I am planning to use Google invisible Recaptcha V3 in my application. I want the suggestion by which method I can go. In the developer document, I could see 2 ways,
Automatically bind the challenge to a button (https://developers.google.com/recaptcha/docs/v3)
Programmatically invoke the challenge
for the 2nd option, I know we are doing the server-side validation to check the token from my site and we are getting the scores.
I want to know if I am going to use the 1st option, and how it gets validated from the ReCaptcha server.
If you want to use the 1st option, you just include a submit button inside your form, and you will receive the reCaptcha token in the 'g-recaptcha-response' key from the POST field (e.g.: $_POST['g-recaptcha-response'], if you're using php).
<script src="https://www.google.com/recaptcha/api.js"></script>
<form method="post" action="login" id="loginForm">
<label for="password">Password:</label>
<input type="password" name="password" value="">
<!--Recaptcha button-->
<button class="g-recaptcha"
data-sitekey="#your_site_key"
data-callback='onSubmit'
data-action='submit'>Submit</button>
</form>
<script>
function onSubmit(token)
{
document.getElementById("loginForm").submit();
}
</script>
Then, validate the token submiting it to "https://www.google.com/recaptcha/api/siteverify" as you would do with the 2nd option.
If you are on php, login page from the form's action attribute, would look like this:
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, http_build_query([
"secret"=>"#yourSecretKey"
, "response"=>$_POST['g-recaptcha-response']
, "remoteip"=>$_SERVER['REMOTE_ADDR']
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$recaptcha = json_decode(curl_exec($ch), true);
/** $recaptcha:
Array
(
[success] => 1 // or 0
[challenge_ts] => 2022-07-16T12:34:38Z
[hostname] => host // hostname
[score] => 0.9 // 0.0 to 1.0
[action] => submit // data-action attribute from reCaptcha button
)
*/
if ($recaptcha["score"] >= 0.5 && $recaptcha["action"] === 'submit')
{
// action on success
} else {
// action on false
}
?>
About which one to use, I don't know how to answer that... But I guess that both options work similarly, so go with the one that is easier for you to implement.
Related
How to view Lines from Xtream Code CMS?
I am using some APIs but not able view lines it always shows me 'Access Denied'.
How to allow API access? I have Xtream code 2.9.2 version.
I know To use APIs, we have to import our IP address into the whitelist from General Settings -> API Settings. It was an option in Xtream code 2.3.x but in later versions, they have changed things. And by default, they have disabled the access of APIs. There is no such type of option in the current version of Xtream code we have.
Any solution? How to allow API access in xtream code 2.9.2?
<?php
$panel_url = 'https://cms.xtream-codes.com/xxxx/'; //i am giving my cms xtream code panel link here
$username = "xxxx"; //i am giving my xtream code cms username here
$password = "xxxx"; //i am giving my xtream code cms password here
##############################################################################
$post_data = array( 'username' => $username, 'password' => $password );
$opts = array( 'http' => array(
'method' => 'POST',
'header' => 'Content-type: application/x-www-form-urlencoded',
'content' => http_build_query( $post_data ) ) );
$context = stream_context_create( $opts );
$api_result = json_decode( file_get_contents( $panel_url . "api.php?action=user&sub=info", false, $context ), true );
echo implode( ',', $api_result);
?>
Access denied
Pretty sure the $panel_url refers to the URL to your main server rather than your cms panel
My solution for checking active subscription info using xtream-codes V2 API
create an Index.php page for your form
<form class="form-inline" action="submit.php" method="post">
<div class="form-group">
<input type="text" class="form-control" id="username" placeholder="Enter Lines Username" name="username">
<input type="text" class="form-control" id="password" placeholder="Enter Lines Password" name="password">
<button type="submit" id="submit" class="btn btn-primary" name="submit">GET STREAM IDS</button>
</form>
Create submit.php and point your form action to it
<?php
$surname = $_POST['surname'];
$username = $_POST['username'];
$password = $_POST['password'];
$exp_date = date("d-m-Y",$json['user_info']["exp_date"]);
$json = json_decode(file_get_contents("http://<-YOUR DNS ->:<-YOUR PORT ->/panel_api.php?username=$username&password=$password"), true);
?>
<?php echo $json['user_info']["username"];?></a>
<?php echo $json['user_info']["password"];?></a>
<?php echo $json['user_info']["status"];?></a>
<?php echo $exp_date;?></a>
and create a line download button like this
DOWNLOAD PLAYLIST
The below code will generate a table of active channels and their TS numbers dependant to the entered line subscription packages
<table>
<thead>
<tr>
<th width="50%"><center>STREAM NAME</center></th>
<th width="50%"><center>STREAM TS NUMBER</center></th>
</tr>
</thead>
<tbody>
<tr>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$json = json_decode(file_get_contents("http://<-YOUR DNS ->:<-YOUR PORT ->/player_api.php?username=$username&password=$password&action=get_live_streams"), true);
for ($x = 0; $x < count($json); $x++)
{ ?>
<td><center><strong><?php echo $json[$x]['name'];?></strong></center></td>
<td><center><strong><?php echo $json[$x]['stream_id'];?></strong></center></td>
</tr>
<?php } ?>
these may not be the best methods but they work and I actually use myself
So I'm having troubles learning how to set up a login through discord on my site. I've been browsing for literally hours and haven't been able to find anything I understand...
