reCaptcha V2 is working but not preveting SPAM - recaptcha

The front end of reCaptcha seems to work fine. It will time out and will even challenge you. The reCaptcha Admin panel says it is working and the chart shows a bunch of fails, BUT spam keeps coming through. I am assuming it must be the validation that fails. But why? What is wrong with this code that spam keeps on getting through?
if(isset($_POST['submit'])){
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$verify_captcha = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret_key.'&response='.$_POST['g-recaptcha-response']);
$verify_response = json_decode($verify_captcha);
if($verify_response->success){
$returnMsg = 'Your email has been submitted successfully.';
include ('./includes/sendmail.php');
include ('./forms/sectionhead.tpl');
echo "<p class='returnmsg'>reCAPTCHA was completed successfully!<br> $returnMsg</p>";
//echo $returnMsg;
echo "
<div class=\"bg-theme-colored\" style=\";color:#754c00;border:1px solid #11477f;text-align:center;padding:25px;\">
<h4><span>Success!</span> Your message has been sent.</h4>
<h5>A copy of your message has been emailed to $_POST[form_email]</h5>
<h5>Thank you for your interest in the North American Bison </h5>
</div>";
include ('./forms/contactend.php');
exit();
}else{
$returnMsg = 'reCaptch verification failed, please verify again.';
include ('./forms/sectionhead.tpl');
echo '<p class="returnmsg">reCAPTCHA error: ' . $returnMsg . '</p>';
include ('./forms/contactform.php');
include ('./forms/contactend.php');
exit();
}
}else{
$returnMsg = 'Please check the CAPTCHA box.';
include ('./forms/sectionhead.tpl');
echo '<p class="returnmsg">reCAPTCHA error: ' . $returnMsg . '</p>';
include ('./forms/contactform.php');
include ('./forms/contactend.php');
exit();
}
}
Since you may ask something like are you sure it is SPAM, here is an example or 2:
Name: ApkJoysuevy
Email: allisonharry683#gmail.com
City: Moscow
State: AL
Message: You can download any of the provided casinos above without any problems. If you download the casino app, it will position like a regular mirror image of the power supply place from the mobile version. Unfortunately, all the apps you download choose however do one's daily dozen on Android. Download casino in 1 click from the tabulate, these are the most advanced transportable applications. The best casino apps for Android The problem is that declaration Android apps and downloading them can be iffy, as Google doesn't authorize legitimate folding money Android casinos to be placed in the Flirt Store. Download casino app But don't worry .... etc
Name: PirikusMeste
Email: prikus#draviero.xyz
City: Ekaterinburg
State: BC
Message: Ñ‚Ñ€Ð¾Ð¸Ñ†ÐºÐ°Ñ Ð¿Ñ€Ñжа интернет
Any thoughts appreciated cause I am at a loss

Related

How can I send an email with my outlook add-in

my friends and I are making an outlook add-in that can take the text from an email in the user's inbox and send it to our email address.
the email part of this is proving to be very difficult.
So far we have tried to do this with nodemailer and similar modules but from what I can tell you would need a server which we would like to avoid.
To get around this we copied some code and made a website that sends the email for us. The problem with this is we cant figure out how to do this all within the taskpane which you can see in the first image. When we click 'submit' nothing will happen until we open the same thing in a separate HTML popup which can be seen in image 2.
Is there a way to do this only from the taskpane so that all the user has to do is click one button that will both take the text and send it to us automatically? If there isn't, how do we get the content of the email from the task pane to the popout (from the right side of image two to the left side)?
You can use makeEwsRequestAsync() to send an email. Here is a sample you could adjust. (note this example sends a mail with the version number of Outlook in the body, but you can adjust it to put whatever data you want inside). See documentation for makeEwsRequestAsync, to see what else it supports that may solve your scneario: https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/web-services
var request = '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'+
' <soap:Header><t:RequestServerVersion Version="Exchange2010" /></soap:Header>'+
' <soap:Body>'+
' <m:CreateItem MessageDisposition="SendAndSaveCopy">'+
' <m:SavedItemFolderId><t:DistinguishedFolderId Id="sentitems" /></m:SavedItemFolderId>'+
' <m:Items>'+
' <t:Message>'+
' <t:Subject>Hello, Outlook!</t:Subject>'+
' <t:Body BodyType="HTML">This message was sent from ' + Office.context.mailbox.diagnostics.hostName + ', version ' + Office.context.mailbox.diagnostics.hostVersion + '!</t:Body>'+
' <t:ToRecipients>'+
' <t:Mailbox><t:EmailAddress>' + Office.context.mailbox.userProfile.emailAddress + '</t:EmailAddress></t:Mailbox>'+
' </t:ToRecipients>'+
' </t:Message>'+
' </m:Items>'+
' </m:CreateItem>'+
' </soap:Body>'+
'</soap:Envelope>';
Office.context.mailbox.makeEwsRequestAsync(request, function (asyncResult) {
if (asyncResult.status == "failed") {
console.log("Action failed with error: " + asyncResult.error.message);
}
else {
console.log("Message sent!");
}
});
You could also use displayNewMessageFormAsync() https://learn.microsoft.com/en-us/javascript/api/outlook/office.mailbox?view=outlook-js-preview#outlook-office-mailbox-displaynewmessageformasync-member(1)
If you want to create a new mail UI, that the user has to send manually.
The response above is showing how to send an email using EWS. (Exchange Web Services). however, the question is also asking how to send the body of the message.
in order to get the body you need to call the body.getAsync() method, check our the sample.
function getSelectedData() {
Office.context.mailbox.item.body.getAsync("html" /*you can also do 'text' */, function(result){
console.log(result.value);
});
}
you can also use the consume the Microsoft Graph from the Office Add-in (instead of EWS) check out this video on how to do it. Here is how to use the Graph to send an e-mail for reference.

