[add-on] Subscribing a user via HTTP

3rd party code for phpList

Would you like to see an API for PHPlist?

Yes
51
86%
No
1
2%
Unsure what you mean by 'API'
7
12%
 
Total votes : 59

[add-on] Subscribing a user via HTTP

Postby octech » 6:40pm, Tue 26 Jul, 2005

I would like to be able to set up something to control phplist, preferably through a simple HTTP command. This shouldn't be too hard to to but I can't see that anyone has done it. So I have done a first pass at this (included below) and fully documented it.

The name of the script is LCsub.php and it will be used to remotely subscribe a user to a list. LC stands for "list control". If we can get this to work, it will be trivial to implement LCunsub.php.

I used PHP a lot a year ago, and I am not going to be able to get this working on my own. But I am sure many others could finish this. The script (see below) attempts to login and pass parameters to PHPlist in the background. There may be a simpler approach, but I did not want to directly manipulate the database because then the script might break when the DB is upgraded. Also, it might be necessary to pass parameters to phplist using a 'post' command and it might be necessary to establish a session, things that I don't yet know how to do.

Can anyone help? I designed this for version 2.94; if we can get this working it could be developed into an API for phplist.

-rich


Code: Select all
<?php



/* LCsub.php -- remote List Control via HTTP, subscribe function

   First draft by Rich Cowan, 7/26/05

   I haven't used PHP in a while so this will need some debugging
   to get it working.


THE CONCEPT:

You have a PHPlist installation.  You would like to
be able to issue a simple HTTP command to subscribe
or unsubscribe someone from a list.  To do this,
you will need two php files:

LCsub.php -- will subscribe a user
LCunsub.php -- will unsubscribe a user

Below is just the code for LCsub.


USAGE:

(we assuming list #1, master password is "plist")

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe%40aol.com

Result:
This will subscribe John Doe to the default email list, the list
with an id of 1; note that the '@' sign has been replaced here
by %40 which is needed by most web servers.

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe%40aol.com&lid=2&first=John&last=Doe&state=TX

Result:
This will subscribe John Doe to email list #2, and also add
user data for him, namely John's first name, last name, and
state, which must be set up as phplist attributes for List #2.
We assume (for now) that John is not an existing user.


INSTALLATION AND CONFIGURATION:

Just copy this script to the home directory of phplist, the lists folder.
To make it executable (on Linux), do a 'chmod 755 phplist'

To configure, just replace the values below for settings with the
location of your phplist installation, and a working admin password
for this installation, the names of your attributes, and finally
the default list ID to modify if the enduser does not supply a list ID.

Questions? Feel free to email me, richcowan <at> gmail.com

*/


// GLOBAL VARIABLES
var $u, $p, $domain, $lid;      // configuration settings
var $pwd, $email, $first, $last, $org, $state;   //http parameters
var $tmp;      // temporary

// CONFIGURATION SETTINGS.  Set them up for your host
$lid = 1;                        //lid is the default PHPlist List ID to use
$domain = "mysite.com/lists"
$u = "admin"
$p = "phplist"   
$attr1 = "first"
$attr2 = "last"
$attr3 = "state"

//THE CODE


// 1) Retrieve the password parameter supplied in http request
$pwd = _GET['pwd'];
if ($pwd == 'masterpassword') {     // make sure password matches

// 2) if script password is correct, then retrieve other parameters
$email = _GET['email'];
$attr1 = _GET['$attr1'];
$attr2 = _GET['$attr2'];
$attr3 = _GET['$attr3'];
$tmp = _GET['lid'];
if ($tmp != "") {$lid = $tmp; }   //user may override default list ID

// 3) Now simulate login to phplist
//    Using a 'get' request, might need to be rewritten as a 'post'
$tmp = fopen("http://www.phplist.com/lists/admin.php?login=$u?password=$p");
echo($tmp);    //debug code, ok to remove

// 4) Now we build the string for subscribing
$tmp = "http://$domain/admin/?action=insert&doadd=yes&id=$lid";
$tmp += "&email=$email;
if ($attr1 != "") { $tmp += "&attribute1=$attr1";
if ($attr2 != "") { $tmp += "&attribute2=$attr2";
if ($attr3 != "") { $tmp += "&attribute3=$attr3";
echo($tmp);    //debug code, ok to remove

