[Pro] PHP, cURL and Cookies

JDW · July 23, 2015, 6:55am

Typing the following URL into the browser address bar…

http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession

…displays Login page:

http://hartford.macusa.net/fmi/iwp/res/iwp_auth.html

Examining imp_auth.html in Safari’s Console reveals the following JavaScript:

<script type="text/javascript" language="JavaScript1.4">
<!--
	function setCookie(cookieName,value)
	{
			var today=new Date();
			today.setDate(today.getDate()+ 1);
			document.cookie=cookieName+ "=" +escape(value)+ ";expires="+today;
	}

	function getCookie(name)
	{
		var start = document.cookie.indexOf( name + "=" );
		if (start == -1) return null;
		var nameLength = start + name.length + 1;
		var end = document.cookie.indexOf( ';', nameLength );
		if (end == -1) end = document.cookie.length;
		return unescape(document.cookie.substring( nameLength, end ));
	}

	function checkCookie(){
		setCookie('check','check');
		testCookie = getCookie('check');
		
		if(testCookie == null){
			return false;
		}else{
			document.cookie = 'check' + '=' +';expires=Thu, 01-Jan-1970 00:00:01 GMT';
			return true;
		}
	}
			
	function getSid()
	{
		var url = window.top.location.href;
		var result = "";
		if ( url != null )
		{
			var sid = null;
			var index = null;
			if(checkCookie() == true){
				index = url.indexOf( "JSESSIONID=" );
			}else{
				index = url.indexOf( ";jsessionid=" );
			}
			if ( index != -1 )
			{
				var end = url.indexOf ( "&", index );
				if ( end != -1 )
				{
					result = url.substring ( index, end );
				}
				else
				{
					result = url.substr ( index );
				}
			}
		}
		return result;
	}

	var sid = getSid();
	if ( sid.length > 0 ){
		document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi' + sid+ '?-authinfo' + '"><' + '/script>' );
	}else{
		document.write ( '<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-authinfo' + '"><' + '/script>' );
	}
		

-->
</script>
<script type="text/javascript" language="JavaScript1.4" src="/fmi/iwp/cgi?-getstrings"></script>
<script type="text/javascript" language="JavaScript1.4">
		<!--
			function disableFields()
			{
				var acct = document.getElementById( "accnt" );
				var pass = document.getElementById( "pass" );
				acct.disabled = true;
				pass.disabled = true;
			}

			function enableFields()
			{
				var acct = document.getElementById( "accnt" );
				var pass = document.getElementById( "pass" );
				acct.disabled = false;
				pass.disabled = false;
			}

			function setup()
			{
				var ai = window.authinfo;
				var name = document.getElementById( "thingy" );
				var guest = document.getElementById( "guest-radio" );
				var account = document.getElementById( "acct-radio" );
				var login = document.getElementById( "login" );
				var cancel = document.getElementById( "cancel" );
				login.setAttribute( "value", iwp.strings.auth_btn_login );
				cancel.setAttribute( "value", iwp.strings.stat_btn_cancel );
				document.title = iwp.strings.home_ttl_iwp;
				if ( ai != null && name != null )
				{
					var txt;
					var sid = getSid();
					var form = document.getElementById( "form-elt" );
					if ( ai.realm.substring( 0, 9 ) == "FileMaker" )
					{
						txt = document.createTextNode( iwp.strings.auth_lbl_openfms );
						var type = document.getElementById( "type" );
						if ( sid.length > 0 )
							form.action = "/fmi/iwp/cgi" +sid+ "?-authserver";
						else
							form.action = "/fmi/iwp/cgi?-authserver";
						type.name = "-authserver";
						cancel.style.visibility = "hidden";
					}
					else
					{
						if ( sid.length > 0 )
							form.action = "/fmi/iwp/cgi" + sid + "?-authdb";
						txt = document.createTextNode( iwp.strings.auth_lbl_opendb + ai.realm.substring( 9 ) + iwp.strings.auth_lbl_with );
					}
					name.appendChild( txt );
					if ( ai.guest == "no" )
					{
						account.checked = true;
						guest.disabled = true;
					}
					if ( ai.retrycount > 0 )
					{
						if ( ai.retrycount >= 4 && ai.dbpath != null )
						{
							window.location = "/fmi/iwp/cgi?-home&reset";
						}
						var msg = document.getElementById( "msg" );
						msg.removeChild( msg.lastChild );
						var txt;
						if ( ai.realm.substring( 0, 9 ) == "FileMaker" )
							txt = document.createTextNode( iwp.strings.auth_err_server );
						else
							txt = document.createTextNode( iwp.strings.auth_err_incorrect );
						msg.appendChild( txt );
					}
					if ( ai.dbpath != null )
					{
						var hidden = document.getElementById( "dbpath" );
						hidden.value = ai.dbpath;
					}
				}
				document.getElementById( "accnt" ).focus();
				var obj = document.getElementById( "iwpTopBox" );
				var txt = document.createTextNode( iwp.strings.home_ttl_banner );
				obj.appendChild( txt );
			}
			if ( window.authinfo == null )
			{
				window.location = "/fmi/iwp/cgi?-home";
			}
		-->
		</script>
<link href="/fmi/iwp/res/iwp_home.css" rel="stylesheet" type="text/css">
</head>