TYPO3 Extbase - Download file is cut off to 40 KB if user is not logged in to the front end

I created a duplicate of a download extension from my colleague which is basically an extension which just provides files to download in the back end.
Problem:
If i try to download a file while the extension is only accessible after login to the back end, then it works perfectly fine
however if I open a private browser window where I am not logged in to the back end, then it always cuts off the file and only download the first 40 KB ... even though it is normally 10 MB. Why is the file cut off?
I can download small files ( < 40KB ) perfectly without them getting cutted off.
NOTE:
Before I edited the extension, the download worked perfectly, even if not logged in to the back end! And the download was triggered the same way
Currently I am comparing the code, but from the logic it looks ok, since I did not changed much (added a new model, renamed the extension and some other stuff)
Does someone have a clue what can lead to this problem?
This is the relevant part in my download controller where I first get the public url of the file by passing the fid of the file and then trigger the download by sending headers.
...
if ($this->request->hasArgument('fid')) {
$this->fid = $this->request->getArgument('fid');
}
if ($this->request->hasArgument('cid')) {
$this->cid = $this->request->getArgument('cid');
}
$fileobj = $this->fileRepository->findByUid($this->fid);
if ($fileobj->getFile() !== null) {
$downloadFilePath = $fileobj->getFile()->getOriginalResource()->getPublicUrl();
if (file_exists($downloadFilePath)) {
$fileCounter = (int)$fileobj->getCounter();
$fileobj->setCounter(++$fileCounter);
$oldChecksum = $fileobj->getChecksume();
$groesse = filesize($downloadFilePath);
if (isset($oldChecksum)) {
$checksum = sha1_file($downloadFilePath);
$fileobj->setChecksume($checksum);
}
// update fileobj
$this->fileRepository->update($fileobj);
// Unset fileobj before persists, otherwise there will be also changes
$this->persistenceManager->persistAll();
// If file exists, force download
$fileName = basename($downloadFilePath);
$this->response->setHeader('Content-Type', "application/force-download", TRUE);
$this->response->setHeader('Content-Disposition', 'attachment; filename=' . $fileName, TRUE);
$this->response->setHeader('Content-Length', $groesse, TRUE);
#readfile($downloadFilePath);
$this->response->sendHeaders();
return true; //i can also delete this line, since it is never reached.
} else {
//send emails to everyone who is entered in the address list in the extension configuration.
$this->sendEmails('missing_file', $fileobj);
$this->redirect(
'list',
'Category',
NULL,
array(
'missing' => array(
'fileId' => $this->fid,
'category' => $this->cid
)
)
);
}
}
The 40 KB file does not contain anything that shouldn't be there, it is just cut off. I tested it by writing alot of numbers in a file line by line and download it, result: only a couple thousand numbers are in the file instead of all numbers.
I tried it with both, files stored at a FTP Server and files stored in user_upload, same result.
Here you can see the 40 KB file:
http://pasteall.org/459911
Snippet (in case if the link is down):
<ul>
<li>0</li>
<li>1</li>
<li>2</li>
<li>3</li>
<li>4</li>
<li>5</li>
<li>6</li>
<li>7</li>
<li>8</li>
<li>9</li>
//Cut because stackoverflow does not allow me to post such big texts
...
<li>3183</li>
<li>3184</li>
<li>3185</li>
<li>3186</li>
<li
You can see that it stops downloading the rest, the question is: why?
UPDATE:
I changed it to this:
// If file exists, force download
$fileName = basename($downloadFilePath);
$this->response->setHeader('Content-Type', "application/force-download", TRUE);
$this->response->setHeader('Content-Disposition', 'attachment; filename=' . $fileName, TRUE);
$this->response->setHeader('Content-Length', $groesse, TRUE);
ob_start();
ob_flush();
flush();
$content = file_get_contents($downloadFilePath);
$this->response->setContent($content);
$this->response->sendHeaders();
return true; //i can also delete this line, since it is never reached.
Now the file is downloaded completly, but the file is now wrapped inside the html from the template. it gets rendered inside the fluid variable mainContent.
Like this:
...
<!--TYPO3SEARCH_begin-->
<div class="clearfix col-sm-{f:if(condition:'{data.backend_layout} == 4',then:'12',else:'9')} col-md-{f:if(condition:'{data.backend_layout} == 4',then:'9',else:'6')} col-lg-{f:if(condition:'{data.backend_layout} == 4',then:'10',else:'8')} mainContent">
<f:format.raw>{mainContent}</f:format.raw>
</div>
<!--TYPO3SEARCH_end-->
...
It gets weirder and weirder...
I finally solved the problem. I just had to execute exit or die after sending the headers:
#readfile($downloadFilePath);
$this->response->sendHeaders();
exit;
NOTE: If you exit your code with exit or die then typo3 session set with e.g. $GLOBALS['TSFE']->fe_user->setKey("ses", "token", DownloadUtility::getToken(32)); won't work anymore if not logged in to the backend! Use $GLOBALS['TSFE']->fe_user->setAndSaveSessionData("token", DownloadUtility::getToken(32)); in this case if no log in should be required.
Now it works even if not logged in to the front end.
But I still don't know why the download worked without being cut off while being logged in to the backend, even though the exit statement was missing. Thats extremly weird and we have no explanation.