// 5) Now we issue the subscribe command!
$tmp = fopen($tmp);
echo($tmp);    //debug code, ok to remove


}  // end of if clause

// close the php tag
?>


octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Progress on implementation

Postby octech » 1:42am, Wed 10 Aug, 2005

I spent some time last week on implementing this:

1) I determined that it made sense to use the PHP CURL library to make the calls, in the background, to PHPlist.
2) I was able to get the script to accept a password and then do a login to phplist successfully
3) The problem is that PHP was not staying logged in, i.e. the script will need to somehow cache the phpsessionID or pass it as a hidden variable in order to take subsequent actions, like subscribing a user. Or getting CURL to access the cookie that is set by PHPlist.
4) Though you can login using an HTTP GET request, I am pretty sure that doing a subscription action will require that I use the HTTP POST feature of CURL.

I am looking for assistance and advice on how to move this further. One question is, should I:

a) make a new script that assumes that authentication of the PHPlist system is turned off -- and isstead we will just use the standard feature on our web host to protect the 'admin' folder within phplist. CURL is able to pass the username/password... and it will be easier if we don't have to worry about login to phplist.

b) figure out a way to implement the system using phplist's authentication.

Which is better?

-rich

p.s. I will post the new version of the code in a separate reply.
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Here is version 2.

Postby octech » 1:43am, Wed 10 Aug, 2005

Code: Select all
<?php

/* LCsub.php -- remote List Control via HTTP, subscribe function

   Second draft by Rich Cowan, 8/8/05

   This is much closer...


THE CONCEPT:

You have a PHPlist installation.  You would like to
be able to issue a simple HTTP command to subscribe
or unsubscribe someone from a list.  To do this,
you will need two php files:

LCsub.php -- will subscribe a user
LCunsub.php -- will unsubscribe a user

Below is just the code for LCsub.


USAGE:

(we assuming list #1, master password is "plist")

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe%40aol.com

Result:
This will subscribe John Doe to the email list; note that the
'@' sign has been replaced here by %40 which is needed by most
web servers.

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe@aol.com&first=John&last=Doe&state=TX

Result:
This will subscribe John Doe to the email list, but also add
user data for him, namely John's first name, last name, and
state, which must be set up as phplist attributes for List #2


INSTALLATION AND CONFIGURATION:

Just copy this script to the home directory of phplist, the lists folder.
To make it executable (on Linux), do a 'chmod 755 phplist'

To configure, just replace the values below for settings with the
location of your phplist installation, and a working admin password
for this installation.

Questions? Feel free to email me, richcowan <at> gmail.com

*/


// GLOBAL VARIABLES

// CONFIGURATION SETTINGS.  Set them up for your host
$domain = "mysite.org/lists";
$u = "admin";
$p = "phplist";
$lid = 1;                        //lid is the default PHPlist List ID to use
$masterpassword = "mymasterpassword";

// Attribute names that we are using
$attr1 = "first";
$attr2 = "last";
$attr3 = "state";

//THE CODE

// 1) Retrieve the password parameter supplied in http request
$pwd = $_GET['pwd'];

if ($pwd == $masterpassword) {     // make sure password matches
echo("Master Password was correct.<br>");    //debug code, ok to remove

// 2) if script password is correct, then retrieve other parameters
$email = $_GET['email'];
$attval1 = $_GET['$attr1'];
$attval2 = $_GET['$attr2'];
$attval3 = $_GET['$attr3'];
$tmp = $_GET['lid'];
if ($tmp != '') {$lid = $tmp; }   //user may override default list ID
if ($email == '') {
   echo('You must supply an email address');
    return(0);
}

// 3) Now simulate login to phplist
//    Using a 'get' request; this seems to work using CURL
$httpstring = "http://$domain/admin/?login=$u&password=$p";
$curl = curl_init($httpstring);
echo("login URL was: $httpstring<br>");    //debug code, ok to remove
curl_setopt($curl, CURLOPT_URL, '$httpstring');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$tmp = curl_exec($curl);
echo("result was: $tmp<br>");    //debug code, ok to remove


