Http Post, Triggering Php. Works On Test Event, But Not Real Event

[XMLnewbi]

I am using the service from bitping.net which uses a HTTP POST to send event data to my php script on my site.

 

When an event is posted the data is inserted into a database and then triggers a SMS via the twilio script. For some reason my test event would run the script fine; insert the data and return info via SMS.

but the actual event does not trigger the SMS!

After a ton of debugging I tracked down the point where it stops working

I have it broken into 3 parts.

Data.php the main file

Addresscheck.php

Requiredebug.php

 

I can only run two of these at a time. Data.php and require ("addresscheck.php"); or data.php and require ("requireDebug.php");

 

Both do work independently if I comment out the other include.

 

I tried having one database, tried breaking it into two. (The way it is now)

 

I keep thinking it must be a problem with the site bitping.net

But every time data is passed into the database. Test/or real event. It is the twillio that is failing to trigger.

It seems insane to me the Test event HTTP POST would be any different from the real event.

I’ve been pounding my head with craziness; any pointers would be greatly appreciated.

<?php
//Call the 2 databases
$conn = new mysqli('localhost', 'Admin', 'XXXXXXXX','MDHoldings');



//debug PASS
//bitping HTTP post, but should work for Pubnub
			 $to_address = $_POST["to_address"];
			 $amount	 = $_POST["amount"];
			 $btc		 = $_POST["btc_amount"];
			 $confirmations = $_POST["confirmations"];
			 $txhash	 = $_POST["txhash"];
			 $block		 = $_POST["block"];
			 $sig		 = $_POST["signature"];
			 $mysig = sha1(
			 $address .
			 $amount .
			 $confirmations .
			 $txhash .
			 $block .
			 "f632c83ad0f5a44d9a169902ff18b3ed"
			 );

			 if ($mysig === $sig)
			 {
				 //check if number of confirmations is ok
				 //update order/send user notification
			 } else {
				 //log all post data, send warning email to administrator
			 }

//get data
//require ("requireDebug.php");

//store DATA

$sql = "INSERT INTO `transactions` (`to_address`, `txhash`, `USD`, `amount`, `block`)
VALUES ('$to_address', '$txhash', '$USD','$amount','$block')";

//KEEP TRACK OF IF's
if ($conn->query($sql) === TRUE) {
 echo 'users entry saved successfully';
}
else {
 echo 'Error: '. $conn->error;
}



//Debug PASS
require ("addresscheck.php");
//debug 2

//require ("requireDebug.php");

//********** WHY CAN I ONLY Use 1?! If I only select one at a time, not both!?


$cell = XXXXXXXXXX;
//$Data = test;
/* Send an SMS using Twilio. You can run this file 3 different ways:
*
* - Save it as sendnotifications.php and at the command line, run
* php sendnotifications.php
*
* - Upload it to a web host and load mywebhost.com/sendnotifications.php
* in a web browser.
* - Download a local server like WAMP, MAMP or XAMPP. Point the web root
* directory to the folder containing this file, and load
* localhost:8888/sendnotifications.php in a web browser.
*/
// Step 1: Download the Twilio-PHP library from twilio.com/docs/libraries,
// and move it into the folder containing this file.
require "Services/Twilio.php";
// Step 2: set our AccountSid and AuthToken from www.twilio.com/user/account
$AccountSid = "XXXXXXXXXXXXXXXXXXXXXXXXXX";
$AuthToken = "XXXXXXXXXXXXXXXXXXXXXXXXX";
// Step 3: instantiate a new Twilio Rest Client
$client = new Services_Twilio($AccountSid, $AuthToken);
// Step 4: make an array of people we know, to send them a message.
// Feel free to change/add your own phone number and name here.
$people = array(
"$cell" => "$user",
);
// Step 5: Loop over all our friends. $number is a phone number above, and
// $name is the name next to it
foreach ($people as $number => $name) {
$sms = $client->account->sms_messages->create(
// Step 6: Change the 'From' number below to be a valid Twilio number
// that you've purchased, or the (deprecated) Sandbox number
"XXXXXXXXXXXXX",
// the number we are sending to - Any phone number
$number,
// the sms body
" $test $name, There has been a deposit to $Account : $baddress you have $USD$ of new funds in your account. Recipt $txhash "
);
// Display a confirmation message on the screen
echo "Sent message to $name $amount";
}


$conn->close();
?>


requireDebug.php
<?php
$conn = new mysqli('localhost', 'worker', 'XXXXXXX','test');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}



// sql query for INSERT INTO users (two rows)
// SELECT sql query
$sql = "SELECT `id`, Price FROM `Intake` ORDER BY id DESC LIMIT 1";

// perform the query and store the result
$result = $conn->query($sql);

// if the $result contains at least one row
if ($result->num_rows > 0) {
 // output data of each row from $result
 while($row = $result->fetch_assoc()) {
		 $rate = $row['Price'];

 }
}
else {
 echo '0 results';
}

//$Data = $row['Price'];
echo ($rate);
$conn->close();

$USD = ($amount * $rate)/100000000;
?>

addresscheck.php
<?php


// CONNECT TO THE DATABASE
$conn = new mysqli('localhost', 'Admin', 'XXXXXXX','MDHoldings');
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}



