PHP Help Needed!!

ragavbpl1 · Feb 1, 2010

Hello All,

I am building a free sms sending website. And API codes have been provided to me by the sms providing company.

Now the problem is that the form I built to send the Destination Mobile Number and Message also needs to send the username and password of the account to the server to which account the company has alloted sms credits.

The following is the sample code I used in the html file to POST the data to the server:-
Code:
<form action="hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose" method="post">

Number:<inputtype="text" name="receipientno" />
Message:<inputtype="text" name="msgtxt" />
<inputtype="hidden" name="user" value="USERNAME:PASSWORD" />
<inputtype="hidden" name="senderID" value="mVaayoo" />
<inputtype="hidden" name="state" value="0" />
<inputtype="submit" />
</form>
Now the problem is when some one will click on view source option, they'll be able to see the username and password.
So is there any method through which I can silently send this crucial details secretly without bringing it to the notice of normal user.
Is there any other way to send this perticular data?

A quick help would really be appreciated...

Thank you all in advance

bennelsworth · Feb 1, 2010

Post the form to a php page, then have the php page post to the api using curl.

Example curl script:

PHP:

// load the post data here
$curl_post_array = array(
	"receipientno" => $_POST['receipientno'],
	"msgtxt" => $_POST['msgtxt'],
	"senderID" => "mVaayoo",
	"state" => "0"
);

$ch = curl_init("hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $curl_post_array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
echo curl_exec($ch);

delboy · Feb 1, 2010

Hum, you could use a php include, something like the below may work, not tested it..

Main Form (index.php)

PHP:

<form action="hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose" method="post">
 <?php include('data.php'); ?>
</form>

The Data Form (data.php)

PHP:

Number:<inputtype="text" name="receipientno" />
Message:<inputtype="text" name="msgtxt" />
<inputtype="hidden" name="user" value="USERNAME:PASSWORD" />
<inputtype="hidden" name="senderID" value="mVaayoo" />
<inputtype="hidden" name="state" value="0" />
<inputtype="submit" />

Mr Happy · Feb 1, 2010

delboy said:

Hum, you could use a php include, something like the below may work, not tested it..

Main Form (index.php)

PHP:

<form action="hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose" method="post">
 <?php include('data.php'); ?>
</form>

The Data Form (data.php)

PHP:

Number:<inputtype="text" name="receipientno" />
Message:<inputtype="text" name="msgtxt" />
<inputtype="hidden" name="user" value="USERNAME:PASSWORD" />
<inputtype="hidden" name="senderID" value="mVaayoo" />
<inputtype="hidden" name="state" value="0" />
<inputtype="submit" />

Won't work as once it's included you'll still be able to see the info. Same way when you include a header into a index you can see the header info etc.

bennelsworth idea above will work.

uzonigor · Feb 1, 2010

ragavbpl1 said:
Hello All,

I am building a free sms sending website. And API codes have been provided to me by the sms providing company.

Now the problem is that the form I built to send the Destination Mobile Number and Message also needs to send the username and password of the account to the server to which account the company has alloted sms credits.

The following is the sample code I used in the html file to POST the data to the server:-
Code:
<form action="hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose" method="post">

Number:<inputtype="text" name="receipientno" />
Message:<inputtype="text" name="msgtxt" />
<inputtype="hidden" name="user" value="USERNAME:PASSWORD" />
<inputtype="hidden" name="senderID" value="mVaayoo" />
<inputtype="hidden" name="state" value="0" />
<inputtype="submit" />
</form>
Now the problem is when some one will click on view source option, they'll be able to see the username and password.
So is there any method through which I can silently send this crucial details secretly without bringing it to the notice of normal user.
Is there any other way to send this perticular data?

A quick help would really be appreciated...

Thank you all in advance

whoaaa nice..

ragavbpl1 · Feb 1, 2010

bennelsworth said:

Post the form to a php page, then have the php page post to the api using curl.

Example curl script:

PHP:

// load the post data here
$curl_post_array = array(
    "receipientno" => $_POST['receipientno'],
    "msgtxt" => $_POST['msgtxt'],
    "senderID" => "mVaayoo",
    "state" => "0"
);

$ch = curl_init("hxxp://api.mVaayoo.com/mvaayooapi/MessageCompose");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $curl_post_array);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
echo curl_exec($ch);

Your idea seems promising, but the problem is I do not know anything about cURL. Can you explain in detail how to use it. Can you just make a full example code including the index page and the corresponding cURL page. And also I can not see any thing as username and password posted in your cURL coding. Please explain me a bit more about all this method.

Mr Happy said:
Won't work as once it's included you'll still be able to see the info. Same way when you include a header into a index you can see the header info etc.

bennelsworth idea above will work.

Yes I too have the same point.

uzonigor said:
whoaaa nice..

Bro Please do not spam in here.

Thank you all for your replies.

bennelsworth · Feb 1, 2010

Firstly, check if you have curl...

PHP:

<?php
php_info();
?>

Look for a section called curl, and maybe the line

cURL support enabled

If you can't find it then say which OS you're on (vps/dedi), or if you're using shared hosting.

litewarez · Feb 1, 2010

just do

PHP:

<?php

if(function_exists('curl_init')){
   //do stuff
}else{
  //use other method
}

?>

delboy · Feb 2, 2010

Mr Happy said:
Won't work as once it's included you'll still be able to see the info. Same way when you include a header into a index you can see the header info etc.

bennelsworth idea above will work.

Yep as you say it would show the information, it would appear I didnâ€™t think it thought properly before posting lol

a temporary solution may be to encrypt the files, e.g. PHP Obfuscator, ioncube or something, although not being a proper solution.. It would work temporarily, and would keep the information away from newbieâ€™s, obviously someone with enough knowledge and enough effort could decrypt the code.

bennelsworth · Feb 2, 2010

That wouldnt work either, the html source sent to the client wouldnt be encrypted, and it cant be anyway for the form to work properly.

PHP Help Needed!!

ragavbpl1

Active Member

bennelsworth

Active Member

delboy

Banned

Mr Happy

Active Member

uzonigor

Active Member

ragavbpl1

Active Member

bennelsworth

Active Member

litewarez

Active Member

delboy

Banned

bennelsworth

Active Member