// 4) Now we build the string for subscribing
//$httpstring = "http://$domain/admin/?page=members&login=$u&password=$p&name=$email&listid=$lid";
//$httpstring = "http://$domain/admin/?page=user&id=0&confirmed=1&subscribe[]=1&subscribe[]=2&email=$email";
$httpstring = "http://$domain/admin/?page=user&id=0&confirmed=1&subscribe%5B%5D=1&subscribe%5B%5D=2&email=$email";

//optionally add attributes avlues
if ($attval1 != '') $httpstring .= "attr1=$attval1";
if ($attval2 != '')  $httpstring .= "attr2=$attval2";
if ($attval3 != '')  $httpstring .= "attr3=$attval3";
echo("action URL is: $httpstring<br>");    //debug code, ok to remove

// 5) Now we issue the subscribe command!
curl_setopt($curl, CURLOPT_URL, $httpstring);    // we are still logged in, we do not reinit
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
// might also went to set CURL to use HTTP post
// but this is not working because we have to set the cookie for PHPsessionid
$tmp = curl_exec($curl);
echo("result was: $tmp<br>");    //debug code, ok to remove

//6) Clean up
curl_close($curl);

}  // end of if clause

else {
echo("Password not supplied.");
}

// close the php tag
?>

octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Postby jotazzu » 11:43pm, Wed 10 Aug, 2005

Hi,
this is a very interesting script you are developing. And as I think many people in the forum are asking for such a feature to incorporate the subscription/unsubscrition as small HTML snippet into their pages. But there is still a problem from the developer side because they ask to include a link to www.phplist.com.

Although I think it might be sufficient to include it into the emails, so that all subscribers get the information about PHPlist. Perhaps you might ask michiel at mantis.tincan.co.uk.

You are asking if to develop the script for the level of admin access implemented in PHPlist or for a level which uses HTTP authentication. I am using HTTP authentication and got the impression that I was nearly the only one. With HTTP auth the import of addresses is impossible if the option 'import emails with different values for attributes' is used. A call to session_start() is missing (changed in 2.9.5). If PHPlist's auth is used this problem does not occur because the call to session_start() is done at another place before. I've found no hints about that import problem in the forum or at the bug system at mantis.tincan.co.uk. So I would recommend to develop for PHPlist's authentication.

Also I think that your approach is the best solution, because you may put it in a iframe or as HTML snippet in a page with other content as well as it is easily adjustable with version upgrades.

As I've took a brief look on the code it seems quite ready. And I think the GET method is ok. This allows about 1000 characters and that should be enough for a subscription.

Hope you will progress with these script,
Jochen
jotazzu
PL Master
 
Posts: 183
Joined: 6:31pm, Wed 13 Jul, 2005
Location: Hamburg, Germany

Postby octech » 12:16am, Thu 11 Aug, 2005

jotazzu,
just so you understand, I am developing this script so that a desktop application (written in Visual Basic) will be able to control subscribing and unsubscribing to PHPlist.
We are dealing with small nonprofits that are processing requests through snail mail in some cases, and therefore it will be preferable to give the small nonprofits the ability to do a single click from their donor database, in which they have already entered the subscribers name and email address.

so using your approach, I will now need to figure out how to maintain PHP session information in CURL. any ideas?
-rich
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Postby rums » 5:53pm, Wed 24 Aug, 2005

Hello Octech,

I too am very interested in your script...have you had any luck progressing past the session persistance issue? Or do you have a new script to post up here?

Thanks!
Rums.
rums
phpList newbie
 
Posts: 1
Joined: 5:51pm, Wed 24 Aug, 2005

Postby michiel » 12:18pm, Thu 25 Aug, 2005

hi octech

that's a great idea, and I'm very interested in what you're doing. Once you feel your code is ready for general use, post an issue in mantis and it can be included in the development process of phplist.
michiel
Admin
 
Posts: 1022
Joined: 10:18pm, Fri 11 Apr, 2003
Location: Buenos Aires, Argentina

Postby octech » 6:37pm, Sat 22 Oct, 2005

hi Michiel --
I would be happy to do some more work on this code... however it kind of makes sense to check in with you first. In the meantime I am busy working on the next release of OrganizersDB (www.organizersdb.org) which I hope to integrate with PHPlist.

