A couple CURL questions (Security concern, Controlling outputted log info)

[maexus]

So, I wrote a little script that runs on a cron job and checks the atom feed of my gmail account ever 30 minutes. Checks to see if any of the emails are younger than 30 minutes. Any email that new is sent through a function.

 

I have a few concerns here.

 

Security comes to mind. I want to keep this a one file solution, which means I need to put my gmail and twitter un/pwd in the code. This makes me extremely nervious leaving my gmail account wide open like that. I'll post the code after addressing the second point. Is there something I can do to avoid this?

 

The second issue is, I need a better way of documenting what's going on. I have turned on CURLOPT_VERBOSE, which I believe is the server header information that is sent/returned. This is very helpful but it would be great if I could store it in a variable. It would let me customize how the cron job log looks. Is this possible?

 

Here is the code:

 

<?php
//1800 seconds is 30 minutes. You need to match this with the number of seconds of your cron intervals
$currentTime = time() - 1800;

//The credentials to make this all work
define("TWITTER_USERNAME","twitterUN");
define("TWITTER_PASSWORD","twitterPW");
define("GMAIL_USERNAME","gmailUN");
define("GMAIL_PASSWORD","gmailPW");

//proxy settings, check with your host to see if these are required
define("REQUIRES_PROXY",1);
define("PROXY_URL", "http://proxy.shr.secureserver.net");
define("PROXY_PORT","3128");

//no need to touch these
define("TWITTER_API_URL","http://twitter.com/statuses/update.xml?status=");
define("GMAIL_API_URL","https://mail.google.com/mail/feed/atom");

//this is all the dirty work and doesn't need to be touched
function postNotification($message){
$c = curl_init();
curl_setopt($c, CURLOPT_URL, TWITTER_API_URL.urlencode(stripslashes(urldecode($message))));
curl_setopt($c, CURLOPT_USERPWD, TWITTER_USERNAME.":".TWITTER_PASSWORD);
curl_setopt($c, CURLOPT_VERBOSE, 1);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($c, CURLOPT_POST, 1);

$exec = curl_exec($c);
$exec_array = curl_getinfo($c);

curl_close($c);

if($exec_array['http_code'] == "200"){
	echo "Everything went to plan";
}else{
	echo "Something fucked up";
}
}

$gmailCurl = curl_init();
curl_setopt($gmailCurl, CURLOPT_URL, GMAIL_API_URL);
curl_setopt($gmailCurl, CURLOPT_USERPWD, GMAIL_USERNAME.":".GMAIL_PASSWORD);
curl_setopt($gmailCurl, CURLOPT_VERBOSE, 1);
curl_setopt($gmailCurl, CURLOPT_RETURNTRANSFER, 1);

if(REQUIRES_PROXY == TRUE){
curl_setopt ($gmailCurl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
curl_setopt ($gmailCurl, CURLOPT_PROXY,PROXY_URL.":".PROXY_PORT);
curl_setopt ($gmailCurl, CURLOPT_SSL_VERIFYPEER, 0);
}

$gmailXml = curl_exec($gmailCurl);
curl_close($gmailCurl);

$emails = new SimpleXMLElement($gmailXml);

foreach($emails->entry as $email){
$emailTimestamp = strtotime($email->issued);
if($emailTimestamp > $currentTime){
	postNotification($email->summary);
}
}
?>