Jump to content

Recommended Posts

Hi,

 

Ive been trying to come up with a simple solution.

I run a scheduled task every 1 minute, it checks for a certain message in a MySQL DB.

If the message is there then i need to access a link such as:

 

https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=xxxx@xxxx.com&account=xxxxxxxx&xxxxxxxx&recipient=447800000000&body=This is the SMS to be sent&plaintext=1

 

This essentially sends an SMS to a user.

both the recipient and the body need to be a variable.

 

Is there a way then to get PHP to load/run the link without actually opening a browser?

 

ive been trying to check out allow_url_fopen but i cant seem to find any examples of how this works.

Any info or pointers would be great thanks.

Link to comment
https://forums.phpfreaks.com/topic/289304-run-a-url-then-close-is-it-possible/
Share on other sites

file_get_contents is the simplest. Just treat the URL like a file - PHP abstracts away those kinds of details.

 

allow_url_fopen is the setting that allows you to do things like this. It's generally on, but if it's off then you'll have to find a non-PHP solution.

 

[edit] For some reason I thought cURL (the alternat-- no wait, the alternative) needed that setting. It doesn't. However I still think file_get_contents() is fine because you should be validating user input anyways, especially if it has to do with file access, and IMO the benefits outweighs the risks. But yeah, cURL is fine too.

Edited by requinix

Please don't do this.

 

Turning on allow_url_fopen means that PHP no longer distinguishes between local files which reside on your server and remote files which reside somewhere on the Internet. Depending on your PHP version and settings, PHP will even run remote files on your server if asked for it.

 

Anybody with a little bit of fantasy should be able to imagine why this is an incredibly bad idea. Or just read the Wikipedia article on Remote File Inclusion vulnerabilities. From all security risks you're facing as a web developer, I'd say this is pretty much the worst one.

 

Well, the PHP developers obviously didn't find this insecure enough, so as a bonus, they turned off SSL certificate verification by default. In other words, PHP will send the sensitive data to anybody who asks for it.

 

So just don't do it. Use cURL. It's the de-facto standard for making HTTP requests from an application and was written by people who actually know a bit about security.

 

 

Hi guys,
 
many thanks for the inputs, i have made some progress
 

Below this now loads the page and triggers the SMS that i wanted.

$homepage = file_get_contents('https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=myusername&account=%%%%%%%&password=password&recipient=353871111111&body=test&plaintext=1
');

However i want to replace the recipient from 353871111111 to a variable $_SMS but it doesnt recognise it as a variable.

Is there a way to pass a variable into the URL using file_get_contents?

 

 

Thanks

P

Variables aren't parsed inside single quotes. You need to use double quotes or break out of the single quotes:

$_SMS  = '353871111111';
$homepage = file_get_contents('https://www.somedomain.com/secure/messenger/formpost/SendSMS.aspx?username=myusername&account=%%%%%%%&password=password&recipient='.$_SMS.'&body=test&plaintext=1
');
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.