LFS Forum - HTTP requests: are they possible

#1 - TechEdison

HTTP requests: are they possible

Sun 27 May 2018, 21:37

Title says it all. Can I ping a website to make a request? My thought is to make a web status thing that shows the status of the server.

something along the lines of: httpRequestFunction("http://url.com/somepage.php?som=val");

#2 - Yisc[NL]

Mon 28 May 2018, 06:41

The answer is yes, that's possible.
It's possible to send data from Lapper to a website and it's possible to send data back to Lapper.

#3 - TechEdison

Mon 28 May 2018, 16:04

How

#4 - Bass-Driver

** Best answer **

Mon 28 May 2018, 17:37

With using the http(); function.

Gai-Luron wrote a small tutorial, how to use this function.

https://www.lfs.net/forum/post/1305880#post1305880

#5 - TechEdison

Mon 28 May 2018, 18:15

... This is pretty darn amazing...

I will be having lots of fun with this in the near future. The possibilities are literally endless since PHP is such a versatile language.

#6 - TechEdison

Mon 28 May 2018, 18:23

Is it basically as simple as this?

website:



<?php 

    $allowed_list = array(

    "TechEdison" => "yes",
    "Bass-Driver" => "no"

    );

    $username = $_GET["u"];

    if($allowed_list[$username] == "yes")
    {

        echo 'GlobalVar $allowed; $allowed = 1;';

    }
    else
    {

        echo 'GlobalVar $allowed; $allowed = 0;';

    }

?>

lapper:



<?php 

Event OnConnect($userName)

    http("http://myurl.com/script.php?u=".$userName);

    IF($allowed == 0)
    THEN

        cmdLFS("/kick ".$userName);
        GlobalMsg("Kicked: ".$userName.". Reason: Not Alowed");

    ELSE

        GlobalMsg("Welcome Back: ".$userName);

    ENDIF

EndEvent

?>

#7 - TechEdison

Mon 28 May 2018, 18:24

The above script effectively creates a server whitelist using a website as the list..

#8 - Bass-Driver

Mon 28 May 2018, 18:38

Never tried this function before because i not experience with PHP/HTML etc, but i think its something like this.

Website:



<?php 
$allowed_list = array(

    "TechEdison" => "yes",
    "Bass-Driver" => "no"

    );

    $username = $_GET["u"];

    if($allowed_list[$username] == "yes")
    {
        echo '1';
    }
    else
    {
        echo '0';
    }
?>

In Lapper:



<?php 
Event OnConnect($userName)

    $Allowed = http("http://myurl.com/script.php?u=".$userName);

    IF($Allowed == 0)
    THEN
        cmdLFS("/kick ".$userName);
        GlobalMsg("Kicked: ".$userName.". Reason: Not Alowed");
    ELSE
        GlobalMsg("Welcome Back: ".$userName);
    ENDIF

EndEvent
?>

#9 - Bass-Driver

Sun 2 Aug 2020, 10:59

I opened this thread, because this isnt working for me.

I created a simple script and that doesnt even work.
Let me explain what i did so far.

Created a webserver with XAMPP.
Created a script named testscript.PHP

Script look like this:



<?php 
if(isset($_GET["uname"])) 
{
    echo "".$_GET["uname"];
}
?>

Tested the script: http://localhost/testscript.php/?uname=Danny

-Output: Danny

Created a command in LFSLapper with the HTTP() Function, looks like this



<?php 
CASE "!http":
   $uName = http("http://localhost/testscript.php/?uname=".$userName);
   globalmsg("Hello: ".$uName);
 BREAK;
?>

but it doesnt return anything.
Could someone help me with this. It looks so simple. And maybe it is something simple i havent seen.

Thank you

#10 - Yisc[NL]

Sun 2 Aug 2020, 15:29

My PHP script looks like this:



<?php 
### Get data send through LFS Lapper ###
$servername= $_GET['servername'];
$race_date= $_GET['date'];
$password= $_GET['password'];
### End ###

Follow by code to do certain things.
?>

In my Lapper Sub I have this:

http("http://[URL TO WEBSERVER]/test_pwd_lfs.php?servername=".$server_name_schedule."&date=".$date_storage."&password=".$pwd_storage);

I think you cannot run PHP-pages on your local computer, they always have to be on a webserver.

#11 - Bass-Driver

Sun 2 Aug 2020, 15:48

i use XAMPP(apache webserver) to run PHP scripts, and i can run php scripts with no problem.

so i think there is something wrong with the connection between LFSLapper and the Webserver.

i'm not into php stuff but , there is a way to check if the script receives any $_GET["uname"] data in realtime?
Like auto pagerefresh when data is being received.

i checked google already, but couldnt find what i'm looking for.

#12 - Yisc[NL]

Sun 2 Aug 2020, 16:16

I see you have an error in your http syntax:

This: $uName = http("http://localhost/testscript.php/?uname=".$userName);

Should be: $uName = http("http://localhost/testscript.php?uname=".$userName);

#13 - Bass-Driver

Sun 2 Aug 2020, 16:23

still doesnt work

#14 - Yisc[NL]

Sun 2 Aug 2020, 16:26

I think this can never work:

$uName = http("http://localhost/testscript.php?uname=".$userName);

You put an URL into a variable, while you want to execute the HTTP command.
Try this:



<?php 
CASE "!http":
   http("http://localhost/testscript.php/?uname=".$userName);
   globalmsg("Hello: ".$userName);
 BREAK;
?>

#15 - Bass-Driver

Sun 2 Aug 2020, 16:36

oke that outputs the username of the OnMSO event, as it should.
but i need to check my console more often, because it outputs everything i send/receive to the web. dont think this is normal.

but that is not how i code the command and php script.

changed the 'echo' text a bit.

