WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:
Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users
Course Of The Month
5 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Problem with Twilio StatusCallback. Logs show a POST but something is amiss
Posted on 2012-12-23
Hi
I've been trying to see what is wrong for literally hours and still can't figure out why its not working.
I'm hoping if I post my complete code, perhaps someone will see something I've missed:
1) I am receiving a Statuscallback when checking my logs. Here is the latest I've tried (so I see my callback is working/this is direct from my logs):
23.23.3.152 - - [22/Dec/2012:13:16:01 -0400] "POST /app/assets/phone/contests
2) The total code for text_complete.php code is this:
If I simply try this url with the bare minimum of a variable attached: http://mydomain.com/app/assets/phone/contests/text_complete.php?account_id=17
The query will work and it will insert into my database the bare minimum. (I was doing this to double-check my query can insert OK). So it seems if even just the account_id is passed, I'll get an insert into my db.
When I plug in the test url above as my statuscallback url with just the required account_id... it doesn't work.
I can see the now shortened statuscallback in my logs show up... but for some reason it won't insert a record.
I simply can't figure out why it isn't inserting a record, even when I do the bare minimum url as my Statuscallback.
Is there some kind of permissions thing perhaps? Where you can visit the url and it will insert, but a callback won't insert?? Just trying to find some new direction to investigate.
Just in case, this is what my StatusCallback code looks like (maybe in case there is something wrong with the way its being formed?)
I've been trying to see what is wrong for literally hours and still can't figure out why its not working.
I'm hoping if I post my complete code, perhaps someone will see something I've missed:
1) I am receiving a Statuscallback when checking my logs. Here is the latest I've tried (so I see my callback is working/this is direct from my logs):
23.23.3.152 - - [22/Dec/2012:13:16:01 -0400] "POST /app/assets/phone/contests
2) The total code for text_complete.php code is this:
<?php
$callsid = $_REQUEST['SmsSid'];
$callstatus=$_REQUEST['SmsStatus'];
$to=$_REQUEST['To'];
$contestid=$_REQUEST['contestid'];
$account_id=$_REQUEST['account_id'];
$body = $_REQUEST['Body'];
$callername=$_REQUEST['callername'];
$callercity=$_REQUEST['callercity'];
$callerstate=$_REQUEST['callerstate'];
$fromcaller=$_REQUEST['From'];
include '../../db/config.php';
include '../../db/functions.php';
//make pretty looking phone number for table display using function
$fromcallerdisplay = FromCallerDisplay($fromcaller);
$tocallerdisplay = ToCallerDisplay($to);
//adjust time for incoming calls from timezone using function
$newtime = GetRightTime($account_id);
$result = mysql_query("SELECT PhoneRate, account_id FROM numbers WHERE PhoneNumber = '$fromcaller' AND PhoneType = 2 LIMIT 1");
while ($row = mysql_fetch_array($result)) {
$phonerate = $row["PhoneRate"];
$account_id = $row["account_id"];
}
mysql_free_result($result);
$sql="INSERT INTO callers (account_id, CallType, CallDirection, ContestId, CallTo, ToCallerDisplay, CallSid, CallerName, CallerCity, CallerState, FromCaller, FromCallerDisplay, Body, CallStatus, CallDate, CallDuration, CallCost, SubscribeStatus)VALUES('$account_id','1','Outgoing','$contestid','$to','$tocallerdisplay','$callsid','$callername','$callercity','$callerstate','$fromcaller','$fromcallerdisplay','$body','$callstatus','$newtime','1','$phonerate','Pending')";
$result=mysql_query($sql);
?>
If I simply try this url with the bare minimum of a variable attached: http://mydomain.com/app/assets/phone/contests/text_complete.php?account_id=17
The query will work and it will insert into my database the bare minimum. (I was doing this to double-check my query can insert OK). So it seems if even just the account_id is passed, I'll get an insert into my db.
When I plug in the test url above as my statuscallback url with just the required account_id... it doesn't work.
I can see the now shortened statuscallback in my logs show up... but for some reason it won't insert a record.
I simply can't figure out why it isn't inserting a record, even when I do the bare minimum url as my Statuscallback.