<body onload="setup()">

This would seem to indicate that I cannot achieve my aims in PHP alone. Would you agree?

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 23, 2015, 7:27am

The really sad part is that there is so much complexity required to achieve simple aim. I’ve already created a Japanese language login page (using Freeway) that logs-in users without any PHP or JS at all:

http://kiramek.com/install-database/

The lone down side to that Japanese Login page is that if the user mistypes their ID or PSW, then they will be taken to the English login page, atop which the ERROR message, in English, will be displayed.

So I have been going to all this trouble, even learning PHP, simply so I can display that Japanese Login page AND intercept any error messages from the MacUSA server and display those errors in Japanese atop my Japanese Login page. That’s my entire aim in a nutshell.

dynamo mailing list
email@hidden
Update your subscriptions at:

JDW · July 23, 2015, 7:55am

Since no one appears to know how to reply to my 5 previous posts, let me ask you another question then…

Using Safari’s Console to examine the iwp_auth.html Login page, I see the following JS:

That JS links to these English strings for the UI:

http://hartford.macusa.net/fmi/iwp/res/eng/strings.js

I simply substituted “jpn” for the “eng” part and found that this page loads:

http://hartford.macusa.net/fmi/iwp/res/jpn/strings.js

That’s what I want. If I can swap out the English for the Japanese, simply by switching which STRING file is used, that would be a solution.

Is there an easy way to do that?

dynamo mailing list
email@hidden
Update your subscriptions at:

waltd · July 23, 2015, 11:28am

Great detective work, James. This explains a whole lot of things at once. First, it means that your cURL approach never had a chance to do this, because cURL doesn’t load or run JavaScript. Second, it seems to me that if you are able to do a straight proxy of the page, you may be able to rewrite the JavaScript inline so that it requests the strings file you do want. But it also leads me to wonder, if that infrastructure is there, maybe there’s a way to enable it – an “official” way, that is – rather than sneaking around in the dark and rearranging the furniture. Most Web servers have a way to inspect the browser environment and switch languages like this based on headers that the browser sends. The browser says something like "I like HTML GZIP, etc, and I prefer German, Russian, and English, in that order. The server hunts through its assets and serves the first one that matches. I would have a look through the Filemaker server documentation, and see if there is some way to signal to the server that you prefer one language or another. Wouldn’t it be great (and slightly tragic, after all this effort) if all you had to do was pass a querystring variable like ?language=jp to the initial request in order to have what you’re after?

Here’s a PHP proxy in as few lines of code as I can muster:

<?php
$source = file_get_contents('your login page here');
// do things to the source with string manipulation here
$source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
header('Content-type: text/html; charset=utf-8');
print $source;
?>

Try putting that into an index.php file and then direct that as your login page, see what happens when you do.

