I have a PHP app that I built using the Slim routing framework. The app needs to send dynamic emails from orders so that users can just respond to those emails and the response goes right back into the app (stored in MySQL). I can easily create the dynamic address per order and that goes out just fine. My problem is getting it back.
I setup a subdomain (mailer.example.com) and in cPanel I setup a forwarder to catch all mail to that subdomain and forward it to a specific PHP file. That php file reads stdin and grabs the mime message and currently writes it to a file:
#!/usr/bin/php -q
<?php
// read from stdin
$fd = fopen("php://stdin", "r");
$email = "";
while (!feof($fd))
{
$email .= fread($fd, 1024);
}
fclose($fd);
$filename = "mail_".date("mdYHis").rand(1,99999999);
file_put_contents("mailfiles/".$filename, $email);
header("Location: http://www.example.com/public/mailer/process/".$filename);
As you can see, at the end I would like to forward this to my actual app which has all the database calls and other routines to process the email. But I don't know how to get the request into the app. It seems to ignore the header call above.
Am I doing this all wrong or should I just do all the processing I need in this script? I realize that would maybe be the easiest path forward but I'm also trying to use a mail parse library that fits nicely in my app.
Not sure if that all makes sense. Let me know what other info you need.
I think what you're looking to do isn't to return an HTTP response with a Location header, but rather initiate an HTTP request to your web server.
In that case, you should replace your header() call with:
$ch = curl_init('http://localhost/public/mailer/process/' . $filename);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
Note that your script (the one called to save the mail contents) will wait for your app to finish processing the request. If this is an issue for you, you'll need to use a technique to run PHP processes in the background.
You can read a mailbox with php and parse the emails that way.
// To connect to a POP3 server on port 110 on the local server, use:
$mbox = imap_open ("{localhost:110/pop3}INBOX", "user_id", "password");
I would not, create a custom reply-email/mailbox, per order, instead add the order to the subject as a reference. That way you only need to parse one mailbox.
Find the imap functionality here
Related
I am trying to print php code on web page by using my URL. I know by file name i can print php code using "show_source('filename.php');" but i want to print code by URL, not by file.
I tried:-
<?php
show_source("http://URL.com/index.php");
?>
I also tried this code:-
<?php
$c = curl_init('http://URL.com');
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
//curl_setopt(... other options you want...)
$html = curl_exec($c);
if (curl_error($c))
die(curl_error($c));
// Get the status code
$status = curl_getinfo($c, CURLINFO_HTTP_CODE);
curl_close($c);
I also tried this code:-
$html = file_get_contents('https://www.URl.com');
print_r ($html) ;
?>
Short answer: If the web server is configured correctly, it should be impossible to do what you are trying to do.
A correctly configured web server will only send content after PHP has processed it. If the web server is sending raw PHP when a .php file is requested, it is misconfigured. If you are trying to view your own PHP files from a server you control, you can try making a copy of the PHP files and changing the extension to .phps, which the server should send as raw PHP code. Note that this will expose the PHP source to the web, which could present a security risk.
As Mr. Squidward already mentioned, this should not be possible. Otherwise this would be a major security breach since you can store passwords for databases in the PHP files.
A possible solution for your problem would be that you create a REST API on the second server and there you have a function that gets the content of a specific file and returns it in JSON.
But ensure that you don't pass any critical data as passwords or user-data in it.
I am trying to solve some errors on a Script piped by postfix, and when I send an error to Bugsnag I would like to send as well the raw email.
I grab the email content with
$handle = fopen("php://stdin", "r");
$email = stream_get_contents($handle);
The doc says that you can add custom metaData with the setMetaData function, but in my case this will be true only for this script.
Figured this out. Actually, the setMetaData method can be called at any time during the script.
I was wondering how to send a php variable from one server to another php script on another server?
I have 2 php scripts on 2 different server and one must send vars to the other.
I've been searching with little luck.
Would appreciate any help.
You could achieve that using curl and sending the variable as a GET value.
Something like this:
$data = "data you want to send";
$data = urlencode($data);
$url = "http://example.com?data=" . $data;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_exec($ch);
curl_close($ch);
Let's assume $data = "foobar"
Doing the above from a PHP script would be the same as someone visiting http://example.com?data=foobar from a browser.
You could obviously send it to any script using the url:
http://example.com/yourscript.php?data=foobar
At yourscript.php you can get the data at $_GET['data'], do some input validation to ensure it is being sent from your script and not from someone else via a browser (more on that later) and then proceed with your script.
For this to work, yourscript.php will have to reside in the public html folder of youtr webhost so it is accessible to your other script.
SECURITY
Whether you are passing the data over GET or POST, someone else can send (possibly malicious) data to your script as well. Thus, when yourscript.php receives data, there needs to be a way for it to ensure you are the sender of the script. An easy way to achieve this is: decide on any arbitrary number known only to you, say, 12.
