PHP - How to get tokens?
I was told I needed to validate the tokens below but I'm not sure where to start. I only have public access to the website I'm pulling the data from. Someone explain to me tokens or give an example to get me moving?
Do I need access to the other server?
function send_CAD($number,开发者_JS百科 $street, $website, $f_opts = true){
$year = date('Y', time());
$number = trim($number);
$street = urlencode(trim($street));
$post_data = "__EVENTTARGET=&__EVENTARGUMENT=&".
"__VIEWSTATE=/wEPD...&" .
"__EVENTVALIDATION=/wEWNw...&".
"txtAddrNum=$number&listStDir=&";
...
I'm not sure exactly what you're asking so here's the answer in both directions:
If you have a full url that you're trying to parse, use parse_url:
$url = 'http://username:password@hostname/path?arg=value#anchor';
print_r(parse_url($url));
echo parse_url($url, PHP_URL_PATH);
The above example will output:
Array
(
[scheme] => http
[host] => hostname
[user] => username
[pass] => password
[path] => /path
[query] => arg=value
[fragment] => anchor
)
If you have only the query part of the url you can use parse_str:
parse_str($str, $output);
echo $output['first']; // value
echo $output['arr'][0]; // foo bar
echo $output['arr'][1]; // baz
If you have a url that you're trying to construct use http_build_query:
$data = array('foo'=>'bar',
'baz'=>'boom',
'cow'=>'milk',
'php'=>'hypertext processor');
echo http_build_query($data); // foo=bar&baz=boom&cow=milk&php=hypertext+processor
If you need to do validation on the data, once you've gotten it, you can use the built in filter_input functions with validation/sanitizing options in PHP:
http://us2.php.net/manual/en/ref.filter.php
http://us2.php.net/manual/en/function.filter-input-array.php
http://us2.php.net/manual/en/filter.filters.validate.php
http://us2.php.net/manual/en/filter.filters.sanitize.php
Example from filter_validate_array page:
/* data actually came from POST
$_POST = array(
'product_id' => 'libgd<script>',
'component' => '10',
'versions' => '2.0.33',
'testscalar' => array('2', '23', '10', '12'),
'testarray' => '2',
);
*/
$args = array(
'product_id' => FILTER_SANITIZE_ENCODED,
'component' => array('filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
'options' => array('min_range' => 1, 'max_range' => 10)
),
'versions' => FILTER_SANITIZE_ENCODED,
'doesnotexist' => FILTER_VALIDATE_INT,
'testscalar' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_SCALAR,
),
'testarray' => array(
'filter' => FILTER_VALIDATE_INT,
'flags' => FILTER_REQUIRE_ARRAY,
)
);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);
echo "\n";
The above example will output:
array(6) {
["product_id"]=>
array(1) {
[0] => string(17) "libgd%3Cscript%3E"
}
["component"]=>
array(1) {
[0] => int(10)
}
["versions"]=>
array(1) {
[0] => string(6) "2.0.33"
}
["doesnotexist"]=>
NULL
["testscalar"]=>
bool(false)
["testarray"]=>
array(1) {
[0] => int(2)
}
}
VIEWSTATE etc are used in ASP.NET. There is nothing you need to do with them when processing them in PHP. If the ASP.NET is posting a form to your php page, you can do some quick analysis by doing:
echo "<pre>".print_r($_REQUEST, TRUE)."</pre>";
and try to figure out which of the items you should be interested in. Then you can simply get those items by doing, for e.g.:
$itemid = $_REQUEST['itemid'];
You can ignore the 'tokens' that you dont need to process.
You should try and replace $_REQUEST with either $_GET or $_POST based on how your php page is being called.
加载中,请稍侯......
精彩评论