Attached images

#16 - Yisc[NL]

Sun 2 Aug 2020, 16:38

I never see my HTTP commands on the console, so that's probably because you have it in a ![cmd] event.
Could you try to go to a SUB from the ![cmd] and put the HTTP command in the SUB?

#17 - Bass-Driver

Sun 2 Aug 2020, 17:20

as first thank you for helping.

and i have to apologize about this request for help.

I looked into the sourcecode. Because something this simple isnt working, so it could be the sourcecode.

Well, it turns out that some lines were disabled (for a long time) that handles returning webrequests. I think it happend during a fix for TechEdison about sending http requests as non player.

https://www.lfs.net/forum/thread/92272

That also explains the console messages (Debug messages).

The Lappercode



<?php 
CASE "!http":
    SendWebRequest($userName);
BREAK;    
    
sub SendWebRequest($Player)
    privmsg($Player,"Send webrequest");
    http("http://localhost/testscript.php/?uname=".$Player);
EndSub
?>

PHP Script:



<?php 
php
if(isset($_GET["uname"])) 
{
    echo "globalmsg(\"^6Return Text!\");";
}
?>

?>

Now i can figuring out how to send variables from the web.

#18 - Yisc[NL]

Sun 2 Aug 2020, 17:34

Ah, that must have happened at some point then.
As you know I still am on a rather old version of Lapper and that HTTP function is working like a dream there.

You can make the webpage talk back to Lapper, using Lapper commands and make them by echoed by PHP.
As long as the syntax is right for Lapper, it will do what you want it to do.

#19 - Bass-Driver

Sun 2 Aug 2020, 18:06

ok thx,

could you tell me what is wrong with this link lol

http("https://velocitymsports.com/testscript.php?uname=Bass-Driver");

Error:

8/2/2020 8:01:57 PM -> Syntax error: in file "" at line #1
Token not catched

if you go straight to the link it works as it should.
https://velocitymsports.com/testscript.php?uname=Bass-Driver

The "local" link works aswell
http("http://localhost/testscript.php?uname=Bass-Driver");

EDIT:
php script looks like this:



<?php 
if(isset($_GET["uname"])) 
{
    echo 'GlobalMsg("Welcome '.$_GET["uname"].'");';
    echo 'privMsg("Welcome '.$_GET["uname"].'");';
    echo 'cmdLFS("/msg Welcome '.$_GET["uname"].'" );';    
}
?>

#20 - Yisc[NL]

Sun 2 Aug 2020, 18:28

It's Lapper throwing the error on the HTTP command or when PHP gives information back to Lapper?

It could be because of https (that's a guess) or maybe you need to put the value between single quotes, like this:

http("https://velocitymsports.com/testscript.php?uname='Bass-Driver'");

#21 - Bass-Driver

Sun 2 Aug 2020, 18:48

OK another lesson learned, after some experimenting.

The person who own the website, putt the phpcode between HTML tags. I didnt know that.
So Lapper sees the string differently when its between HTML tags.

like this for example:



<?php 
<!DOCTYPE html>
<html>
<body>

<h1>Blah Blah Blah</h1>

<?php
if(isset($_GET["uname"])) 
{
    echo 'GlobalMsg("Welcome '.$_GET["uname"].'");';
    echo 'privMsg("Welcome '.$_GET["uname"].'");';
    echo 'cmdLFS("/msg Welcome '.$_GET["uname"].'" );';    
}
?>

</body>
</html>
?>

#22 - cargame.nl

Mon 3 Aug 2020, 11:24

Wow.. This allows dramatic security breaches. Never use $_GET / $_POST in server commands without performing XSS inject security checks.

I can easily extend those server commands with anything I would like.

little example;

https://velocitymsports.com/testscript.php?uname=Bass-Driver");cmdLFS("/msg%20hi"%20);

(but much more harmful stuff could be done).

#23 - Bass-Driver

Mon 3 Aug 2020, 16:21

wow oke, didnt know about this.
i know nothing about php or web development at all.

So thank you for the feedback, and the example.
What do you suggest to prevent XSS for this small code as an example.

#24 - Bose321

Mon 3 Aug 2020, 19:50

If you're just using plain PHP spaghetti code, this would be a good start: https://www.php.net/manual/en/function.htmlspecialchars.php and https://www.php.net/manual/en/function.strip-tags.php

A closing PHP tag at the end of your file is also bad practise by the way.

#25 - Yisc[NL]

Tue 4 Aug 2020, 05:45

I understand the security concerns, but LFS players won't see Lapper executing the HTTP command, so they have no knowlegde to what URL it is sending data. From the other side no data can been seen, when someone would get hold of the URL, as PHP is executed server-side and only displays the outcome on a website (if there is anything to display), so unless someone gets the actual PHP-file, this is pretty safe.