• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

PHP API issue


C

chrismitchell

Guest
#1
Hey everyone..

I'm coding an API for a Domain Search tool.. and i'm struggling with getting the results to be styled properly.. so i'm hoping that someone on here will be able to help me get the style correct for the results.

Its using something called openSRS, I don't know if that will help anyone really.. I just need to work out how to make the results look different.. as they currently display a bit load of text in a lump.. not in a nice format

I've got the code below:

Code:
<?php if (isSet($_POST['function'])) {// ONLY FOR TESTING PURPOSE!!!require_once("../opensrs/spyc.php");// !!!!!!!! ---  Proper form values verification  --- !!!!!!!!!// Form data capture - ONLY FOR TESTING PURPOSE!!!$formSelectedDomainArray = array ();$allDomainArray = array(".co.uk",".me",".org",".asia",".org.uk",".net",".tel",".com",".mobi",".biz",".info",".ca");$formFormat = $_POST["format"];$formFunction = $_POST["function"];$formSearchWord = $_POST["domain"];for ($i=0; $i<=50; $i++){	if (isSet ($_POST["tld_". $i])) array_push ($formSelectedDomainArray, $_POST["tld_". $i]);}// Put the data to the proper form - ONLY FOR TESTING PURPOSE!!!$callstring = "";$callArray = array (	"func" => $formFunction,	"data" => array (		"domain" => $formSearchWord,                "maximum" => $_POST['max'],		"selected" => implode (";", $formSelectedDomainArray),		"defaulttld" => implode (";", $allDomainArray)	));if ($formFormat == "json") $callstring = json_encode($callArray);if ($formFormat == "yaml") $callstring = Spyc::YAMLDump($callArray);// Open SRS Call -> Resultrequire_once ("../opensrs/openSRS_loader.php");$osrsHandler = processOpenSRS ($formFormat, $callstring);// Print out the resultsecho (" In: ". $callstring ."<br>");echo ("Out: ". $osrsHandler->resultFormated);} else {	// Format	if (isSet($_GET['format'])) {		$tf = $_GET['format'];	} else {		$tf = "json";	}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" ><head>	<title></title>	<meta name="generator" http-equiv="generator" content="Claire Lam" />	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />	<meta http-equiv="Content-Language" content="en"/></head><body><form action="test-premiumDomain.php" method="post">	<input type="hidden" name="format" value="<?php echo($tf); ?>">	<input type="hidden" name="function" value="premiumDomain"><table cellpadding="0" cellspacing="0" border="0" width="100%">	<tr class="searchBox">		<td class="searchBoxText" width="100%">			<span class="headLine">Premium Domain</span><br>			<input type="text" name="domain" id="domain" value="" class="frontBox"><br>                        <span class="headLine">Max Number of Results </span>                        <input type="text" name="max" id="max" value="" class="frontBox"><br>		</td>	</tr>	<tr>		<td width="100%"><table class="searchBoxText" border="0" cellpadding="0" cellspacing="0">			<tr>				<td width="100%"><div>					<div class="fronttld"><input name="tld_1" id="tld_1" value=".co.uk" type="checkbox"> .co.uk</div>					<div class="fronttld"><input name="tld_2" id="tld_2" value=".me" type="checkbox"> .me</div>					<div class="fronttld"><input name="tld_3" id="tld_3" value=".org" type="checkbox"> .org</div>					<div class="fronttld"><input name="tld_4" id="tld_4" value=".asia" type="checkbox"> .asia</div>					<div class="fronttld"><input name="tld_5" id="tld_5" value=".org.uk" type="checkbox"> .org.uk</div>					<div class="fronttld"><input name="tld_6" id="tld_6" value=".net" type="checkbox"> .net</div>					<div class="fronttld"><input name="tld_7" id="tld_7" value=".tel" type="checkbox"> .tel</div>					<div class="fronttld"><input name="tld_8" id="tld_8" value=".com" type="checkbox"> .com</div>					<div class="fronttld"><input name="tld_9" id="tld_9" value=".mobi" type="checkbox"> .mobi</div>					<div class="fronttld"><input name="tld_10" id="tld_10" value=".biz" type="checkbox"> .biz</div>					<div class="fronttld"><input name="tld_11" id="tld_11" value=".info" type="checkbox"> .info</div>					<div class="fronttld"><input name="tld_12" id="tld_12" value=".ca" type="checkbox"> .ca</div>				</div></td>			</tr>		</table></td>	</tr>	<tr>		<td><input value="Check" id="lookupSearch" type="submit"></td>	</tr></table></form>	</body></html><?php }?>

I know it has something to do with this part:

Code:
// Print out the resultsecho (" In: ". $callstring ."<br>");echo ("Out: ". $osrsHandler->resultFormated);
But for the life of me I can't work it out.

Any help would be great :D

Cheers everyone :D
 

Jazajay

Active Member
#3
Also create this function as I can't see how the data is cleaned and wack all post data through it.

/////Incorrect check 2 posts down
function clean(){
return preg_replace("/#[a-zA-Z .-_]#/","",$_POST['post field name goes in here']);
}

/////Incorrect check 2 posts down


Then run the variables through it:
$formFormat = clean($_POST["format"]);
$formFunction = clean( $_POST["function"]);
$formSearchWord = clean( $_POST["domain"]);


As that will strip out everything that is not uppercase, lowercase alphanumeric character plus a hyphen and full stop. Remove the space if space characters should not be expected.

Also for the tld field I would check to make sure that the tld was expected before saving it to the array.

So:

if(isset($_POST['tld_1']) && $_POST['tld_1']==".co.uk"){
$tld=".co.uk";
}elseif(isset($_POST['tld_2']) && $_POST['tld_2']==".me"){
$tld=".me";
}elseif.....

else{

$tld="Security alert";
}


Then before you set the array test to make sure $tld does not equal, in this case, Security alert, if it does something other than what you expect has been entered and thus a possible XSS attack, as I am assuming you are sending the data to an external source to get the information.

If you are running it through a database as well also add mysql_real_escape_string() to the variable as well, regardless if it is cleaned. That way you have a redundant safe guard in place to cover against all possibilities.
:)
 

Jazajay

Active Member
#5
Not a problem.
Did notice a mistake in my code, I know unheard of. :)

Change the function to this:

function clean($postvar){
return preg_replace("/#[a-zA-Z .-_]#/","",$postvar);
}


And wella jobs a goodun. Notice any others give me a shout.

If you need help with the mysql_real_escape_string() backup as well let me know, PM me if you need it off forum due to DB details and I'll help you out with that. :)
 

Jazajay

Active Member
#6
Hay Chris,
Did you resolve that problem you emailed me, it was for this right? Sorry I so suck, been mega busy recently. If not let me know and I'll see what I can do, got a Paypal API issue and a custom CMS site on the go when I'm not working 2 other jobs or Adventure scout leader at the weekends, plus women problems dear lord don't go there, hence why it slipped my mind as I rarely check my emails when I get home.

Hope you got it fixed, and this was it. :(