integrating SMS gateway
- pranaydhruv
- OFFLINE
-
Elite Member
- Posts: 316
- Thanks: 8
- Karma: 1
8 years 4 months ago #275815
by pranaydhruv
integrating SMS gateway was created by pranaydhruv
Hello Team,
I am trying to integrate an SMS gate way into my website, and the workflow is as follows :-
1) user hits a button which says verify my phone number ( a script runs and they get a random code on their phone number as sms.
2) The user gets directed to an article where there is a bunch of code which inserts the random code sent to user in their user row in comprofiler table in a column named cb_phoneverificationcode.in this page / article they also see an input box to enter the code they received as sms. and hit submit.
3) The user is directed to a page / article where a sql query insert the submitted post data into a new column in their user row in a new column named cb_userinputphonecode, and another query retrieves the data stored in both the 2 columns / fields cb_phoneverificationcode & cb_userinputphonecode and finally there is an IF statement which compares these 2 values and if they match displays success and if not then user retries.
<?php
//calling CB framework to get user profile values in this case Userid.
Global $_CB_framework;
$myId = $_CB_framework->myId();
$cbUser =& CBuser::getInstance( $myId );
if ( ! $cbUser ) {
$cbUser =& CBuser::getInstance( null );
}
$user =& $cbUser->getUserData();
echo $myId;
if(isset($_POST)){
$verificationcode = $_POST["veficationcode"];
echo "Post".$verificationcode;
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$connect = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$connect) {
die("Connection failed: " . mysqli_connect_error());
}
//input user code in db
$sql2 = "UPDATE t4qcm_comprofiler SET cb_userinputphonecode ='$verificationcode' WHERE id = $myId";
if ($connect->query($sql2) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql2 . "<br>" . $connect->error;
}
//select the data from the database for random code input into database
$query = "SELECT cb_userinputphonecode,cb_phoneverificationcode FROM t4qcm_comprofiler WHERE id='$myId'";
//select the data from the database for user code input into database
//$query = "SELECT `cb_userinputphonecode` FROM `t4qcm_comprofiler` WHERE `id`= $myId";
if ($result = mysqli_query($connect,$query)) {
while($row = mysqli_fetch_assoc($result))
echo $row;
}
var_dump($row);
var_dump($row);
if($row == $row){ echo "SUCCESS!!! With values - User Input : ".$row." And Phone Verification : ".$row; }else{ echo "verification code mismatch. Please try again"; }
print_r(mysqli_fetch_assoc($result));
$connect->close();
}
?>
The issue is that even when the user inputs a wrong value it still shows success , i did a var_dump and that displays null for both fields but echo displays thir db values and so does their front end profile.
*//
[/code]
I am trying to integrate an SMS gate way into my website, and the workflow is as follows :-
1) user hits a button which says verify my phone number ( a script runs and they get a random code on their phone number as sms.
2) The user gets directed to an article where there is a bunch of code which inserts the random code sent to user in their user row in comprofiler table in a column named cb_phoneverificationcode.in this page / article they also see an input box to enter the code they received as sms. and hit submit.
//*
<html>
<head>
</head>
<body>
<form id="sms2" name="sms2" method="POST" action="index.php?option=com_content&view=article&id=83&Itemid=654">
<table width= "400">
<tr>
<td align="right" valign="top">Verification Code:</td>
<td align="left"><input type="textarea" name="veficationcode" cols="82" rows="5" id="veficationcode"></textarea></td>
</tr>
<tr>
<td colspan="4" align="right"><input type="submit" name= "submit" value="submit"/>
</td>
</tr>
</table>
</form>
</body>
</html>
{source}
<?php
$phverf= rand();//stores the value of rand function in phverf variable
echo "$phverf" . "\n"; // echo this just to check...when users inputs the random number received on sms
Global $_CB_framework;
$myId = $_CB_framework->myId();
$cbUser =& CBuser::getInstance( $myId );
if ( ! $cbUser ) {
$cbUser =& CBuser::getInstance( null );
}
$user =& $cbUser->getUserData();
Echo $myId;
$firstname = $cbUser->getField('firstname');
echo $firstname;
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE t4qcm_comprofiler SET cb_phoneverificationcode ='$phverf'
WHERE id = $myId";
if ($conn->query($sql) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>3) The user is directed to a page / article where a sql query insert the submitted post data into a new column in their user row in a new column named cb_userinputphonecode, and another query retrieves the data stored in both the 2 columns / fields cb_phoneverificationcode & cb_userinputphonecode and finally there is an IF statement which compares these 2 values and if they match displays success and if not then user retries.
