integrating SMS gateway

Hello Team,

I am trying to integrate an SMS gate way into my website, and the workflow is as follows :-

1) user hits a button which says verify my phone number ( a script runs and they get a random code on their phone number as sms.

2) The user gets directed to an article where there is a bunch of code which inserts the random code sent to user in their user row in comprofiler table in a column named cb_phoneverificationcode.in this page / article they also see an input box to enter the code they received as sms. and hit submit.
3) The user is directed to a page / article where a sql query insert the submitted post data into a new column in their user row in a new column named cb_userinputphonecode, and another query retrieves the data stored in both the 2 columns / fields cb_phoneverificationcode & cb_userinputphonecode and finally there is an IF statement which compares these 2 values and if they match displays success and if not then user retries.

<?php
//calling CB framework to get user profile values in this case Userid.
Global $_CB_framework;

$myId = $_CB_framework->myId();
$cbUser =& CBuser::getInstance( $myId );

if ( ! $cbUser ) {
$cbUser =& CBuser::getInstance( null );
}

$user =& $cbUser->getUserData();

echo $myId;
if(isset($_POST)){
$verificationcode = $_POST["veficationcode"];
echo "Post".$verificationcode;

$servername = "";
$username = "";
$password = "";
$dbname = "";

// Create connection
$connect = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$connect) {
die("Connection failed: " . mysqli_connect_error());
}

//input user code in db

$sql2 = "UPDATE t4qcm_comprofiler SET cb_userinputphonecode ='$verificationcode' WHERE id = $myId";

if ($connect->query($sql2) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql2 . "<br>" . $connect->error;
}

//select the data from the database for random code input into database
$query = "SELECT cb_userinputphonecode,cb_phoneverificationcode FROM t4qcm_comprofiler WHERE id='$myId'";

//select the data from the database for user code input into database
//$query = "SELECT `cb_userinputphonecode` FROM `t4qcm_comprofiler` WHERE `id`= $myId";


if ($result = mysqli_query($connect,$query)) {
while($row = mysqli_fetch_assoc($result))
echo $row;
}
var_dump($row);
var_dump($row);

if($row == $row){ echo "SUCCESS!!! With values - User Input : ".$row." And Phone Verification : ".$row; }else{ echo "verification code mismatch. Please try again"; }

print_r(mysqli_fetch_assoc($result));

$connect->close();
}


?>



The issue is that even when the user inputs a wrong value it still shows success , i did a var_dump and that displays null for both fields but echo displays thir db values and so does their front end profile.
*//
[/code]

It's hard to read without the code tag, but it looks like you're comparing $row to $row. So you're comparing it to it self which is why it's always going to be true.

I'm not sure why you're using a PHP file though. You can do this with CB Auto Actions by leaving Triggers as None then posting to the direct URL of that action. You can then use substitutions to grab your post value (e.g. [post_veficationcode]) in a Field action to insert it into their profile. Alternatively a Query action can be used and you don't need to deal with any of the PHP of connecting to a database or a Code action if you want to directly use PHP while being able to utilize Joomla and CB APIs.

Hello Kyle, not sure why in first time it didn't display the column names inside the $row variable. its not comparing $row to $row but values of $row to each other.

BTW- there is other stuff also running in the code , like a random function generating random numbers which are inserted into users row in the cb_phoneverificationcode column / field. And also the SMS gateway's code that needs to run out of php file / or an article to send the same number genegated as an sms to use which i have not mentioned here just to make it less complicated.

Thanks
Pranay

Your code is hard to read and your previous post has scrambled it as it's not in a proper code tag. So I've no idea what's going on above your IF check. In addition to that your SQL for inserting into the database the verification code ($verificationcode) is doing so directly from POST with zero sanitizing. What this means is you've created an SQL injection vulnerability that can easily be abused to hijack your site (e.g. user make themselves Super Users with an injected query then do whatever they want).

CB Auto Actions forces basic sanity checks on input data to avoid vulnerabilities in addition to format functions that can be used to apply cleaning to user data to further secure it. You may want to consult with a contract developer and have them help you as your code isn't secure.

Please understand we do not provide support for custom coding. Our support extends to our products and direct usage of those products. I can't help you write, fix, or otherwise custom code.

hello kyle,

since there is no out of the box plugin with cb that can integrate an SMS gateway it will have to be a custom code . And since i have chosen Community builder , and i am using the Cb api and Comprofiler db table i thought maybe you can point in the right direction. but if its not permitted its fine i will seek help someplace else . Thanks for your time.

Thanks
Pranay

Your PHP file is outside the scope of Joomla and has no access to Joomla or CB API. If using a Code action then it's executed inside of Joomla inside of CB, which gives you access to both APIs. The code snippets provided are also unreadable. So the advise I can provide is extremely limited.

The only CB usage in your code is direct update to _comprofiler and usage of CBuser which probably won't work because it's outside the scope. Updating a field value from user object is also preferable to direct database changes. The below for example is the best way to do that. Inside of Joomla scope you also do not need to directly connect to the database as both Joomla and CB database API handles that.

$user->storeDatabaseValue( 'FIELD_NAME', VALUE );

The third variable toggles profile update trigger usage (default true). You still need to do sanity checks and cleaning on the user input though.