Walter

On Jul 23, 2015, at 3:55 AM, JDW email@hidden wrote:

Since no one appears to know how to reply to my 5 previous posts, let me ask you another question then…

Using Safari’s Console to examine the iwp_auth.html Login page, I see the following JS:

That JS links to these English strings for the UI:

http://hartford.macusa.net/fmi/iwp/res/eng/strings.js

I simply substituted “jpn” for the “eng” part and found that this page loads:

http://hartford.macusa.net/fmi/iwp/res/jpn/strings.js

That’s what I want. If I can swap out the English for the Japanese, simply by switching which STRING file is used, that would be a solution.

Is there an easy way to do that?

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

waltd · July 23, 2015, 11:33am

Detail omitted here: this should be a fully-qualified URL to the login page in question on the FMP server.

Walter

On Jul 23, 2015, at 7:28 AM, Walter Lee Davis email@hidden wrote:

file_get_contents(‘your login page here’);

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

waltd · July 23, 2015, 11:56am

You may also need to inject a tag into the head of the page you scrape so that all the paths to the JavaScript and other resources line up with reality.

// on another line, before the output, and replace the URL with the correct base
$source = str_replace('<head>', '<head><base href="http://example.com/">', $source);

Walter

On Jul 23, 2015, at 7:33 AM, Walter Lee Davis email@hidden wrote:

Detail omitted here: this should be a fully-qualified URL to the login page in question on the FMP server.

Walter

On Jul 23, 2015, at 7:28 AM, Walter Lee Davis email@hidden wrote:

file_get_contents(‘your login page here’);

dynamo mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk

dynamo mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options

JDW · July 24, 2015, 2:19am

Walter, thank you for your tips.

First, there is no browser sniffing to determine the language. MacUSA is running FileMaker Server Advanced 11 on Macintosh hardware, used to share multiple FileMaker databases (including mine). There is a setting within FileMaker server that controls language. If you set it to English, it uses the English string file. If you change the setting to Japanese, it uses the Japanese string file. But it will not use both, and it will not switch.

Here’s a screenshot of the FileMaker Server Language setting:

http://cl.ly/image/462w2N050q2L/FMserver_IWP_StatusAreaLang.jpg

And here’s the text description from the FM Server manual:

For Status Area Language, select the language for the labels
displayed in the status area of the Instant Web Publishing page.
This setting changes the language for all text in the Instant Web
Publishing user interface — for example, the status area, Instant
Web Publishing homepage, forms- based authentication, dialog
boxes, and error messages.  The status area language setting does
not change the language of data stored in databases.

Since MacUSA is hosted in the USA, their target audience is English, not Japanese. That’s why they have their setting on English. And when the Server setting is English, then everyone who hosts a FileMaker database on that server will get the Login page, errors, etc. in English.

If FileMaker server had been more intelligently designed to sniff the client’s browser and send the appropriate language strings to the browser, I wouldn’t have any problem at all. But sadly, that is not the case.

Next, I tried your code, saving it and running it from off my ServerLogistics web server.

The first code block I tried was your first suggestion, modified only to swap in the correct address for the Login page:

<?php
$source = file_get_contents('http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession');
// do things to the source with string manipulation here
$source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
header('Content-type: text/html; charset=utf-8');
print $source;
?>

When I try to execute the above PHP file from Safari, it displays nothing for about 20 seconds and then I get a 404 Not Found error page.

Next, I added the line in your last post, swapping out example.com for the BASE URL of MacUSA, as follows:

<?php
$source = file_get_contents('http://hartford.macusa.net/fmi/iwp/cgi?-db=Install_Info.fp7&-startsession');
// do things to the source with string manipulation here
$source = str_replace('/fmi/iwp/cgi?-getstrings', '/fmi/iwp/res/jpn/strings.js', $source);
header('Content-type: text/html; charset=utf-8');
// on another line, before the output, and replace the URL with the correct base
$source = str_replace('<head>', '<head><base href="http://hartford.macusa.net/">', $source);
print $source;
?>

That takes me to the “You have logged out.” page, which resides at “iwp_home.html”. The remains true even if I try it again adding “/fmi/iwp/” to the end of that base URL. I still get the “You have logged out.” page.

NOTE:

iwp_auth.html is the Login page.

iwp_home.html is the “You have logged off.” page.

dynamo mailing list
email@hidden
Update your subscriptions at: