Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Help Converting PHP include_once to JQuery Post with inner class reference.

Posted on 2015-01-09
7
Medium Priority
?
146 Views
Last Modified: 2016-05-20
Hello, I am trying to perform single sign on using Jquery using a 3rd party SSO tool.  Unfortunately, the publisher (Wizkunde) only provides an example in PHP which I have included below.  I took my best shot at converting this to Jquery, but am stuck on the postData["key"] value.  Can someone please help?

This is the example published in the wizkunde help files:
<?php
include_once('Hmac.php');
$postData = array(
'email' => 'ron@wizkunde.nl',
'firstname' => 'Ron',
'lastname' => 'van der Molen',
'delivery' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
),
'invoice' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
)
);
$when = time();
$uri = 'http://<mydomain>/sso/login/login';

$hmacModel = new Wizkunde_Hmac('geheimesleutel', '300');
$hmacModel->setWhen(time());
$hmacModel->setUri($uri);

$postData['uri'] = $uri;
$postData['when'] = $when;
$postData['key'] = $hmacModel->createHash($postData);

header('Location: ' . $uri . '?' . http_build_query($postData));
?>

Open in new window



Here is the jquery I have pieced together:

<asp:Button ID="SSOButton" runat="server" Text="Button" />

    <script>
        $('#SSOButton').click( function() {

            var postDataArray = { "email": "ron@wizkunde.nl", "firstname": "Ron", "lastname": "van der Molen", "delivery": array = { "firstname": "Ron", "lastname": "van der Molen" }, "invoice": array = { "firstname": "Ron", "lastname": "van der Molen" } };
            var postData= jQuery.param(postDataArray);

            var CurrentTime = new Date($.now())
            var uri = "http://mydomain.com/b2bmagento/sso/login/login"

            postData["uri"] = uri
            postData["when"] = CurrentTime

            // It looks like I need to set the postData["key"] equal to the return value of createHash which exists in a new class Wizkunde_Hmac located at the uri.  I have no idea how to do this.

            postData["key"] = ""
               
            $.post(uri, postData, "json");

       }) 
</script>

Open in new window

0
Comment
Question by:joduk777
7 Comments
 
LVL 43

Expert Comment

by:Rob
ID: 40541660
Sorry if I've missed something but you can't convert PHP to jQuery as jQuery can only run on the client, whilst PHP only runs on the server.  Are you using ASP/c#/VB.net?  As that is what you'll need to convert the PHP to.
0
 

Author Comment

by:joduk777
ID: 40541667
The code provided in PHP is a client side POST for Single Sign on to a remote server.  The publisher of the product has only provided examples of the client side request in PHP which I copied here.  My interest isn't to translate PHP to jquery, but to create a client side POST using Jquery that achieves the same as the documentation that was provided in PHP.  

As a last resort, I am open to making a POST in Jquery with embedded PHP if that is the only way to achieve this outcome, but I am thinking this can all be done in Jquery.  Thanks for the help.
0
 
LVL 43

Accepted Solution

by:
Rob earned 1000 total points
ID: 40541669
The code they've provided you is PHP, but the client doesn't see it.  The PHP code is executed on the server and any result is sent to the client.  It's just that it is in the same file that it can be confusing.

jQuery communicates with the server via the http protocol by submitting forms or posting data via AJAX.  So it doesn't care if the server is running .NET, PHP, NodeJS etc.