How to check if player sign out of the google play services in unity3d

how do unity check if player manually sign out from the leaderboard in google play service. I am using the GPG plugin for this and my platform is in android
This is a bit dated, but I was just looking into this and thought I'd share what I found.
When you sign out from within the leaderboard (or achievements page), the GPG plugin gives you an error that looks like this:
** [Play Games Plugin DLL] ERROR: Authentication has been lost!
which causes PlayGamesPlatform.Instance.IsAuthenticated () to return false.
One way to find catch this is simply listening to the script that is displaying the message. Their log function is written below. Just look at the msg arg and toggle your variable you are using to keep track of the logged in state.
- GooglePlayGames > OurUtils > Logger.cs
...
public static void e(string msg) {
Debug.LogWarning("*** " + LOG_PREF + " ERROR: " + msg);
if (msg == "Authentication has been lost!") {
// yourScript.isLoggedIn = false;
}
}
...
Alternatively, you could check the value of PlayGamesPlatform.Instance.IsAuthenticated() when the user attempts to access one of the GPG services (leaderboard, achievements, etc). If it is false, the user is not signed in and should be prompted to sign in rather than firing the service.

Obtaining a Facebook auth token for a command-line (desktop) application

I am working for a charity which is promoting sign language, and they want to post a video to their FB page every day. There's a large (and growing) number of videos, so they want to schedule the uploads programmatically. I don't really mind what programming language I end up doing this in, but I've tried the following and not got very far:
Perl using WWW::Facebook::API (old REST API)
my $res = $client->video->upload(
title => $name,
description => $description,
data => scalar(read_file("videos/split/$name.mp4"))
);
Authentication is OK, and this correctly posts a facebook.video.upload method to https://api-video.facebook.com/restserver.php. Unfortunately, this returns "Method unknown". I presume this is to do with the REST API being deprecated.
Facebook::Graph in Perl or fb_graph gem in Ruby. (OAuth API)
I can't even authenticate. Both of these are geared towards web rather than desktop applications of OAuth, but I think I ought to be able to do:
my $fb = Facebook::Graph->new(
app_id => "xxx",
secret => "yyy",
postback => "https://www.facebook.com/connect/login_success.html"
);
print $fb->authorize->extend_permissions(qw(publish_stream read_stream))->uri_as_string;
Go to that URL in my browser, capture the code parameter returned, and then
my $r = $fb->request_access_token($code);
Unfortunately:
Could not fetch access token: Bad Request at /Library/Perl/5.16/Facebook/Graph/AccessToken/Response.pm line 26
Similarly in Ruby, using fb_graph,
fb_auth = FbGraph::Auth.new(APP_ID, APP_SECRET)
client = fb_auth.client
client.redirect_uri = "https://www.facebook.com/connect/login_success.html"
puts client.authorization_uri(
:scope => [:publish_stream, :read_stream]
)
Gives me a URL which returns a code, but running
client.authorization_code = <code>
FbGraph.debug!
access_token = client.access_token!
returns
{
"error": {
"message": "Missing client_id parameter.",
"type": "OAuthException",
"code": 101
}
}
Update: When I change the access_token! call to access_token!("foobar") to force Rack::OAuth2::Client to put the identifier and secret into the request body, I get the following error instead:
{
"error": {
"message": "The request is invalid because the app is configured as a desktop app",
"type": "OAuthException",
"code": 1
}
}
How am I supposed to authenticate a desktop/command line app to Facebook using OAuth?
So, I finally got it working, without setting up a web server and doing a callback. The trick, counter-intuitively, was to turn off the "Desktop application" setting and not to request offline_access.
FaceBook::Graph's support for posting videos doesn't seem to work at the moment, so I ended up doing it in Ruby.
fb_auth = FbGraph::Auth.new(APP_ID, APP_SECRET)
client = fb_auth.client
client.redirect_uri = "https://www.facebook.com/connect/login_success.html"
if ARGV.length == 0
puts "Go to this URL"
puts client.authorization_uri(:scope => [:publish_stream, :read_stream] )
puts "Then run me again with the code"
exit
end
if ARGV.length == 1
client.authorization_code = ARGV[0]
access_token = client.access_token! :client_auth_body
File.open("authtoken.txt", "w") { |io| io.write(access_token) }
exit
end
file, title, description = ARGV
access_token = File.read("authtoken.txt")
fb_auth.exchange_token! access_token
File.open("authtoken.txt", "w") { |io| io.write(fb_auth.access_token) }
me = FbGraph::Page.new(PAGE_ID, :access_token => access_token)
me.video!(
:source => File.new(file),
:title => title,
:description => description
)
Problem is in your case that for OAuth you'll need some endpoint URL which is publicly reachable over the Internet for Facebook servers, which can be a no-go for normal client PCs, or a desktop application which is capable of WebViews (and I assume, command line isn't).