Also... are you thinking of attending the first UK conference of nonprofit technology "circuit riders" which I believe is in November in London?

My questions:

a) in the 2.10.x releases, are there any changes I should know about?
b) what are you future plans for modularization of the code?
c) would it be possible for you to add dates to the releases in your web site? It is kind of wierd looking at release notes or download links that have no mention of the date of release.

Thanks for your work on this!

-rich
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Postby michiel » 12:58pm, Mon 24 Oct, 2005

octech wrote:hi Michiel --
I would be happy to do some more work on this code... however it kind of makes sense to check in with you first. In the meantime I am busy working on the next release of OrganizersDB (www.organizersdb.org) which I hope to integrate with PHPlist.

It's probably best to discuss these things on the developers list. http://tincan.co.uk/?lid=878
Also... are you thinking of attending the first UK conference of nonprofit technology "circuit riders" which I believe is in November in London?

I may be in London around that time, so who knows, I could. Do you have more details? URL?

My questions:

a) in the 2.10.x releases, are there any changes I should know about?

quite a lot has changed, unless you used the 2.9 versions in which case not that much.
b) what are you future plans for modularization of the code?

I would like to improve the plugin API stuff, but currently have no time for that.
c) would it be possible for you to add dates to the releases in your web site? It is kind of wierd looking at release notes or download links that have no mention of the date of release.

Good idea, I'll do that. You can also get dates from the download page. http://sourceforge.net/project/showfile ... p_id=91074

-rich[/quote]
michiel
Admin
 
Posts: 1022
Joined: 10:18pm, Fri 11 Apr, 2003
Location: Buenos Aires, Argentina

Postby octech » 2:50am, Wed 26 Oct, 2005

Michiel --
the conference is Nov. 7-8.
For more information, go to www.lasa.org.uk/crconference.
-rich
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Whats the status of the skript?

Postby flamev » 3:09pm, Thu 27 Oct, 2005

Could i usw the 2nd Script or won`t work it? I am very interrested in this both skripts too.

Good Look!
flamev
phpList newbie
 
Posts: 2
Joined: 3:07pm, Thu 27 Oct, 2005

Postby octech » 1:20pm, Fri 04 Nov, 2005

I will be busy with other programming projects for the next month or two, so I am hoping that someone else can take what I have started and finish it. It might be good to start a thread on the Developers list as Michiel suggested because then there will be more technical people reading who help get around any roadblocks.

-rich
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Yep Me Too

Postby aparsons » 9:43am, Fri 16 Dec, 2005

The ability to add a user directly to a list from your own form, via a pgp program, is just what I am looking for. At present I use aformmail.pgp which picks up the form data, checks it, produces error messages if needed and then sends me an email, the user an email and writes to a .csv file.
This all works pretty well and gives messages in the right place etc. All I need to complete my happiness is to write the information directly to the list. I and a lot of others it seems. Am new to phplist and am sure it will work very well for me.

My application is much the same as most, it collects first name, last name and email from a form on my webpage so I can send out newsletters.

Thanks for all the great contributions on the forum. Great work octech - is it usable? Will try it out.
aparsons
phpList newbie
 
Posts: 1
Joined: 8:43am, Fri 16 Dec, 2005

Postby octech » 2:15pm, Fri 16 Dec, 2005

Hey there -- the script is not yet finished. Using the script I was able to simulate an HTTP post command successfully and do part of the work needed to subscribe someone. But it did not work because I also need to save the php session ID and pass that parameter in just one or two successive POST commands.

It should still be possible to use the CURL library to do this.

This is my current understanding of the problem.