// sql query for INSERT INTO users (two rows)
// SELECT sql query
$sql2 = "SELECT * FROM Accounts WHERE Address = '$to_address'";

// perform the query and store the result
$result2 = $conn->query($sql2);

// if the $result contains at least one row
if ($result2->num_rows > 0) {
 // output data of each row from $result
 while($row2 = $result2->fetch_assoc()) {
		 $Account = $row2['Account'];

 }
}
else {
 echo '0 results';
}

//echo ($test);
//echo ($Account);
//echo ($user_email);
//echo ($Balance);

$conn->close();
?>

[XMLnewbi]

Test event looks like

 

 

Code:

array( {
["TEST"]=>
string(4) "TRUE"
["to_address"]=>
string(4) "test"
["amount"]=>
string(9) "150000000"
["btc_amount"]=>
string(3) "1.5"
["confirmations"]=>
string(1) "2"
["txhash"]=>
string(11) "testhash-tx"
["block"]=>
string(5) "15250"
["signature"]=>
string(40) "fd6808b1a3a9736c916f60bd241b66dbc72d7f77"
}

 

Actual event

 

 

Code:

 

array(7) {
 ["to_address"]=>
 string(34) "1GPowmeufEGBJxGm5fHsFaiqDcQ3w9kgVj"
 ["amount"]=>
 string(7) "1000000"
 ["btc_amount"]=>
 string(4) "0.01"
 ["confirmations"]=>
 string(1) "0"
 ["txhash"]=>
 string(64) "dc984baa46f098954dde02e21d697f6924624e0d07c322fa797cfaa94cf32666"
 ["block"]=>
 string(2) "-1"
 ["signature"]=>
 string(40) "3536891cc601a0585b1833cbf3f002bc358b30fa"
}

 

I have no idea how the extra array variable ["TEST"]=>

string(4) "TRUE" would effect my code.

Edited December 13, 2012 by XMLnewbi

[PFMaBiSmAd]

Since any echo statements or php error display won't be seen when your script is requested by the actual event service (I'm assuming you have a html form for testing and that is how you are submitting the test event data), how do you know if or what your code is doing?

 

You need to use one of the following methods to log errors and informational messages -

 

1) Php's error_reporting needs to be E_ALL and log_errors needs to be ON. This will log php detected errors to the server's error log file. You would also need to use trigger_error statements, instead of echo/print statements to send your application error and informational messages to the error log too.

 

By using trigger_error you can easily switch from logging your application errors/messages to displaying them simply by setting php's log_errors/display_errors settings.

 

2) Use error_log to log information to your own log file.

 

3) As a last resort, you could use output buffering in your code to capture all the existing output and write that to a log file using error_log

 

You also need to add error checking logic to every query and database connection so you know if any of them fail due to an error.

Edited December 13, 2012 by PFMaBiSmAd

[PFMaBiSmAd]

The code you have is not validating the submitted request/data. There's even an error in one of the variable names in the validation you do have, so it would never pass anyway. Here's some minimum validation logic you should use before you even make a database connection or touch any of the submitted data -

 

<?php
$log_file = 'some_file_name.txt'; // where to log your own errors/messages

if($_SERVER['REQUEST_METHOD'] != 'POST'){
   // not a post method request
   $message = date('Y-m-d H:i:s') . " - non-post request, from: {$_SERVER['REMOTE_ADDR']}\n";
   error_log($message ,3,$log_file);
   die; // stop processing the request
}

// expected fields
$fields = array("to_address","amount","btc_amount","confirmations","txhash","block","signature");

$errors = array(); // validation errors
foreach($fields as $field){
   if(!isset($_POST[$field])){
       // an expected field is not set
       $errors[] = "$field is not set";
   } else {
       // is set, check for empty
       if(trim($_POST[$field]) == ''){
           // an expected field is empty
           $errors[] = "$field is empty";
       } else {
           // field is set and not empty, depending on how important the data is, perform additional filtering/validation tests here
       }
   }
}

if(!empty($errors)){
   // validation failed
   $message = date('Y-m-d H:i:s') . " - validation failed, from: {$_SERVER['REMOTE_ADDR']}, errors: [".implode('],[',$errors)."]\n";
   error_log($message ,3,$log_file);
   die(); // stop processing the request
}

// if you are at this point an expected post request has been received, test/use the submitted data
$to_address = trim($_POST["to_address"]);
$amount		 = trim($_POST["amount"]);
$btc		    = trim($_POST["btc_amount"]);
$confirmations = trim($_POST["confirmations"]);
$txhash		 = trim($_POST["txhash"]);
$block		  = trim($_POST["block"]);
$sig		    = trim($_POST["signature"]);
$mysig = sha1(
$to_address .
$amount .
$confirmations .
$txhash .
$block .
"abcdefg...."
);

if ($mysig !== $sig){
   // data signature doesn't match
   $message = date('Y-m-d H:i:s') . " - data signature failed, from: {$_SERVER['REMOTE_ADDR']}, data: [".implode('],[',$_POST)."]\n";
   error_log($message ,3,$log_file);
   die(); // stop processing the request
}

// your actual processing code starts here...