So you will need to convert the PHP component of the code sample (between the <?php ... ?>) to your flavour of .NET.

in otherwords this code doesn't change:
<asp:Button ID="SSOButton" runat="server" Text="Button" />

    <script>
        $('#SSOButton').click( function() {

            var postDataArray = { "email": "ron@wizkunde.nl", "firstname": "Ron", "lastname": "van der Molen", "delivery": array = { "firstname": "Ron", "lastname": "van der Molen" }, "invoice": array = { "firstname": "Ron", "lastname": "van der Molen" } };
            var postData= jQuery.param(postDataArray);

            var CurrentTime = new Date($.now())
            var uri = "http://mydomain.com/b2bmagento/sso/login/login"

            postData["uri"] = uri
            postData["when"] = CurrentTime

            // It looks like I need to set the postData["key"] equal to the return value of createHash which exists in a new class Wizkunde_Hmac located at the uri.  I have no idea how to do this.

            postData["key"] = ""
               
            $.post(uri, postData, "json");

       }) 
</script>

Open in new window


This is what you need to convert  to your server side script:
<?php
include_once('Hmac.php');
$postData = array(
'email' => 'ron@wizkunde.nl',
'firstname' => 'Ron',
'lastname' => 'van der Molen',
'delivery' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
),
'invoice' => array(
'firstname' => 'Ron',
'lastname' => 'van der Molen'
)
);
$when = time();
$uri = 'http://<mydomain>/sso/login/login';

$hmacModel = new Wizkunde_Hmac('geheimesleutel', '300');
$hmacModel->setWhen(time());
$hmacModel->setUri($uri);

$postData['uri'] = $uri;
$postData['when'] = $when;
$postData['key'] = $hmacModel->createHash($postData);

header('Location: ' . $uri . '?' . http_build_query($postData));
?>

Open in new window

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 34

Assisted Solution

by:Slick812
Slick812 earned 1000 total points
ID: 40542213
greetings   joduk777, , This Wizkunde outfit has come up with a code that is suppose to allow a somewhat "secure" way to "Single Sign-On using a simple HTTP request" , , , as  this line in your code -
           header('Location: ' . $uri . '?' . http_build_query($postData));
unfortunately for you to translate their specialized "Hash-based message authentication code" (HMAC) Hash, is probably distinctive (as NOT standard SHA1 or MD5), it also seems to use the current time as a authentication hash seed as here -
     $hmacModel->setWhen(time());
So making their HMAC hash work in any other programming language, will likely be a challenge, even if you have much experience working with HMAC web exchanges. Browser Javascript does NOT have much to offer in Hash operations. Nor does Jquery offer much for en-cryptic hash operations, there are a couple of jquery hash  plugins like "jQuery Crypt", that do a couple of the standard hash like MD5 and SHA1, HOWEVER, be informed, the HMAC using the SHA1 algorithm is a Different "multi round" hash, than a standard SHA1 hash. PHP offers an effective HMAC hash operation, that you can call with several many algorithms, (SHA1, SHA256, whirlpool), unless you can find this PHP HMAC in already coded and tested in another language, it may be tough to do that. But, the underlying C code for All of PHP, is available since it is open source. I am not that familiar with any ASP HMAC hash operations, so there may or may not be something there to test out.
Sorry I am not directly helping you with a code block in javascript that works, but this en-cryptic hash operations are very Complex, and the HMAC is even more factors added to the standard hash  algorithm.

You may can contact the Wizkunde outfit and ask them for solutions.

There is a Non jquery javascript with HMAC at -
   https://code.google.com/p/crypto-js/
0
 
LVL 43

Expert Comment

by:Rob
ID: 40542286
Slick has just reminded me that attempting to do this with the browser is counter intuitive because the user has access to everything in their browser. The reason we use php or asp for authentication it's it adds another layer of security that the user cannot see.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 40542306
Wizkunde...

The first hint that you are trying to work with a piece of junk is the lack of support and apparently defective documentation that led you to believe you had code that would run on a client.

Security is not somwething to screw around with, if you do not have skills at a level to understand the code, then how are you going to respond when a hacker finds a hole.  Either use code you write yourself and understand or hire a professional with security experience to do the work and support it.

Cd&
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction JSON is an acronym for JavaScript Object Notation.  It is a text-string data transport mechanism, capable of representing simple or complex data structures in a consistent and easy-to-read manner.  Similar in concept to XML, but more e…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question