[octech]

Jesse -- thanks for the nice New Year's present!

I will take a closer look at your script by installing it in the next few days... Also our board member Greg wants to take a good look at this as he is going to be working with our new PHPlist installation.

I would like to add some documentation to go along with this, then create the complementary LC_unsub script, maybe even add an LC_changeemail script, etc.

I take it that your approach of retrieving and then reconstructing the list of HTTP parameters will solve the sessionID issue I was having? I figured it was something pretty basic but I do not do HTTP hacking so I didn't know how to do this.

Thanks so much for this.
FYI I am hoping to distribute this code along with a GPL'd desktop software program we provide to nonprofits, so that the desktop software can be integrated with PHPlist. (see www.sourceforge.net/projects/organizersdb)

-rich

[jesseheap]

Rich,

Glad I could help out.

I take it that your approach of retrieving and then reconstructing the list of HTTP parameters will solve the sessionID issue I was having? I figured it was something pretty basic but I do not do HTTP hacking so I didn't know how to do this.

My approach doesn't require a sessionID since I'm simulating a post using the default subscribe page that users have access too. This approach doesn't require admin access and hence no session state needs to be maintained.

So I didn't really solve your issue - it's more of a workaround.

[octech]

Jesse --

does this mean that the user will be subscribed, or that they will receive a confirmation email that they need to click on to subscribe?

I am interested in going all the way with this so that I can actually subscribe someone without confirmation. In my case we are receiving a slip of paper in which the user indicates they want to be on the list by checking the appropriate box.

In my experience, since we are dealing with technically unsophisticated users much of the time, we will only get about 50% of the people actually subscribing if we force them to go through another step to subscribe.

Thus I am still wondering, would the approach you have used actually take care of the phpSessionID issue?

-rich

[jesseheap]

No they would still need to receive a confirmation email with my approach.

But you are in luck - I added the necessary code to bypass the confirmation email. The changes are as follows:

1. Use CURLOPT_COOKIEFILE command to enable cookie parser which retains the cookie (i.e Session) set when the admin logs in.
2. Added makeconfirmed as a post parameter. When this parameter is set to 1 it will automatically confirm the user without sending out admin email.

Here it is:

Code: Select all

<?php

/* LCsub.php --

Purpose: Remote List Control via HTTP, subscribe function
Original Author: Rich Cowan, 8/8/05
Modified by: Jesse Heap 1/3/2006


Details:
With PHPList installed this procedure can be use to
subscribe a user using the HTTP command.  The procedure works
by simulating a POST to the default subscribe page.  It requires
the CURL PHP library.

LCsub.php -- will subscribe a user

USAGE:

(we assuming list #1, master password is "plist")

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe%40aol.com

Result:
This will subscribe John Doe to the email list; note that the
'@' sign has been replaced here by %40 which is needed by most
web servers.

Command:
http://mydomain.com/lists/LCsub.php?pwd=plist&email=johndoe@aol.com&attribute1=John&attribute2=Doe&attribute3=TX

Result:
This will subscribe John Doe to the email list, but also add
user data for him, namely John's first name, last name, and
state, which must be set up as phplist attributes for List #2


INSTALLATION AND CONFIGURATION:

Just copy this script to the home directory of phplist, the lists folder.
To make it executable (on Linux), do a 'chmod 755 phplist'

To configure, just replace the values below for settings with the
location of your phplist installation, and a working admin password
for this installation.

Questions? Feel free to email me, richcowan <at> gmail.com

*/


// GLOBAL VARIABLES

// CONFIGURATION SETTINGS.  Set them up for your host
$domain = "http://www.yoursite.com/lists/";
$lid = 1;                                 // lid is the default PHPlist List ID to use
$masterpassword = "yourmasterpassword";       // Master password prevents unauthorized calls to script
$login = "admin";                       // phplist admin Login
$pass = "yourphpplistassword";             // phplist admin password
$skipConfirmationEmail = 1;               // Set to 0 if you require a confirmation email to be sent.
                        
// CODE
//TODO: Put in check to only allow script to be called from authorized domains
// 1) Retrieve the password parameter supplied in http request
$pwd = $_GET['pwd'];

if ($pwd == $masterpassword) {              // make sure password matches
echo("Master Password was correct.<br>");   //debug code, ok to remove

// 2) if script password is correct, then retrieve other parameters
   $ary = explode('&', $_SERVER['QUERY_STRING']);
   $i = 0;
      $post_data = array();
   while ($i < count($ary)) {
      $getArray = split('=', $ary[$i]);   
       // Set each GET value pair to the post_data associative array in preperation for the POST
      if (strcasecmp(urldecode($getArray[0]),'pwd')!=0) { // Ignore PWD parameter - not needed for POST
         $post_data[urldecode($getArray[0])] = urldecode($getArray[1]);
      }
      $i++;
   }
   // Ensure email is provided
   $email = $post_data['email'];
   $tmp = $_GET['lid'];
   if ($tmp != '') {$lid = $tmp; }   //user may override default list ID
   if ($email == '') {
         echo('You must supply an email address');
    return(0);
   }

// 3) Login to phplist as admin and save cookie using CURLOPT_COOKIEFILE
   $url = $domain . "admin/?";
   $ch = curl_init();
   $login_data = array();
   $login_data["login"] = $login;
   $login_data["password"] = $pass;
   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_URL, $url);   
   curl_setopt($ch, CURLOPT_POSTFIELDS, $login_data);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/nofileneeded.txt"); //Enable Cookie Parser.  File does not need to exist - http://curl.netmirror.org/libcurl/c/libcurl-tutorial.html for more info
   $result = curl_exec($ch);
//   echo("Result was: $result<br>"); //debug