<?php
//calling CB framework to get user profile values in this case Userid.
Global $_CB_framework;
$myId = $_CB_framework->myId();
$cbUser =& CBuser::getInstance( $myId );
if ( ! $cbUser ) {
$cbUser =& CBuser::getInstance( null );
}
$user =& $cbUser->getUserData();
echo $myId;
if(isset($_POST)){
$verificationcode = $_POST["veficationcode"];
echo "Post".$verificationcode;
$servername = "";
$username = "";
$password = "";
$dbname = "";
// Create connection
$connect = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$connect) {
die("Connection failed: " . mysqli_connect_error());
}
//input user code in db
$sql2 = "UPDATE t4qcm_comprofiler SET cb_userinputphonecode ='$verificationcode' WHERE id = $myId";
if ($connect->query($sql2) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql2 . "<br>" . $connect->error;
}
//select the data from the database for random code input into database
$query = "SELECT cb_userinputphonecode,cb_phoneverificationcode FROM t4qcm_comprofiler WHERE id='$myId'";
//select the data from the database for user code input into database
//$query = "SELECT `cb_userinputphonecode` FROM `t4qcm_comprofiler` WHERE `id`= $myId";
if ($result = mysqli_query($connect,$query)) {
while($row = mysqli_fetch_assoc($result))
echo $row;
}
var_dump($row);
var_dump($row);
if($row == $row){ echo "SUCCESS!!! With values - User Input : ".$row." And Phone Verification : ".$row; }else{ echo "verification code mismatch. Please try again"; }
print_r(mysqli_fetch_assoc($result));
$connect->close();
}
?>
The issue is that even when the user inputs a wrong value it still shows success , i did a var_dump and that displays null for both fields but echo displays thir db values and so does their front end profile.
*//
[/code]
Please Log in to join the conversation.
krileon
Team Member- ONLINE
- Posts: 68563
- Thanks: 9098
- Karma: 1434
8 years 4 months ago #275827
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic integrating SMS gateway
It's hard to read without the code tag, but it looks like you're comparing $row to $row. So you're comparing it to it self which is why it's always going to be true.
I'm not sure why you're using a PHP file though. You can do this with CB Auto Actions by leaving Triggers as None then posting to the direct URL of that action. You can then use substitutions to grab your post value (e.g. [post_veficationcode]) in a Field action to insert it into their profile. Alternatively a Query action can be used and you don't need to deal with any of the PHP of connecting to a database or a Code action if you want to directly use PHP while being able to utilize Joomla and CB APIs.
I'm not sure why you're using a PHP file though. You can do this with CB Auto Actions by leaving Triggers as None then posting to the direct URL of that action. You can then use substitutions to grab your post value (e.g. [post_veficationcode]) in a Field action to insert it into their profile. Alternatively a Query action can be used and you don't need to deal with any of the PHP of connecting to a database or a Code action if you want to directly use PHP while being able to utilize Joomla and CB APIs.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- pranaydhruv
- OFFLINE
-
Elite Member
- Posts: 316
- Thanks: 8
- Karma: 1
8 years 4 months ago - 8 years 4 months ago #275828
by pranaydhruv
Replied by pranaydhruv on topic integrating SMS gateway
Hello Kyle, not sure why in first time it didn't display the column names inside the $row variable. its not comparing $row to $row but values of $row to each other.
BTW- there is other stuff also running in the code , like a random function generating random numbers which are inserted into users row in the cb_phoneverificationcode column / field. And also the SMS gateway's code that needs to run out of php file / or an article to send the same number genegated as an sms to use which i have not mentioned here just to make it less complicated.