Facebook states at https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#login that you can build a desktop client login flow, but only via so-called WebViews. Therefore, you'd need to call the OAuth endpoint like this:
https://www.facebook.com/dialog/oauth?client_id={YOUR_APP_ID}&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope={YOUR_PERMISSION_LIST}
You then have to inspect the resulting redirected WebView URL as quoted:
When using a desktop app and logging in, Facebook redirects people to
the redirect_uri mentioned above and places an access token along with
some other metadata (such as token expiry time) in the URI fragment:
https://www.facebook.com/connect/login_success.html#access_token=ACCESS_TOKEN...
Your app needs to detect this redirect and then read the access token out of the URI using the mechanisms provided by the OS and development framework you are using.
If you want to do this in "hacking mode", I'd recommend to do the following.:
As you want to post to a Page, get a Page Access Token and store it locally. This can be done by using the Graph Explorer at the
https://developers.facebook.com/tools/explorer?method=GET&path=me%2Faccounts
endpoint. Remember to give "manage_pages" and "publish_actions" permissions.
Use cURL (http://curl.haxx.se/docs/manpage.html) to POST the videos to the Graph API with the Access Token and the appropriate Page ID you acquired in step 1 like the following:
curl -v -0 --form title={YOUR_TITLE} --form
description={YOUR_DESCRIPTION} --form source=#{YOUR_FULL_FILE_PATH}
https://graph-video.facebook.com/{YOUR_PAGE_ID}/videos?access_token={YOUR_ACCESS_TOKEN}
References:
https://developers.facebook.com/docs/graph-api/reference/page/videos/#publish
https://developers.facebook.com/docs/reference/api/video/
From the facebook video API reference:
An individual Video in the Graph API.
To read a Video, issue an HTTP GET request to /VIDEO_ID with the
user_videos permission. This will return videos that the user has
uploaded or has been tagged in.
Video POST requests should use graph-video.facebook.com.
So you should be posting to graph-video.facebook.com if you are to upload video.
You also need extended permissions from the user or profile you'll be uploading to, in this case you need video_upload this is going to be requested once only, when the user currently logged in is asked for such permission for the app.
And your endpoint should be:
https://graph-video.facebook.com/me/videos
If you always want to post to a specific user than you'll have to change the endpoint part from /me to the User ID or page ID.
Here's a sample (in PHP):
$app_id = "YOUR_APP_ID";
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_POST_LOGIN_URL";
$video_title = "YOUR_VIDEO_TITLE";
$video_desc = "YOUR_VIDEO_DESCRIPTION";
$code = $_REQUEST["code"];
if(empty($code)) {
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. "&scope=publish_stream";
echo("<script>top.location.href='" . $dialog_url . "'</script>");
}
$token_url = "https://graph.facebook.com/oauth/access_token?client_id="
. $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret
. "&code=" . $code;
$access_token = file_get_contents($token_url);
$post_url = "https://graph-video.facebook.com/me/videos?"
. "title=" . $video_title. "&description=" . $video_desc
. "&". $access_token;
echo '<form enctype="multipart/form-data" action=" '.$post_url.' "
method="POST">';
echo 'Please choose a file:';
echo '<input name="file" type="file">';
echo '<input type="submit" value="Upload" />';
echo '</form>';
Although I'm concerned about the upload speed if the videos are too big, but I'm guessing your customer has already sorted that out (compress/optimize/short videos etc.)
I've made you a demo here. Go to my website (I own that domain) and try to upload a video. I tried with this one which is a relatively small 4Mb file. Be sure that this script will only try to upload a video, nothing more (to the FB profile you are currently logged in, that is) but, if you are still concerned, copy my snippet, upload it to your own server (with PHP support of course) and create a test app where the site url is that domain and be sure to specify in the $my_url variable your endpoint which is basically the full path to your script receiving responses from facebook:
http://yourdomain.com/testfb.php
If you still want to do it on a desktop app then you have to go to developer.facebook.com on your app settings:
Settings > Advanced
And look for the first option:
And enable that switch so that facebook allows you to POST from a desktop or native app instead of a web server.
Note: I'm not an expert on Ruby, but the above working PHP code should be pretty obvious and easy to port to it.
as far as I recall, what you want isn't really possible without some kind of endpoint that can receive a callback from facebook.
If you can finagle an oauth token, from say the Graph API Explorer, then it becomes pretty trivial to use a gem like koala to upload your video.
here's the salient bit:
#graph = Koala::Facebook::API.new(access_token)
#graph.put_video(path_to_my_video)
I've made you a sample project here: fb-upload-example

