0

Here is the two scripts I have

Script 1:

  <?

include('config.php');
$json = $_POST['payload'];
$fine = var_dump($json);
$secret = "78f12668216b562a79d46b170dc59f695070e532";
$obj = json_decode($json, true);
$fp = fopen('data.txt', 'w');
fwrite($fp, $json);
fwrite($fp, $fine);
fclose($fp);

if(sha1($json . $secret) == $_POST['signature']) {
    $conversion_id = md5(($obj['amount']));
    echo "OK";
    echo $conversion_id;
    mysql_query("INSERT INTO completed (`id`,`uid`,`completedid`) VALUES ('','".$obj['uid']."','".$conversion_id."')");
} else {

}
?>

Script 2:

<?
$json = $_POST['payload'];
$secret = "78f12668216b562a79d46b170dc59f695070e532";
$obj = json_decode($json);

if(sha1($json+$secret) == $_POST['signature']) {
    print "OK";
} else {

}
?>

The problem here is that it is returning all NULL values. I am not an expert with JSON so I have no idea what is going on here. I really have no way of testing it because the information is coming from an outside website sending information such as this:

{
  payload: {
    uid: "900af657a65e",
    amount: 50,
    adjusted_amount: 25
  },
  signature: "4dd0f5da77ecaf88628967bbd91d9506"
}

The site allows me to test the script, but because json_decode is providing NULL values it will not get through the signature block.

According to Google Chrome's Dev Tools the response it sends when I try to test the script from their server is {"error":"The start uri returned a non-200 response."} that is all of the information it gives me it does not state what is being sent, only received

Is there a way I can test it myself? Or is there a simple error in this script that I may have just looked over?

EDIT

I set up a file to write the information being passed and this is what is being sent by their server

{"job_id":1337,"job_title":"CrowdFlower test job","amount":30,"uid":"inspire","adjusted_amount":50}

at first there was slashes so I added stripslashes() to the $json variable and that obviously got rid of the slashes, but once it hits the json_decode() it does not pull the information is there something wrong with the information being passed?

Improve this question
11
  • 1
    Try starting with: var_dump($_POST); Also, valid json uses strings for property names. Commented Oct 13, 2012 at 3:28
  • Could you show the code you use to request the response from the server? Commented Oct 13, 2012 at 4:32
  • @budwiser All of that is automatic, it is for Crowd Flower, when a user completes a task their server sends the information, my server just accepts it. That is why I am having so much trouble figuring it out. Commented Oct 13, 2012 at 4:43
  • @kira423 Could you do a var_dump($json) before using the stripslashes and add the output to your question? Commented Oct 13, 2012 at 8:33
  • @budwiser it returns nothing, it doesn't add any text to the text file. Commented Oct 13, 2012 at 15:33

4 Answers 4

Reset to default
1

When I tried to validate your JSON, I get the following error:

Parse error on line 1:
{    payload: {        u
-----^
Expecting 'STRING', '}'

And are you trying to concatenate or add?

if(sha1($json+$secret) == $_POST['signature'])

If concatenation, replace the + with . as . is the concatenation operator in PHP.

if(sha1($json . $secret) == $_POST['signature'])
Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

This is just a short sample they show inside of their API document so I am not sure if it is showing the whole code in which they use.
OKay, lets get real. What is the output you are getting from their server?
I am going to sound like an idiot but how do I find that out, it does not show that information in my access logs.
LOLz, don't worry, you are newbie, so you are excused. You can check it via Firebug's Net tab in Firefox or Network tab in Chrome Developer tools. Which browser are you using?
@kira423 Press F12, you will get a small screen in the bottom. Click on Network. Now try to load the page and there will be an activity in the Network. Click on it. Get the response. Post it in the question.
|
1

A complete edit has been made to this answer

What you are required to do is to get the JSON data sent to you via POST-request and validate the signature with the payload and the secret key. The JSON is brought to you as raw HTTP POST data (I'm not sure if this is the correct term) and therefore it is not accessible through PHP's $_POST - global. So here is the solution:

$myJSON = file_get_contents('php://input');

$decodedJSON = json_decode($myJSON);

if (sha1($decodedJSON['payload'] . $secret) == $decodedJSON['signature']) {
  /* 
     If you need to do some database actions or such prior to sending the 
     response 200, you can do it here. Just don't output anything to the 
     screen before.
  */
  header("HTTP/1.1 200 OK");
}
else {
  // sha1 test failed, do something else here
}
Improve this answer

1 Comment

You know I thought the same thing, but this script came straight from them so I didn't think anything more about it, but seeing as it doesn't work I should have changed that at the start of the trouble, but with it not getting the information it won't help until everything else gets fixed, thanks for reminding me though.
0

Depending on how the outside site send the data, but my guess is

$_POST['payload'] is already an array, and you don't need to decode it. Just use var_dump($_POST) to check it.

For example, the data is sent by the outside site like below with javascript:

var data = {
  payload: {
    uid: "900af657a65e",
    amount: 50,
    adjusted_amount: 25
  },
  signature: "4dd0f5da77ecaf88628967bbd91d9506"
};

$.ajax({
  url: ....,
  data: data,
  //....

});
Improve this answer

1 Comment

unfortuntley using var_dump($_POST) will not work because when I add it to the script and use their site to test it, it tells me that the script produced something other than a 200 OK response. I tried changing $obj['uid'] to $_POST['uid'] and it is still showing blank in the database so I am not sure as how to check it.
0

Looks like ($json+$secret) is messing up your data-structure. Try $json['secret'] = NUMBER or $json->secret = NUMBER

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.