Thanks
Pranay
var_dump($row['cb_phoneverificationcode']);
var_dump($row['cb_userinputphonecode']);
if($row['cb_userinputphonecode'] == $row['cb_phoneverificationcode']){ echo "SUCCESS!!! With values - User Input : ".$row['cb_userinputphonecode']." And Phone Verification : ".$row['cb_phoneverificationcode']; }else{ echo "verification code mismatch. Please try again"; }
print_r(mysqli_fetch_assoc($result));
$connect->close();
}
?>BTW- there is other stuff also running in the code , like a random function generating random numbers which are inserted into users row in the cb_phoneverificationcode column / field. And also the SMS gateway's code that needs to run out of php file / or an article to send the same number genegated as an sms to use which i have not mentioned here just to make it less complicated.
Thanks
Pranay
Last edit: 8 years 4 months ago by pranaydhruv.
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68563
- Thanks: 9098
- Karma: 1434
8 years 4 months ago #275834
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic integrating SMS gateway
Your code is hard to read and your previous post has scrambled it as it's not in a proper code tag. So I've no idea what's going on above your IF check. In addition to that your SQL for inserting into the database the verification code ($verificationcode) is doing so directly from POST with zero sanitizing. What this means is you've created an SQL injection vulnerability that can easily be abused to hijack your site (e.g. user make themselves Super Users with an injected query then do whatever they want).
CB Auto Actions forces basic sanity checks on input data to avoid vulnerabilities in addition to format functions that can be used to apply cleaning to user data to further secure it. You may want to consult with a contract developer and have them help you as your code isn't secure.
Please understand we do not provide support for custom coding. Our support extends to our products and direct usage of those products. I can't help you write, fix, or otherwise custom code.
CB Auto Actions forces basic sanity checks on input data to avoid vulnerabilities in addition to format functions that can be used to apply cleaning to user data to further secure it. You may want to consult with a contract developer and have them help you as your code isn't secure.
Please understand we do not provide support for custom coding. Our support extends to our products and direct usage of those products. I can't help you write, fix, or otherwise custom code.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- pranaydhruv
- OFFLINE
-
Elite Member
- Posts: 316
- Thanks: 8
- Karma: 1
8 years 4 months ago #275845
by pranaydhruv
Replied by pranaydhruv on topic integrating SMS gateway
hello kyle,
since there is no out of the box plugin with cb that can integrate an SMS gateway it will have to be a custom code . And since i have chosen Community builder , and i am using the Cb api and Comprofiler db table i thought maybe you can point in the right direction. but if its not permitted its fine i will seek help someplace else . Thanks for your time.
Thanks
Pranay
since there is no out of the box plugin with cb that can integrate an SMS gateway it will have to be a custom code . And since i have chosen Community builder , and i am using the Cb api and Comprofiler db table i thought maybe you can point in the right direction. but if its not permitted its fine i will seek help someplace else . Thanks for your time.
Thanks
Pranay
Please Log in to join the conversation.
- krileon
- Team Member
- ONLINE
- Posts: 68563
- Thanks: 9098
- Karma: 1434
8 years 4 months ago #275849
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic integrating SMS gateway
Your PHP file is outside the scope of Joomla and has no access to Joomla or CB API. If using a Code action then it's executed inside of Joomla inside of CB, which gives you access to both APIs. The code snippets provided are also unreadable. So the advise I can provide is extremely limited.
The only CB usage in your code is direct update to _comprofiler and usage of CBuser which probably won't work because it's outside the scope. Updating a field value from user object is also preferable to direct database changes. The below for example is the best way to do that. Inside of Joomla scope you also do not need to directly connect to the database as both Joomla and CB database API handles that.
$user->storeDatabaseValue( 'FIELD_NAME', VALUE );
The third variable toggles profile update trigger usage (default true). You still need to do sanity checks and cleaning on the user input though.
The only CB usage in your code is direct update to _comprofiler and usage of CBuser which probably won't work because it's outside the scope. Updating a field value from user object is also preferable to direct database changes. The below for example is the best way to do that. Inside of Joomla scope you also do not need to directly connect to the database as both Joomla and CB database API handles that.
$user->storeDatabaseValue( 'FIELD_NAME', VALUE );
The third variable toggles profile update trigger usage (default true). You still need to do sanity checks and cleaning on the user input though.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.940 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- integrating SMS gateway