"cacher layer" for google-generated images

The question is prompted by comment to an earlier question of mine. I've never heard of a cacher layer.
The suggestion was to cache google-generated images in this cacher-layer thingie. Can someone give the a pointer to the details of such a layer? "Details" = where does it live? how do I access it? and more.
Thanks so much!
I will explain what I meant.
First of all I needed this system because Google Chart API has some requests-daily CAP so I needed something to bypass it.
The engine was pretty simple.
Consider the vanilla solution: in your HTML you have your img' src directly poiniting to google.
<img src="//google.chart.api?params123">
With a cacher you will not point directly to Google but to your cacher engine:
<img src="//yourwebsite/googleImageCacher.php?id=123">
Now your googleImageCacher.php is dead simple:
It checks if the image requested is found in a cache (it could be a file or whatever) if it's not present then it will request it to google save it and echo.
Something like: (pseudocode)
$imageAssociation = array( '123' => '//google.chart.api?params123'
'image2' => '//google.chart.api?otherparma' );
if ( file_exists( 'imageCacheDir/' . $_GET['id'] ) ) {
echo file_get_contents('imageCacheDir/' . $_GET['id']);
} else {
//> Request the image to google
//> Save it in the imageCacheDir
//> Print it.
}
Of course you can simplement some expiration time in your googleImageCacher.php

Resources