mheadd/db-post.php

## db-post.php
<?php

// The URL where the test-auth.php script resides.
define("POST_DATA_TO_URL", "http://someurl/my-script.php");

// Function to send value to my-script.php script via cURL with digest authentication.
function submitValue($myValue) {
	$ch = curl_init(POST_DATA_TO_URL);
	curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
	curl_setopt($ch, CURLOPT_USERPWD, "admin:mypass");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, "myValue=$myValue");

	$output = curl_exec($ch);

	if (curl_getinfo($ch, CURLINFO_HTTP_CODE) != '200') {
		return null;
	}
	return $output;
}

answer(30);
say("Hello, welcome to my sample application.", array("bargein" => false));

// Prompt the caller for the extension they want to call.
$event = ask("Please enter a 5 digit zip code.", array("choices" => "[5 DIGITS]", "choiceMode" => "dtmf", "repeat" => "3", "timeout" => "5"));

if($event->name == 'choice') {
	_log("*** User entered ".$event->value." ***");
	$result = submitValue($event->value);

	if($result == "SUCCESS") {
		say("Thank you. Goodbye", array("bargein" => false));
		hangup();
	}
	else {
		_log("*** $result ***");
		say("Sorry, there was a problem. Goodbye", array("bargein" => false));
		hangup();
	}
}

?>

## my-script.php
<?php
/*
 * Simple Digest Authentication script for accepting HTTP POSTs from Tropo.
 * Modified from example in PHP Manual - http://php.net/manual/en/features.http-auth.php
 */

// Function to parse the http auth header.
function http_digest_parse($txt) {
    // protect against missing data
    $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
    $data = array();
    $keys = implode('|', array_keys($needed_parts));

    preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[3] ? $m[3] : $m[4];
        unset($needed_parts[$m[1]]);
    }

    return $needed_parts ? false : $data;
}

define("REALM", "My Restricted area");

// A simple aray to hold usernames and passwords.
$users = array('admin' => 'mypass', 'guest' => 'guest');

if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5(REALM).'"');
    die('Not authorized!');
}

// Analyze the PHP_AUTH_DIGEST variable.
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']]))
    die('Wrong Credentials!');

// generate the valid response
$A1 = md5($data['username'] . ':'.REALM.':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

// If the wrong credentials are given, respond with a 403.
if ($data['response'] != $valid_response) {
	header('HTTP/1.1 403 Forbidden');
	die('Wrong Credentials!');
}

// Otherwise, sanitize the submitted value and insert into a MySQL database.
else {

	try {

		$conn = mysql_connect('host', 'username', 'password');
		$myValue = mysql_real_escape_string($_POST['myValue'], $conn);
		mysql_select_db('my-database', $conn);

		if(mysql_query("INSERT INTO my-table values ($myValue)", $conn)) {
		header('HTTP/1.1 200 OK');
		echo "SUCCESS";
		}
		else {
			throw new Exception(mysql_error());
		}

	}
	catch (Exception $ex) {
		header('HTTP/1.1 500 Internal Server Error');
		echo "FAILURE: ".$ex->getMessage();
	}
}


?>
	<?php

	// The URL where the test-auth.php script resides.
	define("POST_DATA_TO_URL", "http://someurl/my-script.php");

	// Function to send value to my-script.php script via cURL with digest authentication.
	function submitValue($myValue) {
	$ch = curl_init(POST_DATA_TO_URL);
	curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
	curl_setopt($ch, CURLOPT_USERPWD, "admin:mypass");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, "myValue=$myValue");

	$output = curl_exec($ch);

	if (curl_getinfo($ch, CURLINFO_HTTP_CODE) != '200') {
	return null;
	}
	return $output;
	}

	answer(30);
	say("Hello, welcome to my sample application.", array("bargein" => false));

	// Prompt the caller for the extension they want to call.
	$event = ask("Please enter a 5 digit zip code.", array("choices" => "[5 DIGITS]", "choiceMode" => "dtmf", "repeat" => "3", "timeout" => "5"));

	if($event->name == 'choice') {
	_log("* User entered ".$event->value." *");
	$result = submitValue($event->value);

	if($result == "SUCCESS") {
	say("Thank you. Goodbye", array("bargein" => false));
	hangup();
	}
	else {
	_log("* $result *");
	say("Sorry, there was a problem. Goodbye", array("bargein" => false));
	hangup();
	}
	}

	?>
	<?php
	/*
	* Simple Digest Authentication script for accepting HTTP POSTs from Tropo.
	* Modified from example in PHP Manual - http://php.net/manual/en/features.http-auth.php
	*/

	// Function to parse the http auth header.
	function http_digest_parse($txt) {
	// protect against missing data
	$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
	$data = array();
	$keys = implode('\|', array_keys($needed_parts));

	preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2\|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

	foreach ($matches as $m) {
	$data[$m[1]] = $m[3] ? $m[3] : $m[4];
	unset($needed_parts[$m[1]]);
	}

	return $needed_parts ? false : $data;
	}

	define("REALM", "My Restricted area");

	// A simple aray to hold usernames and passwords.
	$users = array('admin' => 'mypass', 'guest' => 'guest');

	if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
	header('HTTP/1.1 401 Unauthorized');
	header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5(REALM).'"');
	die('Not authorized!');
	}

	// Analyze the PHP_AUTH_DIGEST variable.
	if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) \|\| !isset($users[$data['username']]))
	die('Wrong Credentials!');

	// generate the valid response
	$A1 = md5($data['username'] . ':'.REALM.':' . $users[$data['username']]);
	$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
	$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

	// If the wrong credentials are given, respond with a 403.
	if ($data['response'] != $valid_response) {
	header('HTTP/1.1 403 Forbidden');
	die('Wrong Credentials!');
	}

	// Otherwise, sanitize the submitted value and insert into a MySQL database.
	else {

	try {

	$conn = mysql_connect('host', 'username', 'password');
	$myValue = mysql_real_escape_string($_POST['myValue'], $conn);
	mysql_select_db('my-database', $conn);

	if(mysql_query("INSERT INTO my-table values ($myValue)", $conn)) {
	header('HTTP/1.1 200 OK');
	echo "SUCCESS";
	}
	else {
	throw new Exception(mysql_error());
	}

	}
	catch (Exception $ex) {
	header('HTTP/1.1 500 Internal Server Error');
	echo "FAILURE: ".$ex->getMessage();
	}
	}


	?>