Home > Blockchain >  Wrong condition getting successful in PHP file
Wrong condition getting successful in PHP file

Time:12-13

I have made a simple API through PHP to provision and check connection to server.

Here is the Code:

<?php
ini_set('display_errors', 1);
session_start();
require_once("common.php");
$api_get="*******************";
$api_post="**********************";

if (isset($_GET["apikey"])){
    if ($_GET["apikey"]=="$api_get"){
        // Takes raw data from the request
        $json = file_get_contents('php://input');
        // Converts it into a PHP object
        $data = json_decode($json,true);
        $post=$data["api_secret"];
        if ($api_post==$post){
            $_SESSION["status"]="authenticatedfor:".$_GET["command"];
            $_SESSION["username"]=$_POST["username"];
            $_SESSION["password"]=$_POST["password"];
            $_SESSION["quota"]=$_POST["quota"];
            $_SESSION["email"]=$_POST["email"];
            if ($_GET["command"]="createacct"){
                header("Location:createaccount");
                exit;
            }
            elseif ($_GET["command"]="terminateacct"){
                header("Location:terminateacc");
                exit;
            }
            elseif ($_GET["command"]="suspendacct"){
                header("Location:suspendacc");
                exit;
            }
            elseif ($_GET["command"]="unsuspendacct"){
                header("Location:unsuspendacc");
                exit;
            }
            elseif ($_GET["command"]="sync"){
                header("Location:sync");
                exit;
            }
            elseif ($_GET["command"]="accessreset"){
                header("Location:passwordreset");
                exit;
            }
            elseif ($_GET["command"]="verifyconn"){
                header("Content-Type: application/json");
                $data=array("response" => "success");
                echo json_encode($data);
                exit;
            }
            else {
                header("Content-Type: application/json");
                $data=array("response" => "no_command");
                echo json_encode($data);
            }
        }
        else {
            header("Content-Type: application/json");
            $data=array("response" => "wrong_secret");
            echo json_encode($data);
        }
    }
    else {
        header("Content-Type: application/json");
        $data=array("response" => "wrong_key");
        echo json_encode($data);
    }
}
else {
    header("Content-Type: application/json");;
    $data=array("response" => "no_key");
    echo json_encode($data);
    exit;
}
?>

When I make CURL JSON request with all correct credentials, response comes "no_key" and when I write api_get or api_post wrong, it displays "wrong key" and "wrong secret". I am making HTTP requests like curl -X POST https://hostname.com/auth?command=verifyconn&apikey=*********************** -H 'Content-Type: application/json' -d '{"api_secret":"********************"}'

Can anyone point out what I am missing?

CodePudding user response:

Try This:

curl -X POST 'https://hostname.com/auth?command=verifyconn&apikey=***********************' -H 'Content-Type: application/json' -d '{"api_secret":"********************"}'

CodePudding user response:

You are getting error at this line

if ($_GET["apikey"]=="$api_get"){

you can print this two values before comparing. For debugging check both variables values like

var_dump($_GET["apikey"]);
var_dump($api_get);

also compare like this

if ($_GET["apikey"]== $api_get) { 

  • Related