0

I made two ways of requesting a POST. Method 1 is submitting the form to the server. Method 2 is using Jquery $.post.

<!--METHOD 1-->
<form method="POST" action="postmanTest.php" id="#myform">

  <input type="hidden" id ="bodyv" name="bodyv" value="aaab">

  <input type="hidden" id ="time" name="time">
  <input type="submit" value="Submit Now" id="btn2" name="submit" onclick="stringify()">
   
</form>

<button id = "btn3">Set TIme</button>


<script>

  //---METHOD 2---
  $("#btn2").click(function(){

    stringify();
    
    $bodyv=$("#bodyv").val();


    
    $.post("postmanTest.php",
      {bodyv:$bodyv},
      function(data,status){
        alert(data);
      }
    )

  })

  //---SET TIME---
  $("#btn3").click(function(){

    document.getElementsByName('time')[0].value = new Date().getTime();

  })
  
</script>

The stringify function

<script type="text/javascript">


function stringify(){



  let time = document.getElementsByName('time')[0].value;

  let body = {
      "data": {
        // "scheduleAt": "2022-04-01T14:30:00.00Z", // optional
          "serviceType": "MOTORCYCLE",
          //"specialRequests": ["TOLL_FEE_10"], // optional
          "specialRequests": ["CASH_ON_DELIVERY"], // optional
          "language": "en_PH",
          "stops": [
            {
                "coordinates": {
                      "lat": "0",
                      "lng": "0"
                  },
                  "address": "Innocentre, 72 Tat Chee Ave, Kowloon Tong"
            },
            {
                "coordinates": {
                      "lat": "0",
                      "lng": "0"
                  },
                  "address": "Canton Rd, Tsim Sha Tsui"
            }
          ],
          "isRouteOptimized": false, // optional only for quotations
          "item":{
                "quantity":"12",
                "weight":"LESS_THAN_3_KG",
                "categories":[
                  "FOOD_DELIVERY",
                  "OFFICE_ITEM"
                ],
                "handlingInstructions":[
                  "KEEP_UPRIGHT"
                ]
        },
      }
  };

  body = JSON.stringify(body);

  document.getElementsByName('bodyv')[0].value = `${time.toString()}\r\nPOST\r\n/v3/quotations\r\n\r\n${body}`;


  
}

The server side PHP code accepts the variables and applies hash_hmac sha256 to the bodyv variable

 <?php


 $bodyVar = $_POST['bodyv'];



 $secret = "mysecretkey";

 $sig = hash_hmac('sha256', $bodyVar, $secret);


 echo $sig;

Method 1 and method 2 produce different values for $sig = hash_hmac('sha256', $bodyVar, $secret). Why is this happening? Method 1 is the correct hash value.

Floben Dale Moro
  • 83
  • 1
  • 11

1 Answers1

1

After researching, I saw you are using \r\n to set $bodyv data. And when you get that data with $bodyv = $("#bodyv").val() the \r is stripped. That´s because val() strips carriage return chars as explained here. You could change to $bodyv = $("#bodyv")[0].value;` and it will work as expected

Edited to match the correct answer

lestra
  • 312
  • 1
  • 7
  • I tried to add a hidden input with id = time. I create a separate button to set the hidden input = current time (document.getElementsByName('time')[0].value = new Date().getTime();) . This should set the time variable so that it will be the same on Method1 and Method 2. I'm still getting different hash values. In stringify is changed so that it will have same value (let time = document.getElementsByName('time')[0].value;) – Floben Dale Moro Aug 12 '22 at 18:44
  • 1
    After researching, I saw you are using `\r\n` to set `$bodyv` data. And when you get that data with `$bodyv = $("#bodyv").val()` the `\r` is stripped. That´s because val() strips carriage return chars as explained [here](https://api.jquery.com/val/). You could change to `$bodyv = $("#bodyv")[0].value;` and it will work as expected. – lestra Aug 13 '22 at 00:00
  • How do I make this the correct answer? Thanks a lot, that really amazing! – Floben Dale Moro Aug 13 '22 at 00:58