var invite_ids = new Ajax.Request('/facebook/handle_invitation.php', {
onSuccess: function(test) { alert('Done!'); },
method: 'post',
parameters: {tid: '<?php echo $target_id; ?>',
request_ids: requests,
eid:'<?php echo $event_id; ?>',
token: '<?php echo $access_token; ?>'}
});
} else {
alert('canceled');
}
});
return false;
}
* and in 'handle_invitation.php' (called from request response):
if( isset($_POST['request_ids']) && isset($_POST['uid']) ) {
$target_id = $_POST['tid'];
$event_id = $_POST['eid'];
$access_token = $_POST['token'];
$requests = explode(',',$_POST['request_ids']);
foreach($requests as $request_id) {
$request_data = $fb->api("/$request_id?$access_token");
$invite_id[] = $request_data['to']['id'];
$fb->api("/$request_id?$access_token", "DELETE");
}
//invite friends to my event
$return = $fb->api(array(
'method' => 'events.invite',
'eid' => $event_id,
'uids' => $invite_id,
'personal_message' =>"Einladung zu meinem Event"
));
}
Hope this was not too detailed. I'd appreciate any help, since after days of reading and experimenting I'm finally stuck at this point. Thx!
The graph api now allows you to invite users by user_id. See http://developers.facebook.com/docs/reference/api/event/
invited
Create
You can invite users to an event by issuing an HTTP POST to /EVENT_ID/invited/USER_ID. You can invite multiple users by issuing an HTTP POST to /EVENT_ID/invited?users=USER_ID1,USER_ID2,USER_ID3. Both of these require the create_event permission and return true if the invite is successful.
I don't think "sent event invitation" is in the GRAPH API yet. It is available in REST API but its not working as we expect.
I found some known issues and limitations with facebook events. Please see the links below from the official documentation on facebook
Limitation on number of people that could be invited to an event.
http://www.facebook.com/help/?faq=12576#!/help/?faq=202545109787461
Event members are not receiving messages I have sent.
http://www.facebook.com/help/?page=786#!/help/?faq=188295427885002