Solved

Help Converting PHP include_once to JQuery Post with inner class reference.

Posted on 2015-01-09
7
86 Views
Last Modified: 2016-05-20
Hello, I am trying to perform single sign on using Jquery using a 3rd party SSO tool.  Unfortunately, the publisher (Wizkunde) only provides an example in PHP which I have included below.  I took my best shot at converting this to Jquery, but am stuck on the postData["key"] value.  Can someone please help?

This is the example published in the wizkunde help files:
<?php
include_once('Hmac.php');
$postData = array(
'email' => 'ron@wizkunde.nl',
'firstname' => 'Ron',
'lastname' => 'van der Molen',
'delivery' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
),
'invoice' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
)
);
$when = time();
$uri = 'http://<mydomain>/sso/login/login';

$hmacModel = new Wizkunde_Hmac('geheimesleutel', '300');
$hmacModel->setWhen(time());
$hmacModel->setUri($uri);

$postData['uri'] = $uri;
$postData['when'] = $when;
$postData['key'] = $hmacModel->createHash($postData);

header('Location: ' . $uri . '?' . http_build_query($postData));
?>

Open in new window



Here is the jquery I have pieced together:

<asp:Button ID="SSOButton" runat="server" Text="Button" />

    <script>
        $('#SSOButton').click( function() {

            var postDataArray = { "email": "ron@wizkunde.nl", "firstname": "Ron", "lastname": "van der Molen", "delivery": array = { "firstname": "Ron", "lastname": "van der Molen" }, "invoice": array = { "firstname": "Ron", "lastname": "van der Molen" } };
            var postData= jQuery.param(postDataArray);

            var CurrentTime = new Date($.now())
            var uri = "http://mydomain.com/b2bmagento/sso/login/login"

            postData["uri"] = uri
            postData["when"] = CurrentTime

            // It looks like I need to set the postData["key"] equal to the return value of createHash which exists in a new class Wizkunde_Hmac located at the uri.  I have no idea how to do this.

            postData["key"] = ""
               
            $.post(uri, postData, "json");

       }) 
</script>

Open in new window

0
Comment
Question by:joduk777
7 Comments
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
Comment Utility
Sorry if I've missed something but you can't convert PHP to jQuery as jQuery can only run on the client, whilst PHP only runs on the server.  Are you using ASP/c#/VB.net?  As that is what you'll need to convert the PHP to.
0
 

Author Comment

by:joduk777
Comment Utility
The code provided in PHP is a client side POST for Single Sign on to a remote server.  The publisher of the product has only provided examples of the client side request in PHP which I copied here.  My interest isn't to translate PHP to jquery, but to create a client side POST using Jquery that achieves the same as the documentation that was provided in PHP.  

As a last resort, I am open to making a POST in Jquery with embedded PHP if that is the only way to achieve this outcome, but I am thinking this can all be done in Jquery.  Thanks for the help.
0
 
LVL 42

Accepted Solution

by:
Rob Jurd, EE MVE earned 250 total points
Comment Utility
The code they've provided you is PHP, but the client doesn't see it.  The PHP code is executed on the server and any result is sent to the client.  It's just that it is in the same file that it can be confusing.

jQuery communicates with the server via the http protocol by submitting forms or posting data via AJAX.  So it doesn't care if the server is running .NET, PHP, NodeJS etc.

So you will need to convert the PHP component of the code sample (between the <?php ... ?>) to your flavour of .NET.

in otherwords this code doesn't change:
<asp:Button ID="SSOButton" runat="server" Text="Button" />

    <script>
        $('#SSOButton').click( function() {

            var postDataArray = { "email": "ron@wizkunde.nl", "firstname": "Ron", "lastname": "van der Molen", "delivery": array = { "firstname": "Ron", "lastname": "van der Molen" }, "invoice": array = { "firstname": "Ron", "lastname": "van der Molen" } };
            var postData= jQuery.param(postDataArray);

            var CurrentTime = new Date($.now())
            var uri = "http://mydomain.com/b2bmagento/sso/login/login"

            postData["uri"] = uri
            postData["when"] = CurrentTime

            // It looks like I need to set the postData["key"] equal to the return value of createHash which exists in a new class Wizkunde_Hmac located at the uri.  I have no idea how to do this.

            postData["key"] = ""
               
            $.post(uri, postData, "json");

       }) 
</script>

Open in new window


This is what you need to convert  to your server side script:
<?php
include_once('Hmac.php');
$postData = array(
'email' => 'ron@wizkunde.nl',
'firstname' => 'Ron',
'lastname' => 'van der Molen',
'delivery' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
),
'invoice' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
)
);
$when = time();
$uri = 'http://<mydomain>/sso/login/login';

$hmacModel = new Wizkunde_Hmac('geheimesleutel', '300');
$hmacModel->setWhen(time());
$hmacModel->setUri($uri);

$postData['uri'] = $uri;
$postData['when'] = $when;
$postData['key'] = $hmacModel->createHash($postData);

header('Location: ' . $uri . '?' . http_build_query($postData));
?>

Open in new window

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 250 total points
Comment Utility
greetings   joduk777, , This Wizkunde outfit has come up with a code that is suppose to allow a somewhat "secure" way to "Single Sign-On using a simple HTTP request" , , , as  this line in your code -
           header('Location: ' . $uri . '?' . http_build_query($postData));
unfortunately for you to translate their specialized "Hash-based message authentication code" (HMAC) Hash, is probably distinctive (as NOT standard SHA1 or MD5), it also seems to use the current time as a authentication hash seed as here -
     $hmacModel->setWhen(time());
So making their HMAC hash work in any other programming language, will likely be a challenge, even if you have much experience working with HMAC web exchanges. Browser Javascript does NOT have much to offer in Hash operations. Nor does Jquery offer much for en-cryptic hash operations, there are a couple of jquery hash  plugins like "jQuery Crypt", that do a couple of the standard hash like MD5 and SHA1, HOWEVER, be informed, the HMAC using the SHA1 algorithm is a Different "multi round" hash, than a standard SHA1 hash. PHP offers an effective HMAC hash operation, that you can call with several many algorithms, (SHA1, SHA256, whirlpool), unless you can find this PHP HMAC in already coded and tested in another language, it may be tough to do that. But, the underlying C code for All of PHP, is available since it is open source. I am not that familiar with any ASP HMAC hash operations, so there may or may not be something there to test out.
Sorry I am not directly helping you with a code block in javascript that works, but this en-cryptic hash operations are very Complex, and the HMAC is even more factors added to the standard hash  algorithm.

You may can contact the Wizkunde outfit and ask them for solutions.

There is a Non jquery javascript with HMAC at -
   https://code.google.com/p/crypto-js/
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
Comment Utility
Slick has just reminded me that attempting to do this with the browser is counter intuitive because the user has access to everything in their browser. The reason we use php or asp for authentication it's it adds another layer of security that the user cannot see.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
Wizkunde...

The first hint that you are trying to work with a piece of junk is the lack of support and apparently defective documentation that led you to believe you had code that would run on a client.

Security is not somwething to screw around with, if you do not have skills at a level to understand the code, then how are you going to respond when a hacker finds a hole.  Either use code you write yourself and understand or hire a professional with security experience to do the work and support it.

Cd&
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Responsive CSS question 2 37
Time difference 10 33
Correct this jQuery code for opening div. 24 10
PHP loop not working 4 29
Requirements JQuery 1.6+ HTML CSS Introduction This article was inspired by an EE question (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28372511.html) on how to make a page show some balloons animate up a page…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now