Here is the two scripts I have
Script 1:
<?
include('config.php');
$json = $_POST['payload'];
$fine = var_dump($json);
$secret = "78f12668216b562a79d46b170dc59f695070e532";
$obj = json_decode($json, true);
$fp = fopen('data.txt', 'w');
fwrite($fp, $json);
fwrite($fp, $fine);
fclose($fp);
if(sha1($json . $secret) == $_POST['signature']) {
$conversion_id = md5(($obj['amount']));
echo "OK";
echo $conversion_id;
mysql_query("INSERT INTO completed (`id`,`uid`,`completedid`) VALUES ('','".$obj['uid']."','".$conversion_id."')");
} else {
}
?>
Script 2:
<?
$json = $_POST['payload'];
$secret = "78f12668216b562a79d46b170dc59f695070e532";
$obj = json_decode($json);
if(sha1($json+$secret) == $_POST['signature']) {
print "OK";
} else {
}
?>
The problem here is that it is returning all NULL values. I am not an expert with JSON so I have no idea what is going on here. I really have no way of testing it because the information is coming from an outside website sending information such as this:
{
payload: {
uid: "900af657a65e",
amount: 50,
adjusted_amount: 25
},
signature: "4dd0f5da77ecaf88628967bbd91d9506"
}
The site allows me to test the script, but because json_decode is providing NULL values it will not get through the signature block.
According to Google Chrome's Dev Tools the response it sends when I try to test the script from their server is {"error":"The start uri returned a non-200 response."}
that is all of the information it gives me it does not state what is being sent, only received
Is there a way I can test it myself? Or is there a simple error in this script that I may have just looked over?
EDIT
I set up a file to write the information being passed and this is what is being sent by their server
{"job_id":1337,"job_title":"CrowdFlower test job","amount":30,"uid":"inspire","adjusted_amount":50}
at first there was slashes so I added stripslashes()
to the $json
variable and that obviously got rid of the slashes, but once it hits the json_decode()
it does not pull the information is there something wrong with the information being passed?
When I tried to validate your JSON, I get the following error:
Parse error on line 1:
{ payload: { u
-----^
Expecting 'STRING', '}'
And are you trying to concatenate or add?
if(sha1($json+$secret) == $_POST['signature'])
If concatenation, replace the +
with .
as .
is the concatenation operator in PHP.
if(sha1($json . $secret) == $_POST['signature'])
A complete edit has been made to this answer
What you are required to do is to get the JSON data sent to you via POST-request and validate the signature with the payload and the secret key. The JSON is brought to you as raw HTTP POST data ( I'm not sure if this is the correct term ) and therefore it is not accessible through PHP's $_POST
- global. So here is the solution:
$myJSON = file_get_contents('php://input');
$decodedJSON = json_decode($myJSON);
if (sha1($decodedJSON['payload'] . $secret) == $decodedJSON['signature']) {
/*
If you need to do some database actions or such prior to sending the
response 200, you can do it here. Just don't output anything to the
screen before.
*/
header("HTTP/1.1 200 OK");
}
else {
// sha1 test failed, do something else here
}
Looks like ($json+$secret) is messing up your data-structure. Try $json['secret'] = NUMBER or $json->secret = NUMBER
Depending on how the outside site send the data, but my guess is
$_POST['payload']
is already an array , and you don't need to decode it. Just use var_dump($_POST)
to check it.
For example, the data is sent by the outside site like below with javascript:
var data = {
payload: {
uid: "900af657a65e",
amount: 50,
adjusted_amount: 25
},
signature: "4dd0f5da77ecaf88628967bbd91d9506"
};
$.ajax({
url: ....,
data: data,
//....
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.