I have made a simple API through PHP to provision and check connection to server.
Here is the Code:
<?php
ini_set('display_errors', 1);
session_start();
require_once("common.php");
$api_get="*******************";
$api_post="**********************";
if (isset($_GET["apikey"])){
if ($_GET["apikey"]=="$api_get"){
// Takes raw data from the request
$json = file_get_contents('php://input');
// Converts it into a PHP object
$data = json_decode($json,true);
$post=$data["api_secret"];
if ($api_post==$post){
$_SESSION["status"]="authenticatedfor:".$_GET["command"];
$_SESSION["username"]=$_POST["username"];
$_SESSION["password"]=$_POST["password"];
$_SESSION["quota"]=$_POST["quota"];
$_SESSION["email"]=$_POST["email"];
if ($_GET["command"]="createacct"){
header("Location:createaccount");
exit;
}
elseif ($_GET["command"]="terminateacct"){
header("Location:terminateacc");
exit;
}
elseif ($_GET["command"]="suspendacct"){
header("Location:suspendacc");
exit;
}
elseif ($_GET["command"]="unsuspendacct"){
header("Location:unsuspendacc");
exit;
}
elseif ($_GET["command"]="sync"){
header("Location:sync");
exit;
}
elseif ($_GET["command"]="accessreset"){
header("Location:passwordreset");
exit;
}
elseif ($_GET["command"]="verifyconn"){
header("Content-Type: application/json");
$data=array("response" => "success");
echo json_encode($data);
exit;
}
else {
header("Content-Type: application/json");
$data=array("response" => "no_command");
echo json_encode($data);
}
}
else {
header("Content-Type: application/json");
$data=array("response" => "wrong_secret");
echo json_encode($data);
}
}
else {
header("Content-Type: application/json");
$data=array("response" => "wrong_key");
echo json_encode($data);
}
}
else {
header("Content-Type: application/json");;
$data=array("response" => "no_key");
echo json_encode($data);
exit;
}
?>
When I make CURL JSON request with all correct credentials, response comes "no_key" and when I write api_get or api_post wrong, it displays "wrong key" and "wrong secret".
I am making HTTP requests like curl -X POST https://hostname.com/auth?command=verifyconn&apikey=*********************** -H 'Content-Type: application/json' -d '{"api_secret":"********************"}'
Can anyone point out what I am missing?
CodePudding user response:
Try This:
curl -X POST 'https://hostname.com/auth?command=verifyconn&apikey=***********************' -H 'Content-Type: application/json' -d '{"api_secret":"********************"}'
CodePudding user response:
You are getting error at this line
if ($_GET["apikey"]=="$api_get"){
you can print this two values before comparing. For debugging check both variables values like
var_dump($_GET["apikey"]);
var_dump($api_get);
also compare like this
if ($_GET["apikey"]== $api_get) {