Run a URL then Close (is it possible?)

[dark_destroyer]

Hi,

 

Ive been trying to come up with a simple solution.

I run a scheduled task every 1 minute, it checks for a certain message in a MySQL DB.

If the message is there then i need to access a link such as:

 

https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=xxxx@xxxx.com&account=xxxxxxxx&xxxxxxxx&recipient=447800000000&body=This is the SMS to be sent&plaintext=1

 

This essentially sends an SMS to a user.

both the recipient and the body need to be a variable.

 

Is there a way then to get PHP to load/run the link without actually opening a browser?

 

ive been trying to check out allow_url_fopen but i cant seem to find any examples of how this works.

Any info or pointers would be great thanks.

[requinix]

file_get_contents is the simplest. Just treat the URL like a file - PHP abstracts away those kinds of details.

 

allow_url_fopen is the setting that allows you to do things like this. It's generally on, but if it's off then you'll have to find a non-PHP solution.

 

[edit] For some reason I thought cURL (the alternat-- no wait, the alternative) needed that setting. It doesn't. However I still think file_get_contents() is fine because you should be validating user input anyways, especially if it has to do with file access, and IMO the benefits outweighs the risks. But yeah, cURL is fine too.

Edited June 28, 2014 by requinix

[Jacques1]

Please don't do this.

 

Turning on allow_url_fopen means that PHP no longer distinguishes between local files which reside on your server and remote files which reside somewhere on the Internet. Depending on your PHP version and settings, PHP will even run remote files on your server if asked for it.

 

Anybody with a little bit of fantasy should be able to imagine why this is an incredibly bad idea. Or just read the Wikipedia article on Remote File Inclusion vulnerabilities. From all security risks you're facing as a web developer, I'd say this is pretty much the worst one.

 

Well, the PHP developers obviously didn't find this insecure enough, so as a bonus, they turned off SSL certificate verification by default. In other words, PHP will send the sensitive data to anybody who asks for it.

 

So just don't do it. Use cURL. It's the de-facto standard for making HTTP requests from an application and was written by people who actually know a bit about security.

 

 

[dark_destroyer]

Hi guys,

 

many thanks for the inputs, i have made some progress

 

Below this now loads the page and triggers the SMS that i wanted.

$homepage = file_get_contents('https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=myusername&account=%%%%%%%&password=password&recipient=353871111111&body=test&plaintext=1
');

However i want to replace the recipient from 353871111111 to a variable $_SMS but it doesnt recognise it as a variable.

Is there a way to pass a variable into the URL using file_get_contents?

 

 

Thanks

P

[.josh]

Variables aren't parsed inside single quotes. You need to use double quotes or break out of the single quotes:

$_SMS  = '353871111111';
$homepage = file_get_contents('https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=myusername&account=%%%%%%%&password=password&recipient='.$_SMS.'&body=test&plaintext=1
');

[dark_destroyer]

Thanks Guys,

 

Really helped!

[Jacques1]

And now it might be a good idea to read my reply as well.