Is there some kind of permissions thing perhaps? Where you can visit the url and it will insert, but a callback won't insert?? Just trying to find some new direction to investigate.
Just in case, this is what my StatusCallback code looks like (maybe in case there is something wrong with the way its being formed?)
$subscribestatusmessage = "Hello from $company_name in $city! To subscribe, reply back with the word 'GO' and you are in.";
/* Include the Twilio PHP library */
require "../api/Twilio.php";
/* Set our AccountSid and AuthToken */
$AccountSid = "mysid";
$AuthToken = "mytoken";
$client = new Services_Twilio($AccountSid, $AuthToken);
$options = array("StatusCallback" => "http://mydomain.com/app/assets/phone/contests/text_complete.php?contestid=".urlencode($contestid)."&account_id=".urlencode($account_id)."&callername=".urlencode($callername)."&callercity=".urlencode($callercity)."&callerstate=".urlencode($callerstate));
$sms = $client->account->sms_messages->create(
$textcalldisplay,
$fromcaller,
$subscribestatusmessage,
$options
);
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
3 Comments
Active 3 days ago
Scanning down from the top...
...HALIFAX&callerstate=NS HTTP/1.1 This looks slightly suspect. Is that supposed to be a blank in a URL?
In text_complete.php you might want to add these two lines at the top:
ob_start();
error_reporting(E_ALL);
and then somewhere near the bottom add something like this:
$buf = ob_get_clean();
mail('you@your.org', 'text_complete.php', $buf);
The effect of this will be to capture all the messages inside that script and send them to you via email. You may find something interesting in there!
Lines of code like this are a sure recipe for catastrophe:
$result = mysql_query(...
while ($row = mysql_fetch_array($result)
The mysql_query() function produces a return value, and your script must test the return value for success or failure! MySQL is not a black box; it can and will fail for reasons that are outside of your control, and your programming must catch these failures and handle them somehow, even if handling only means sending you the error message. Reconstruct your data base calls using a pattern like this, so you can see the query and the failure at the same time.
$sql = "SELECT PhoneRate, account_id ...
$res = mysql_query(...
if (!$res) die("FAIL: $sql BECAUSE OF: " . mysql_error());
while ($row = mysql_fetch_assocr($res)).
A similar test needs to be made for the INSERT queries - as written they can fail silently and you'll not get a clue as to what went wrong.
Hope that gives you some ideas to start the investigation, ~Ray
...HALIFAX&callerstate=NS HTTP/1.1 This looks slightly suspect. Is that supposed to be a blank in a URL?
In text_complete.php you might want to add these two lines at the top:
ob_start();
error_reporting(E_ALL);
and then somewhere near the bottom add something like this:
$buf = ob_get_clean();
mail('you@your.org', 'text_complete.php', $buf);
The effect of this will be to capture all the messages inside that script and send them to you via email. You may find something interesting in there!
Lines of code like this are a sure recipe for catastrophe:
$result = mysql_query(...
while ($row = mysql_fetch_array($result)
The mysql_query() function produces a return value, and your script must test the return value for success or failure! MySQL is not a black box; it can and will fail for reasons that are outside of your control, and your programming must catch these failures and handle them somehow, even if handling only means sending you the error message. Reconstruct your data base calls using a pattern like this, so you can see the query and the failure at the same time.
$sql = "SELECT PhoneRate, account_id ...
$res = mysql_query(...
if (!$res) die("FAIL: $sql BECAUSE OF: " . mysql_error());
while ($row = mysql_fetch_assocr($res)).
A similar test needs to be made for the INSERT queries - as written they can fail silently and you'll not get a clue as to what went wrong.
Hope that gives you some ideas to start the investigation, ~Ray
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
In this series, we will discuss common questions received as a database Solutions Engineer at Percona. In this role, we speak with a wide array of MySQL and MongoDB users responsible for both extremely large and complex environments to smaller singl…
- Databases
- AWS
- MySQL Server
- MongoDB
- NoSQL Databases
- Percona
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions.
Consider email address RFCs:
Look at HTML5 form input element (with type=email) regex pattern:
T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing.
Set up your basic HTML file. Open your form tag and set the method and action attributes.:
(CODE)
Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month5 days, 2 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.