// 3) Now simuulate post to subscriber form. 
   $post_data["emailconfirm"] = $email;
   $post_data["htmlemail"] = "1";
   $post_data["list[$lid]"] = "signup";
   $post_data["listname[$lid]"] = "test";
   $post_data["subscribe"] = "Subscribe";
   $post_data["makeconfirmed"] = $skipConfirmationEmail;  //If set to 1 it will confirm user bypassing confirmation email
   $url = $domain . "?p=subscribe";


   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_URL, $url);   
   curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   $result = curl_exec($ch);
   echo("Result was: $result<br>");
//6) Clean up
curl_close($ch);

}  // end of if clause

else {
echo("Password not supplied.");
}

// close the php tag
?>

[enrique]

Excellent script - but for the php hack, could you suggest a method to subscribe to more than one list with this?

Cheers.
Eric

[Zee]

THIS IS ONE OF THE BEST SCRIPTS IN THE WORLD!

I got this thing to work with Flash!

Awesome!

[Jeremy Toaster]

What sort of interface / form are you using along with this code to submit the registrations?

I was trying to call in the spage.php file into my site, but that really wasn't working

I don't know raw code, I usually just pick other people's apart to make it work for my situation.

I was hoping someone could expand more on how exactly to get this working on a separate page.

Basically inserting the sign up form with something like a php include ('../mailinglist/admin/spageNEW.php'); or something like that...

[H2B2]

Though not using http, this set of related functions might be useful:

Phplist class
A set of functions which provide a simple way to interact with phpList in your own programs (eg: adding a user who just purchased something from your website to a mailing list). It takes a list id, an email address, and optionally some attributes, and subscribes the user to that list. If the user already exists, the existing account will be subscribed. If it's a new user, they'll be added first. Users added in this way are pre-confirmed (they will not be sent a confirmation email).

Source: http://docs.phplist.com/PhplistHacks

[jesseheap]

Though not using http, this set of related functions might be useful:
Phplist class

That is useful, but one should keep in mind that the http subscribe approach, unlike the above mentioned function, does not rely on direct calls to the database and will not break if the schema changes.

[wlcmclk]

i'm seeing there is possibly a new parameter required 'VerificationCodeX' and it looks like the list id is encoded. any comment would be appreciated.

[griffonboy]

I am super interested in this project and I think I can be of help.

two critical items off the bat:

craf! it won't let me post them until I do ten posts. It says I'm trying to post URL's which I'm not.... OK
I'll put it when I get ten real posts.

[kunjio]

I'm having the same problem with the 10 posts thing. I keep running into the problem of the code always outputting "password not supplied" no matter how I tweak it. I have the code in a php file called phplist.php located in my "lists" folder. If anyone wants to look at my code it would be greatly appreciated, I could either PM or email it. Thanks.

[purplemine]

How is everyone calling this from a form, for example. I'm hoping to integrate into several different places and looking for some options!

Thanks,

John

[gebbione]

How is everyone calling this from a form, for example. I'm hoping to integrate into several different places and looking for some options!

Thanks,

John

Hi John,

integration from a form is not too complex and depends on what you would like to do with the script. If you wish to subscribe a list of emails you can create a textarea form to send to the script and then let the script perform several cURL calls for the subscription of all the users.

However, I have seen the PHPList Class post and I was more interested in the HTTP hack since as somebody said before, calling the database directly is not a good practice in case the schema will change.

I have written a little cURL integration in Joomla. Very simple, I just pass the basic call to the default subscription page if the $_POST or $_GET do not have a specific subscribe, unsubscribe, preference,etc value specified. When one of these specific actions is included in the post or get then i pass it directly to cURL and this to phplist to perform the action.

The problem with this approach is that when i try to run a p=preferences action (when the user wants to change his details). The form in not very well displayed by cURL because somehow PHPList Javascript does not get interpreted and thinks you are somekind of BOT trying to perform some malicious action. This results in showing a form that is totally corrupt and does not allow the preferences modification action.

Example (PLEASE WORK OUT THE URLS - THE FORUM WONT LET YOU INCLUDE THEM UNLESS YOU HAVE POSTED 10 times already):
fully working call to phpList directly without cURL
trippinsupport.dreamhosters DOT com /joomla/mailing/?uid=3d70ad1d761fa64afce5b9910b0372e4&p=preferences

NOT working call from cURL for p=preferences
trippinsupport.dreamhosters DOT com /joomla/mailing.html?uid=3d70ad1d761fa64afce5b9910b0372e4&p=preferences

I have googled and searched for an integration or expansion of cURL to interpret correctly the JavaScript provided on the page but nothing helped so far.

I think if this can be solved the approach above is the best solution to fully integrate phpList in a easy way with an external system.

Any comments or help is very much appreciated.

---

Just to let you know the problem was cause by joomla's plug in Content - Email Cloaking

[lvalics]

A small hack here

Code: Select all

   $post_data["htmlemail"] = "1";
   
   $tmp=explode("_",$_GET["lists"]);
   foreach ($tmp as $value)
   {
         $post_data["list[$value]"] = "signup";
   }
   
   $post_data["listname[$lid]"] = "test";


The ideea is to pass in URL multiple LIST, like &lists=1_3_5 etc.

Hope this help.