3

I'm trying to setup gitkit in my website, but can't get past this one single line of code. No matter what I do, file_get_contents keeps returning empty.

I've already set my php.ini : always_populate_raw_post_data = On

My environment is PHP 5.3.3, Apache 2.2.6, localhost.

Here's some code.

In my index.php, I call the google API and try to login with gmail account, in other words, federated login.

(this is from the Google API Console)

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/jquery-ui.min.js"></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/googleapis/0.0.4/googleapis.min.js"></script>
<script type="text/javascript" src="//ajax.googleapis.com/jsapi"></script>
<script type="text/javascript">
  google.load("identitytoolkit", "1", {packages: ["ac"], language:"en"});
</script>
<script type="text/javascript">
  $(function() {
    window.google.identitytoolkit.setConfig({
        developerKey: "HERE_GOES_MY_DEVELOPER_KEY",
        companyName: "Valentinos Pizzaria",
        callbackUrl: "http://localhost/valentinos/callback.php",
        realm: "",
        userStatusUrl: "http://localhost/valentinos/userstatus.php",
        loginUrl: "http://localhost/valentinos/login.php",
        signupUrl: "http://localhost/valentinos/register.php",
        homeUrl: "http://localhost/valentinos/index.php",
        logoutUrl: "http://localhost/valentinos/logout.php",
        idps: ["Gmail", "Yahoo"],
        tryFederatedFirst: true,
        useCachedUserStatus: false,
        useContextParam: true
    });
    $("#navbar").accountChooser();
  });
</script>

I get the IDP response, log in, and am asked for permissions. Upon returning to my callback page, in which I used the code sample provided by Google (which is below), this one line of code doesn't seem to be returning correctly.

Am I doing anything stupid at all?

Any help will be appreciated.

Here's whole callback.php so far (there's no HTML whatsoever, for now):

  session_start();

  $url = EasyRpService::getCurrentUrl();
  #$postData = @file_get_contents('php://input');
  $postData = file_get_contents('php://input');
  $result = EasyRpService::verify($url, $postData);
  // Turn on for debugging.
  // var_dump($result);

class EasyRpService {
  // Replace $YOUR_DEVELOPER_KEY
  private static $SERVER_URL = 'https://www.googleapis.com/rpc?key=HERE_GOES_MY_DEVELOPER_KEY';

  public static function getCurrentUrl() {
    $url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
    $url .= $_SERVER['SERVER_NAME'];
    if ($_SERVER['SERVER_PORT'] != '80') {
      $url .= ':'. $_SERVER['SERVER_PORT'];
    }
    $url .= $_SERVER['REQUEST_URI'];
    return $url;
  }

  private static function post($postData) {
    $ch = curl_init();
    curl_setopt_array($ch, array(
        CURLOPT_URL => EasyRpService::$SERVER_URL,
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_HTTPHEADER => array('Content-Type: application/json'),
        CURLOPT_POSTFIELDS => json_encode($postData)));
    $response = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    if ($http_code == '200' && !empty($response)) {
      return json_decode($response, true);
    }
    return NULL;
  }

  public static function verify($continueUri, $response) {
    $request = array();
    $request['method'] = 'identitytoolkit.relyingparty.verifyAssertion';
    $request['apiVersion'] = 'v1';
    $request['params'] = array();
    $request['params']['requestUri'] = $continueUri;
    $request['params']['postBody'] = $response;

    $result = EasyRpService::post($request);
    if (!empty($result['result'])) {
      return $result['result'];
    }
    return NULL;
  }

} # End Class EasyRpService

Before anyone asks, I do replace HERE_GOES_MY_DEVELOPER_KEY with my Developer Key...

Once again, any help will be much appreciated. C ya.

Improve this question

2 Answers 2

Reset to default
6

Did you try using $_POST ? php://input don't work for enctype="multipart/form-data". May be you are getting response as multipart/form-data in this case $_POST[0] should work.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yes, I got the results out of $_REQUEST, but they evaluate to null with method verify of Class EasyRpService. How can I check if enctype is multipart/form-data? I believe curl is setting the http-header to application/json...
2

HTTP POST data is usually populated in $_POST, php://input will usually contain PUT data.

Improve this answer

8 Comments

Google Api Documentation states that "The identity provider can use either a POST or a GET, and your application needs to be able to handle both to support all users". The file_get_contents('php://input') is supposed to get the raw json return provided by the API. I can get the data with $_REQUEST, but that is not correct for json returns, which gets me stuck with file_get_contents('php://input'). Is that incorrect?
Considering PHP Manual, I'd also say your answer is a bit imprecise. php.net/manual/en/wrappers.php.php "php://input is a read-only stream that allows you to read raw data from the request body. In the case of POST requests, it is preferable to use php://input instead of $HTTP_RAW_POST_DATA ..."
Yes, $_POST is not HTTP_RAW_POST_DATA. As stated by while1, php://input is not available with enctype="multipart/form-data".
Also, if google is sending you a GET request with parameters, then php://input will not be populated, you will need to inspect if the current request is a POST or a GET request and react accordingly.
Well, turns out you were right: they were never sending me a post body, only a get request, that should be exchanged for a token. But my problem was deeper inside the code, since curl was returning to false. I had to add an option not verify the ssl to make it work properly, which I found in a comment in this post: stackoverflow.com/questions/5657382/… -> curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.