At the moment, I have created the discord application, giving me a client ID and client secret, as well as a link back to my localhost:
https://discordapp.com/api/oauth2/authorize?client_id=550631359337594881&redirect_uri=http%3A%2F%2Flocalhost&response_type=code&scope=identify
At the moment I have it set up to redirect from a button to that URL, which then sends me to discord to accept. It then returns me to http://localhost?code=CODE_HERE
However, I don't know what I am supposed to do with this code. I am trying to set it up so that it will show the person's username with hashtag thing, and their profile picture.
I am currently using HTML, CSS, JS, and PHP on the site, but I think I might need to use something else, but I don't know how to set that up, or what it is I need. I am running my local server with XAMPP. I'd prefer if it is just PHP, but I'm open to other options.
Does anyone know how I can convert the code to a username + image?
Thanks in advance!
Try this
Credits to: eslachance
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
ini_set('max_execution_time', 300); //300 seconds = 5 minutes. In case if your CURL is slow and is loading too much (Can be IPv6 problem)
error_reporting(E_ALL);
define('OAUTH2_CLIENT_ID', '1234567890'); //Your client Id
define('OAUTH2_CLIENT_SECRET', 'verysecretclientcode'); //Your secret client code
$authorizeURL = 'https://discordapp.com/api/oauth2/authorize';
$tokenURL = 'https://discordapp.com/api/oauth2/token';
$apiURLBase = 'https://discordapp.com/api/users/#me';
session_start();
// Start the login process by sending the user to Discord's authorization page
if(get('action') == 'login') {
$params = array(
'client_id' => OAUTH2_CLIENT_ID,
'redirect_uri' => 'https://yoursite.location/ifyouneedit',
'response_type' => 'code',
'scope' => 'identify guilds'
);
// Redirect the user to Discord's authorization page
header('Location: https://discordapp.com/api/oauth2/authorize' . '?' . http_build_query($params));
die();
}
// When Discord redirects the user back here, there will be a "code" and "state" parameter in the query string
if(get('code')) {
// Exchange the auth code for a token
$token = apiRequest($tokenURL, array(
"grant_type" => "authorization_code",
'client_id' => OAUTH2_CLIENT_ID,
'client_secret' => OAUTH2_CLIENT_SECRET,
'redirect_uri' => 'https://yoursite.location/ifyouneedit',
'code' => get('code')
));
$logout_token = $token->access_token;
$_SESSION['access_token'] = $token->access_token;
header('Location: ' . $_SERVER['PHP_SELF']);
}
if(session('access_token')) {
$user = apiRequest($apiURLBase);
echo '<h3>Logged In</h3>';
echo '<h4>Welcome, ' . $user->username . '</h4>';
echo '<pre>';
print_r($user);
echo '</pre>';
} else {
echo '<h3>Not logged in</h3>';
echo '<p>Log In</p>';
}
if(get('action') == 'logout') {
// This must to logout you, but it didn't worked(
$params = array(
'access_token' => $logout_token
);
// Redirect the user to Discord's revoke page
header('Location: https://discordapp.com/api/oauth2/token/revoke' . '?' . http_build_query($params));
die();
}
function apiRequest($url, $post=FALSE, $headers=array()) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($ch);
if($post)
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
$headers[] = 'Accept: application/json';
if(session('access_token'))
$headers[] = 'Authorization: Bearer ' . session('access_token');
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
return json_decode($response);
}
function get($key, $default=NULL) {
return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
}
function session($key, $default=NULL) {
return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
}
?>
You have the code which is used to authenticate with many endpoints of the discord API. You need the http://discordapp.com/api/users/#me Endpoint. You authenticate with the Authorization Header. Take a look at the Developer Portal to find out more about your endpoint
I'm trying to send push to my app and testing using that website : http://www.pushwatch.com/gcm/
First try I receive a success message and then error message : NotRegistered.
Same result with that code :
<html>
<form method="post" action="test.php">
id : <input type="text" name="id"/><br/>
message : <input type="text" name="message"/><br/>
<input type="submit" value="Envoyer"/>
</form>
if (isset($_POST["message"])) {
$message = $_POST["message"];
$registrationIds = $_POST["id"];
echo "CALL<br/>";
echo "message = ".$message." / ids = ".$registrationIds."<br/><br/>";
// API access key from Google API's Console
define( 'API_ACCESS_KEY', 'AIza....' );
// prep the bundle
$msg = array
(
'message' => $message,
'title' => 'This is a title. title',
'subtitle' => 'This is a subtitle. subtitle',
'tickerText' => 'Ticker text here...Ticker text here...Ticker text here',
'vibrate' => 1,
'sound' => 1,
'largeIcon' => 'large_icon',
'smallIcon' => 'small_icon'
);
$fields = array
(
'to' => $registrationIds,
'data' => $msg
);
$headers = array
(
'Authorization: key=' . API_ACCESS_KEY,
'Content-Type: application/json'
);
$ch = curl_init();
curl_setopt( $ch,CURLOPT_URL, 'https://gcm-http.googleapis.com/gcm/send' );
curl_setopt( $ch,CURLOPT_POST, true );
curl_setopt( $ch,CURLOPT_HTTPHEADER, $headers );
curl_setopt( $ch,CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch,CURLOPT_SSL_VERIFYPEER, false );
curl_setopt( $ch,CURLOPT_POSTFIELDS, json_encode( $fields ) );
$result = curl_exec($ch );
curl_close( $ch );
echo "RESULT<br/>";
echo $result;
}
Try the following workarounds based from this forum:
Make sure that the APNS token you're using to register with GCM is valid for the particular server.
Make sure that you are using the right iOS Development Provisioning Profile.
Check if you're using the specific profile for your bundle name instead of a a generic one.
To get push and background notifications working again:
Remove/Uninstall the application from the test device.
Perform 'clean' in XCode.
Perform 'build' in XCode.
Reinstall the app to the device.
Check these related SO questions:
gcm push notification: first success, then not registered in IOS
GCM IOS NotRegistered issue
GCM push fails with NotRegistered
I want delete my model via post , but I always get Invalid Request
this is my view
<?php
echo CHtml::link(CHtml::encode('Delete image'), array('gambar/delete', 'id' => $data->id), array(
'submit' => array('data/delete', 'id' => $data->id),
'class' => 'delete', 'confirm' => 'This will remove the image. Are you sure?'
)
);
?>
and this is my action in GambarController
public function actionDelete() {
if (Yii::app()->request->isPostRequest) {
// we only allow deletion via POST request
$this->loadModel()->delete();
if (!isset($_GET['ajax']))
$this->redirect(array('index'));
}
else
throw new CHttpException(400, 'Invalid request. Please do not repeat this request again.');
}
But I always get Invalid Request, I have read some forums, but I cannot get it. Anyone can help me ?
In most cases you can not use link (<a>) to POST. Instead, use the <form> like this
<form action="<?php echo $this->createUrl('/gambar/delete/'.$model->id);?>" method="post">
<button
type="submit"
name="id"
value="<?php echo $model->id?>"
onclick="if (!confirm('Are you sure to delete this image?')) return false;">
<i class="icon-white icon-trash"></i> Delete
</button>
</form>
You are using CHtml::link, this will generate an html <a> tag. When you click on a <a>, your browser send HTTP GET request(not POST request) to the server. So if(Yii::app()->request->isPostRequest) is always false and therefore you see Invalid request error. You should remove this condition from the action. Also, $this->loadModel()->delete() is invalid, because loadModel get an id as parameter. So $this->loadModel($_GET['id'])->delete() is correct.
Use the below code
$this->loadModel(primarykey, 'TableName')->delete();
Should work!
I would like to get content (posts) from a google+ page and post it to my website, as a feed. Is there any info how?
I read that current API does not allow that, but those topics were from the last year.
Thanks.
You can perform activities.list, without having to authenticate, by passing your "simple" key from the API console for a project created that has the Google+ service turned on. Access to the API calls is restricted to the authorized origins you set up in your project.
After you create the project, in the section "Simple API Access" there is an API key. Build your client with this key, your client id, and client secret:
<?
$client = new Google_Client();
$client->setDeveloperKey("YOUR_API_KEY");
$plus = new Google_PlusService($client);
$activities = $plus->activities->listActivities("+GooglePlusDevelopers", "public");
?>
<html><body><pre><? echo print_r($activities);?></pre></body></html>
A final note, make sure you use the latest Google+ PHP client.
After some time I found it.
http://code.google.com/p/google-plus-php-starter/
and this
https://developers.google.com/+/api/latest/activities/list
The only problem is that you need to log into your google app to do this. Any sugggestions would be apprecited.
Updating the correct answer, the class name has changed to Google_Service_Plus
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ .'/vendor/google/apiclient/src');
require_once __DIR__.'/vendor/autoload.php';
$client = new Google_Client();
$client->setDeveloperKey("YOUR_API_KEY");
$plus = new Google_Service_Plus($client);
$activities = $plus->activities->listActivities("+GooglePlusDevelopers", "public");
?>
$items = $activities->getItems();
foreach($items as $item) {
$object = $item->getObject();
?>
<div class="gpost">
<p><?php echo $object->getContent(); ?></p>
Read more
</div>
<?php } ?>