gitphp 0.2.9.1 :: busui.git/commitdiff

Avoid validation for cheap SSL certificates used by Transport for Canberra

file:a/myway/myway_api.json.php -> file:b/myway/myway_api.json.php

<?php	<?php

/*	/*
* Copyright 2010,2011 Alexander Sadleir	* Copyright 2010,2011 Alexander Sadleir

Licensed under the Apache License, Version 2.0 (the "License");	Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.	you may not use this file except in compliance with the License.
You may obtain a copy of the License at	You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0	http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software	Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,	distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and	See the License for the specific language governing permissions and
limitations under the License.	limitations under the License.
*/	*/

function cleanString($subject) {	function cleanString($subject) {
$subject = str_replace(" ", " ", $subject);	$subject = str_replace(" ", " ", $subject);
$subject = str_replace("&", "&", $subject);	$subject = str_replace("&", "&", $subject);
$subject = preg_replace('/[^\r\n\t\x20-\x7E\xA0-\xFF]/', '', $subject);	$subject = preg_replace('/[^\r\n\t\x20-\x7E\xA0-\xFF]/', '', $subject);
$subject = str_replace(" ", " ", $subject);	$subject = str_replace(" ", " ", $subject);
return trim($subject);	return trim($subject);
}	}

$return = Array();	$return = Array();
/* if (file_exists("mywayresponse.txt")) {	/* if (file_exists("mywayresponse.txt")) {
@$fh = fopen("mywayresponse.txt", 'r');	@$fh = fopen("mywayresponse.txt", 'r');
if ($fh) {	if ($fh) {
$pageHTML = fread($fh, filesize("mywayresponse.txt"));	$pageHTML = fread($fh, filesize("mywayresponse.txt"));
fclose($fh);	fclose($fh);
}	}
} */	} */
//set POST variables	//set POST variables
$url = 'https://www.transport.act.gov.au/ARTS/use_Funcs.asp';	$url = 'https://www.transport.act.gov.au/ARTS/use_Funcs.asp';
//$url = 'http://localhost/myway.html';	//$url = 'http://localhost/myway.html';
$field_mapping = Array(	$field_mapping = Array(
"card_number" => "SRNO",	"card_number" => "SRNO",
"DOBmonth" => "month",	"DOBmonth" => "month",
"DOBday" => "day",	"DOBday" => "day",
"DOByear" => "year",	"DOByear" => "year",
"secret_answer" => "pwrd",	"secret_answer" => "pwrd",
"button" => "Submit"	"button" => "Submit"
);	);
foreach (Array(	foreach (Array(
"card_number",	"card_number",
"DOBday",	"DOBday",
"DOBmonth",	"DOBmonth",
"DOByear"	"DOByear"
) as $field_name) {	) as $field_name) {
if (isset($_REQUEST[$field_name])) {	if (isset($_REQUEST[$field_name])) {
$fields[$field_name] = filter_var($_REQUEST[$field_name], FILTER_SANITIZE_NUMBER_INT);	$fields[$field_name] = filter_var($_REQUEST[$field_name], FILTER_SANITIZE_NUMBER_INT);
} else {	} else {
$return["error"][] = $field_name . " parameter invalid or unspecified";	$return["error"][] = $field_name . " parameter invalid or unspecified";
}	}
}	}
if (isset($_REQUEST['secret_answer'])) {	if (isset($_REQUEST['secret_answer'])) {
$fields['secret_answer'] = filter_var($_REQUEST['secret_answer'], FILTER_SANITIZE_STRING, Array(	$fields['secret_answer'] = filter_var($_REQUEST['secret_answer'], FILTER_SANITIZE_STRING, Array(
FILTER_FLAG_NO_ENCODE_QUOTES,	FILTER_FLAG_NO_ENCODE_QUOTES,
FILTER_FLAG_STRIP_HIGH,	FILTER_FLAG_STRIP_HIGH,
FILTER_FLAG_STRIP_LOW	FILTER_FLAG_STRIP_LOW
));	));
} else {	} else {
$return["error"][] = "secret_answer parameter invalid or unspecified";	$return["error"][] = "secret_answer parameter invalid or unspecified";
}	}
$fields['button'] = 'Submit';	$fields['button'] = 'Submit';
$fields_string = "";	$fields_string = "";
//url-ify the data for the POST	//url-ify the data for the POST
foreach ($fields as $key => $value) {	foreach ($fields as $key => $value) {
if (sizeof($value) === 0)	if (sizeof($value) === 0)
$return['error'][] = $key . " parameter invalid or unspecified";	$return['error'][] = $key . " parameter invalid or unspecified";
$fields_string.= $field_mapping[$key] . '=' . $value . '&';	$fields_string.= $field_mapping[$key] . '=' . $value . '&';
}	}
$fields_string = rtrim($fields_string, '&');	$fields_string = rtrim($fields_string, '&');
if (!isset($return['error'])) {	if (!isset($return['error'])) {
//open connection	//open connection
$ch = curl_init();	$ch = curl_init();
//set the url, number of POST vars, POST data	//set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);	curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($fields));	curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);	curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, "https://www.transport.act.gov.au/ARTS/getbalance.asp");	curl_setopt($ch, CURLOPT_REFERER, "https://www.transport.act.gov.au/ARTS/getbalance.asp");
curl_setopt($ch, CURLOPT_HEADER, 0);	curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);	curl_setopt($ch, CURLOPT_TIMEOUT, 30);
	// ssl ignore
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
//execute post	//execute post
$pageHTML = curl_exec($ch);	$pageHTML = curl_exec($ch);
if (curl_errno($ch))	if (curl_errno($ch))
$return["error"][] = "Network error " . curl_errno($ch) . " " . curl_error($ch) . " " . $url . $fields_string;	$return["error"][] = "Network error " . curl_errno($ch) . " " . curl_error($ch) . " " . $url . $fields_string;
//close connection	//close connection
curl_close($ch);	curl_close($ch);
}	}

