Archive

Archive for July, 2016

AvatarAPI.com – Get a name and profile pic from a #Gmail address

July 31, 2016 Leave a comment

AvatarAPI

Do you find that your users never upload decent profile images?, and you end up with pages with lots of default silhouette icons in place of profile pics?, or perhaps you have a database with plenty of email addresses, but no name to put to them – so you end up sending out emails with “Dear Sir or Madam” instead of “Dear Mr James Smith” , this service at AvatarAPI.com allows you to use a simple API to solve those problems.

It’s easy to implement in either PHP, C#, or any other language that can make a HTTP request and parse XML.

HTTP useage

You can call this via any client capable of making a HTTP request, in it’s simplist form, you make a GET request as follows

http://www.avatarapi.com/avatar.asmx/GetProfile?email=peter.smith@gmail.com&username=xxxxx&password=xxxxx

(where xxxx is your username and password)

And you will receive XML as follows

 

<profile xmlns:xsd=”http://www.w3.org/2001/XMLSchema&#8221; xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance&#8221; xmlns=”http://avatarapi.com/”&gt;

<Name>Peter Smith</Name>

<Image>

https://lh3.googleusercontent.com/-06yJmZ9VFKI/AAAAAAAAAAI/AAAAAAAAAAA/KHOss3osMJ4/s181-c/117841766777955842390.jpg

</Image>

<Valid>true</Valid>

</profile>

 

PHP implementation

You can call the webservice via PHP using code such as the following:

Replacing the xxxxx with your username and password.

 

<?php

$client = new SoapClient(“http://www.avatarapi.com/avatar.asmx?wsdl&#8221;);

$params = array (

   “email” => “john.reid@gmail.com”,

   “username” => “xxxxx”,

   “password” => “xxxxxx”

);

$response = $client->__soapCall(‘GetProfile’, array($params));

print_r($response);

?>

 

C# implementation

To use C# to call this API, you must first add a web service reference to your project by right clicking Add > Service Reference, and entering the url http://www.avatarapi.com/avatar.asmx

You can call the namespace “Avatar”, for the purposes of this example, then just add this code into a console app;

Replacing the xxxxx with your username and password.

 

var avatar = new avatarSoapClient();

var profile = avatar.GetProfile(“john.reid@gmail.com”, “xxxx”, “xxxx”);

Console.WriteLine(profile.Name);

Console.ReadLine();

 

Advertisements
Categories: Uncategorized

#Car registration #API for #Croatia

July 28, 2016 Leave a comment

croatia

If your buisness sells cars or car parts in Croatia, then you can streamline the purchase process by allowing users enter a car number plate rather than selecting make / model / year etc.

With http://www.provjeraregistracije.com/ you can submit a Croatian car number plate via the API, and in return, get the make, model, VIN number and current insurer

Car registration plates in Croatia use the /CheckCroatia endpoint and return the following information:

  • Make / Model
  • VIN number
  • Insurer
  • Insurer website
  • Insurance number

 

Sample Json:

{“Description”:”ŠKODA FAVORIT, 136 L”,”CarMake”:{“CurrentTextValue”:”ŠKODA”},”CarModel”:{“CurrentTextValue”:” FAVORIT, 136 L”},”MakeDescription”:{“CurrentTextValue”:”ŠKODA”},”ModelDescription”:{“CurrentTextValue”:” FAVORIT, 136 L”},”VechileIdentificationNumber”:”TMBADA200M0268617″,”InsuranceCompany”:”CROATIA OSIGURANJE D.D.”,”InsuranceCompanyUrl”:”http://www.crosig.hr&#8221;,”InsuranceCompanyNumber”:”011610053583″}

Categories: Uncategorized

Paypal #IPN in C#- the basics.

July 21, 2016 Leave a comment

ipn

After you get a payment from paypal, you can simply redirect the user back to your website in order to record the purchase in your database, but this has serious problems, one is that customers can often close their browser after payment so you don’t record the payment, or a cheeky customer might try bypassing paypal and go straight to your order processing “thank you” page, and might get your service for free.

Paypal IPN gets around both of these problems, one is that it doesn’t matter if the user closes the browser, it will get called anyway. Secondly, it can’t be called manually, since the IPN payload gets verified against Paypal, so that it can’t be faked.

What is Paypal IPN?

It’s simply the parameter notify_url is set to a url on your server, and you include this parameter in the /webscr url in the “buy now” button. This url gets called by Paypal’s servers. You add &cmd=_notify-validate to the post data, and post it back to paypal for validation. If paypal returns “VERIFIED” then you can provide whatever service you need to the customer. – There are some other security checks you can do here too, to make sure the user is paying in the expected currency, and the expected amount.

And here’s the code (Adapted from Paypal’s VB.NET version):

var param = Request.BinaryRead(HttpContext.Current.Request.ContentLength);
var strRequest = Encoding.ASCII.GetString(param);
strRequest = strRequest + “&cmd=_notify-validate”;
var strLive = “https://www.paypal.com/cgi-bin/webscr&#8221;;
var req = (HttpWebRequest)WebRequest.Create(strLive);

//Set values for the request back
req.Method = “POST”;
req.ContentType = “application/x-www-form-urlencoded”;
req.ContentLength = strRequest.Length;

var streamOut = new StreamWriter(req.GetRequestStream(), Encoding.ASCII);
streamOut.Write(strRequest);
streamOut.Close();
var streamIn = new StreamReader(req.GetResponse().GetResponseStream());
var strResponse = streamIn.ReadToEnd();
streamIn.Close();

 

switch (strResponse)
{
case “VERIFIED”:
var ipn = Request.Form.AllKeys.ToDictionary(k => k, k => Request[k]);

//check the payment_status is Completed
//check that txn_id has not been previously processed
//check that receiver_email is your Primary PayPal email
//check that payment_amount/payment_currency are correct
//process payment
break;
case “INVALID”:
//log for manual investigation
break;
default:
//Response wasn’t VERIFIED or INVALID, log for manual investigation
break;
}

 

 

Categories: Uncategorized

#Vulnerability in CaptchaSecurityImages.php

July 1, 2016 Leave a comment

CaptchaSecurityImages

CaptchaSecurityImages.php is a common captcha generation script, that really should never be used. It was written back in 2006 by Simon Jarvis, but it’s got some serious security flaws.

The main one being, it’s configurable remotely, so instead of a hard captcha like this

CaptchaSecurityImages-hard

 

 

You can simply pass in parameters saying you’d like it to be massive, and let’s make the text bright red, so that it’s easy to filter from the background – and, let’s have 2 characters rather than 6, then we can put that through any OCR webservice, and it’ll read it no problem.

width=500&height=220&characters=2&font_color=FF0000

Well done Mr. Jarvis… Use google recaptcha instead.

Categories: Uncategorized