Concatenate the number with the data you are passing and calculate the md5 hash and send it as another get variable.
In this case, you would calculate md5("12foobar")
and the URL would be: http://example.com/yourscript.php?data=foobar&auth=hash
When yourscript.php receives the data, it calculates the same hash (using the number 12, known to no one else) and if the hash it calculates matches with $_GET['auth'], you can be sure you sent the data.
If someone tried to imitate you and send data, they would not know how you calculate the hash, and would thus send the wrong hash.
PS
Another way to ensure rock solid security, would be to just check the IP address of the user-agent at $_SERVER['REMOTE_ADDR']. If it is the IP address of the webhost where your other script resides, then you know it is you.
I haven't thought this method through, so there might be some loopholes.
You can do that either using GET query strings (second_php?var=value) or using a curl connection with POST method and then send your data over POST.
You should probably use SOAP. It's used for remote function calls and it brings you little more overhead than just calling http requests, but it also brings you guarantee that remote function will be executed (or will cause error), it will directly return whatever datatype you need and I believe that's what this technology was developed for :)
I am developing an application in which the input I receive is through an SMS gateway ( and not a browser). I need to process the data obtained through SMS and pass it onto another PHP file which will finish the processing and send back an SMS to the SMS gateway.
However, when I try to redirect from page1.php to page2.php, it is not working with the following code:
page1.php:
$url = "location:http://www.iweavesolutions.com/$extra?sms=".$msg."&keyword=".$key."&num=".$msg_num."&src=".$source;
header($url);
page2.php:
$msg = $_GET['sms'];
$msg_num = $_GET['num'];
$keyword = $_GET['keyword'];
$src = $_GET['src'];
send_sms($msg,$msg_num);
However, the header call in the first page doesn't seem to work. php documentation says that header is used for browser related activities. In my application there is no browser at all. So, do I need to change my mechanism for passing values across files? Please help
please refer to "CURL"
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"http://www.iweavesolutions.com");
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,2);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'variable1=abc&variable2=123');
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch,CURLOPT_MAXREDIRS,1);
$buffer = curl_exec($ch);
curl_close($ch);
some thing like this
Sending a location:[someUrl] header as an answer to a request just tells the requesting client to do another request to that location. It is up to the client whether to follow this redirect or not. Browsers will usually do this, other clients may not.
If the client you're dealing with (the SMS gateway) does not follow location header redirects, you need to check with the clients documentation if there is some mechanism to make him do that. If there is no way to redirect the client, you need to change your server side logic to get rid of the need for the redirect, i.e. you need to call the processing logic in your 'page2.php' directly from 'page1.php' without the indirection of the redirect (or bundle the whole logic in one file, etc.).
The SMS gateway probably does not implement HTTP properly. IME this is not uncommon.
As a side note, your first script (assuming it is complete) is written assuming register_globals is enabled - this has been deprecated for a long time, and does not url-encode the values - which may be the cause of the issue here. If not, you'll need to either:
fix the SMS gateway
change the end point registered on the SMS gateway to eliminate the ned for redirection
include the code from the redirected script into the current endpoint script
proxy the request from the gateway in the endpoint script.
I want to create a zombie server.
That means, it is a proxy server being controlled by another server.
The reason is that my server neither supports ssl nor curl. And another server does. So I want to pass php-orders to the other server(which understands php) via php-paramater (index.php?order=...) and the result to be sent to my script.
Is there a snippet available for the zombie server?
It is highly unsecure and untested, but I believe something like that would suit your needs.
Server 1 (that without curl etc.):
<?php
// hash from pass, eg. 'da790439c0d433fcb1c1528008a1df2b5a7a7051'
$hash = sha1('some password here');
$command = 'echo "aaa";';
$result = file_get_contents('http://www.example.com/?hash='.$hash.'&command='.urlencode($command));
Server 2 (that with curl):
<?php
// hashed password hash
$hashed_hash = 'eb6874cc5accb7ab24c1ce4a6ec5521ac5748340';
if (isset($_GET['hash']) && sha1($_GET['hash'])==$hashed_hash) {
// correct hash given
$command = urldecode($_GET['command']);
// do whatever you need with command
}
You can use file_get_contents() with a HTTP resource provided that the fopen() wrappers are enabled.
if (($sResult = #file_get_contents('http://zombie.example.net/order.php?order=…')) === FALSE) {
throw new Exception('HTTP request failed!');
}
You then can parse $sResult.
Still, be sure to know that you are sending possibly sensitive information in plain-text to the "zombie" before the request is protected via SSL there.
At the zombie in order.php script, you simply process the $_GET parameters and put them into a SSL request, using either cURL or file_get_contents() again.