function parseTable($table,$tableName) {	function parseTable($table,$tableName) {
global $return;	global $return;
$tableColumns = Array();	$tableColumns = Array();
$tableColumnNum = 0;	$tableColumnNum = 0;
foreach ($table->find("th") as $th) {	foreach ($table->find("th") as $th) {
$tableColumns[$tableColumnNum] = cleanString($th->plaintext);	$tableColumns[$tableColumnNum] = cleanString($th->plaintext);
$tableColumnNum++;	$tableColumnNum++;
}	}
//print_r($tableColumns);	//print_r($tableColumns);
$tableRowNum = 0;	$tableRowNum = 0;
foreach ($table->find("tr") as $tr) {	foreach ($table->find("tr") as $tr) {
$tableColumnNum = 0;	$tableColumnNum = 0;
foreach ($tr->find("td") as $td) {	foreach ($tr->find("td") as $td) {
if ($tableName == "myway_carddetails") {	if ($tableName == "myway_carddetails") {
// first table has card/cardholder details	// first table has card/cardholder details
$return[$tableName][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);	$return[$tableName][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
} else {	} else {
// second table has transactions	// second table has transactions

if ($tableColumns[$tableColumnNum] == "TX Reference No / Type") {	if ($tableColumns[$tableColumnNum] == "TX Reference No / Type") {
$return[$tableName][$tableRowNum]["TX Reference No"] = substr(cleanString($td->plaintext), 0, 6);	$return[$tableName][$tableRowNum]["TX Reference No"] = substr(cleanString($td->plaintext), 0, 6);
$return[$tableName][$tableRowNum]["TX Type"] = substr(cleanString($td->plaintext), 7);	$return[$tableName][$tableRowNum]["TX Type"] = substr(cleanString($td->plaintext), 7);
} else {	} else {
$return[$tableName][$tableRowNum][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);	$return[$tableName][$tableRowNum][$tableColumns[$tableColumnNum]] = cleanString($td->plaintext);
}	}
}	}
//print_r($return);	//print_r($return);
$tableColumnNum++;	$tableColumnNum++;
}	}
$tableRowNum++;	$tableRowNum++;
}	}
}	}

if (!isset($return['error'])) {	if (!isset($return['error'])) {
include_once ('../lib/simple_html_dom.php');	include_once ('../lib/simple_html_dom.php');
//print_r($pageHTML);	//print_r($pageHTML);
$page = str_get_html($pageHTML);	$page = str_get_html($pageHTML);
$pageAlerts = $page->find(".smartCardAlert");	$pageAlerts = $page->find(".smartCardAlert");
if (sizeof($pageAlerts) > 0) {	if (sizeof($pageAlerts) > 0) {
$return['error'][] = $pageAlerts[0]->plaintext;	$return['error'][] = $pageAlerts[0]->plaintext;
}	}
if (!isset($return['error'])) {	if (!isset($return['error'])) {
$tables = $page->find(".type3");	$tables = $page->find(".type3");
parseTable($tables[0], "myway_carddetails");	parseTable($tables[0], "myway_carddetails");

$tables = $page->find(".type2");	$tables = $page->find(".type2");
parseTable($tables[0], "myway_transactions");	parseTable($tables[0], "myway_transactions");

}	}
}	}
if (sizeof($return) == 0) {	if (sizeof($return) == 0) {
$return['error'][] = "No data extracted from MyWay website - API may be out of date";	$return['error'][] = "No data extracted from MyWay website - API may be out of date";
}	}
if (basename(__FILE__) == "myway_api.json.php") {	if (basename(__FILE__) == "myway_api.json.php") {
header('Content-Type: text/javascript; charset=utf8');	header('Content-Type: text/javascript; charset=utf8');
// header('Access-Control-Allow-Origin: http://bus.lambdacomplex.org/');	// header('Access-Control-Allow-Origin: http://bus.lambdacomplex.org/');
header('Access-Control-Max-Age: 3628800');	header('Access-Control-Max-Age: 3628800');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');	header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
if (isset($_GET['callback'])) {	if (isset($_GET['callback'])) {
$json = '(' . json_encode($return) . ');'; //must wrap in parens and end with semicolon	$json = '(' . json_encode($return) . ');'; //must wrap in parens and end with semicolon
print_r($_GET['callback'] . $json); //callback is prepended for json-p	print_r($_GET['callback'] . $json); //callback is prepended for json-p
}	}
else	else
echo json_encode($return);	echo json_encode($return);
}	}
?>	?>