I am sure there are people out there with the time and skill to complete the last 25% of the work here! maybe you are the person?
octech
PL Nut
 
Posts: 17
Joined: 7:06pm, Tue 12 Jul, 2005

Working Subscribe Script

Postby jesseheap » 12:12am, Mon 02 Jan, 2006

I took Rich's code and took a slightly different approach to enabling a user subscribe over HTTP. Instead of requiring a login, I've changed the code to simulate a post against the default subscribe page. This approach gets around the authentication issue with cURL. (I would imagine there is a way to properly authenticate with cURL, but I'm not that familiar with the library)

This was useful for me since I needed to integrate an existing user form with PHPList. And, as was said earlier, it doesn't require direct access to the database - so theortically there is less chance this will break with newer PHPList versions.

Code: Select all
<?php

/* LCsub.php --

Purpose: Remote List Control via HTTP, subscribe function
Original Author: Rich Cowan, 8/8/05
Modified by: Jesse Heap 1/1/2006

Details:
With PHPList installed this procedure can be use to
subscribe a user using the HTTP command.  The procedure works
by simulating a POST to the default subscribe page.  It requires
the CURL PHP library.

LCsub.php -- will subscribe a user

USAGE:

(we assuming list #1, master password is "plist")

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe%40aol.com

Result:
This will subscribe John Doe to the email list; note that the
'@' sign has been replaced here by %40 which is needed by most
web servers.

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe@aol.com&attribute1=John&attribute2=Doe&attribute3=TX

Result:
This will subscribe John Doe to the email list, but also add
user data for him, namely John's first name, last name, and
state, which must be set up as phplist attributes for List #2


INSTALLATION AND CONFIGURATION:

Just copy this script to the home directory of phplist, the lists folder.
To make it executable (on Linux), do a 'chmod 755 phplist'

To configure, just replace the values below for settings with the
location of your phplist installation, and a working admin password
for this installation.

Questions? Feel free to email me, richcowan <at> gmail.com

*/


// GLOBAL VARIABLES

// CONFIGURATION SETTINGS.  Set them up for your host
$domain = "http://www.yourdomain.com/lists/";
$lid = 1;                        //lid is the default PHPlist List ID to use
$masterpassword = "YourPassword";    //Master password prevents unauthorized calls to script

// CODE

// 1) Retrieve the password parameter supplied in http request
$pwd = $_GET['pwd'];

if ($pwd == $masterpassword) {     // make sure password matches
echo("Master Password was correct.<br>");    //debug code, ok to remove

// 2) if script password is correct, then retrieve other parameters
   $ary = explode('&', $_SERVER['QUERY_STRING']);
   $i = 0;
      $post_data = array();
   while ($i < count($ary)) {
      $getArray = split('=', $ary[$i]);   
       // Set each GET value pair to the post_data associative array in preparation for the POST
      if (strcasecmp(urldecode($getArray[0]),'pwd')!=0) { // Ignore PWD parameter - not needed for POST
         $post_data[urldecode($getArray[0])] = urldecode($getArray[1]);
      }
      $i++;
   }
// Set email
$email = $post_data['email'];
$tmp = $_GET['lid'];
if ($tmp != '') {$lid = $tmp; }   //user may override default list ID
if ($email == '') {
   echo('You must supply an email address');
    return(0);
}
// Add additional post data required by form
   $post_data["emailconfirm"] = $email;
   $post_data["htmlemail"] = "1";
   $post_data["list[$lid]"] = "signup";
   $post_data["listname[$lid]"] = "test";
   $post_data["subscribe"] = "Subscribe";
   $url = $domain . "?p=subscribe";

   $ch = curl_init();
   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_HEADER, 0);
   curl_setopt($ch, CURLOPT_URL, $url);   
   curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   $result = curl_exec($ch);
   //echo("Result was: $result<br>");
//6) Clean up
curl_close($ch);

}  // end of if clause

else {
echo("Password not supplied.");
}

// close the php tag
?>
[/code]
jesseheap
phpLister
 
Posts: 10
Joined: 11:59pm, Sun 01 Jan, 2006

Next

Return to Contributions: Plug-ins, Add-ons, Mods

Who is online

Users browsing this forum: No registered users and 2 guests