Source language: Translate to:

Internet Get and Post [Tutorial]

Questions and information about creating Internet aware NeoBook applications. Including PHP, HTML, FTP, HTTP, Email, etc.

Moderator: Neosoft Support

Internet Get and Post [Tutorial]

Postby Palamar » Wed Nov 18, 2009 7:35 am

Many times we need something as simple as getting a number or a phrase from the internet or modify and add value to that information.
A practical example is that our program receives orders from the Internet, for example for updates, expiring or modify itself.
Another example, and this perhaps the most valid and that I began to experiment with these actions is to make 2 applications to "communicate" through a text hosted on a server. Experimenting a bit and with some imagination we can even create a game, but Online.

This is an old example, Neosoftware previously published but modified and made functional again by a great colleague (Eb).


PREPARATION.

The first thing to prepare are the two files, the first is a. PHP that will bridge the gap between the second file (txt) and our application. The TXT can contain anything we want them. To continue the example, call this txt: texto.txt

The. PHP is a bit more complex. To create it we open the notepad and copy the following line:

Code: Select all
<?php
$file=fopen( $_POST['fname'], 'a' );
fputs( $file, $_POST['data'] ."\n" );
fclose( $file );
?>


If we change "a" for "w" (create the text file if it exists delete its contents)

Then save it and when asked for the name of the file will "datainput.php" (including the quotation marks so that is not stored in txt but in php).

When we have the two files (datainput.php and texto.txt) rose both to a server. I've tried it with GPNEO server and it worked very well.


GETTING INFORMATION.

The first thing we do is to get the info that currently has the txt and we will put in a variable Neobook, for the program to use it for anything.

We create a publication. It put a button that calls "Get" and then a ListBox. The latter will add the variable [result] "List Items ...". So what is brought from the internet will go to that variable, and as a ListBox, we'll line by line, as in the txt.

In the button put the following:

Code: Select all
InternetGet "http://Tuhost.com/texto.txt" "[Result]" "HideProgress+Async"


All they have to change is where it says "Tuhost.com" by their choice.

Usually, once you pull the button, everything that contains the texto.txt variable will [result] will be completed as shown in the ListBox.


SENDING INFORMATION.

We have already obtained; to send is basically the same, but the function of neo needs a couple of sentences of php too. Assuming that the php file is already in the server, we can do is call and that it will write what we want then the file (in a new line).

We believe another button called "Send" and say the following:

Code: Select all
InternetPost "http://Tuhost.com/datainput.php" "fname=texto.txt&data=Cualquier cosa" "" ""


We again replace "Tuhost.com" for which we have chosen and also modify "Anything" by whatever you want.

Since this, the txt file was modified with a new line.
To view the results should only press the button again to obtain.

It'sa simple way to not become involved with FTP while files are text.


Translated by Google


Spanish version in the forum.


PALAMAR SOFTWARE.
Mariano Chiaverano.
Http:\\www.palamarsoftware.com.ar
Http:\\Gpneo.eshost.com.ar
Palamar
 
Posts: 157
Joined: Wed Apr 06, 2005 4:34 pm

Postby Leos » Wed Nov 18, 2009 8:20 am

Simple, but useful post!

Thank you!
User avatar
Leos
 
Posts: 178
Joined: Mon Apr 04, 2005 11:13 am
Location: Coimbra, Portugal

Postby Alex » Wed Nov 18, 2009 8:58 am

Hi,

Excellent, thank you very much.


Alex
Alex
 
Posts: 745
Joined: Sat Mar 04, 2006 4:53 am

Postby Gaev » Wed Nov 18, 2009 10:43 am

Before anyone uses this technique "as is" ... be warned that you have just opened up your Server to all kinds of "malicious incidents" by hackers and others. :shock: :shock: :shock:

If you accept the name of the file from the POST request, someone can upload a malicious (php) script by specifying something like fname=john.php ... where the file john.php contains executable php script commands ... and then invoke it ... this script can do all sorts of evil things ... not just to the rest of your Server files ... but also use it for spam, viruses, DDOS etc.

Anyone wishing to upload any file to their Server environment MUST first learn about related Security Issues.

Also, different Web Hosts will have different restrictions about where files can be uploaded/executed ... so understanding them is also essential.
User avatar
Gaev
 
Posts: 3733
Joined: Fri Apr 01, 2005 7:48 am
Location: Toronto, Canada

Postby Palamar » Wed Nov 18, 2009 7:11 pm

I'm glad to display useful and simple.

It's true what they say Gaev, though I did not realized for this purpose. It is, as I said, a way of exchanging data with the server without involving an FTP protocol. At no moment it seemed dangerous. What we might do is make the program delete the PHP file before closing. (Through FTP). Or, as he says, take the necessary measures.
Palamar
 
Posts: 157
Joined: Wed Apr 06, 2005 4:34 pm

Postby Gaev » Thu Nov 19, 2009 6:33 am

Palamar:

I do not have any concerns about the method used to exchange information (i.e. via a text file) ... the concern is that the method allows the client side to define the file name (and especially its extension) ... which in turn allows usrers to specify .php (or other script file extensions).

This danger can be minimized by making sure that all saved files have a .txt extension.

Of course there are other security issues users must be aware of ... i.e. once these .txt files are saved on the server side, what measures are taken to ensure that no outsiders can fetch them directly (with appropriate urls) ?
User avatar
Gaev
 
Posts: 3733
Joined: Fri Apr 01, 2005 7:48 am
Location: Toronto, Canada

Postby dpayer » Thu Nov 19, 2009 8:02 am

Gaev wrote:Of course there are other security issues users must be aware of ... i.e. once these .txt files are saved on the server side, what measures are taken to ensure that no outsiders can fetch them directly (with appropriate urls) ?


This is actually a serious point.

I recommend if you have a webserver to occasionally read the log files that are generated by your site. You will be surprised what attempts are being made against your sites by trojans / zombies / dictionary attacks to find passwords, etc through your webserver and ftp server.

Unfortunately the Internet is filled with people who act like thieves and criminals, stealing services from others. Uploading files by writing the content to a PHP file should have:
1) a permission system as to who can access the php file
2) error correction that only valid data is accepted (no javascript or command instructions)
3) file system management to assure that file cannot be executed
4) script management to be sure the file cannot have its extension changed

and more.

David P
User avatar
dpayer
 
Posts: 1383
Joined: Mon Apr 11, 2005 5:55 am
Location: Iowa - USA

Postby Palamar » Thu Nov 19, 2009 11:24 am

Yes, let's say that one solution would be for each file had a different name and extension (the txt) and in the case of php, delete the server end, or else also have different names.
The problem I see on the side of the programmer, not the user side (who in theory will not know that happens).
Palamar
 
Posts: 157
Joined: Wed Apr 06, 2005 4:34 pm


Return to NeoBook and the Internet

Who is online

Users browsing this forum: No registered users and 0 guests