Hello.
I know a small bit of PHP, but have never programmed for Drupal (except basic modification of templates). I have a website written in Drupal 7 (Shinezar.com) and using the module "Classified ads". Our client now wants the visitors to be able to send an ad by SMS too, through a phone operator service receiving SMSs and transforming them into URIs aimed to be treated by PHP GET method. I don't know the details yet, but the URI will be something like this: "http://shinezar.com?ad=I sell a car for 5 000 000 MNT". We are free to decide the fix part of the URI, and the phone operator will generate the query part, add it to the fix part and visit that URI. Do you have an idea how I could get such an URI and send it to Classified ads? It seems to me that this is equivalent to the question: "How to transform a GET query into a POST one?".
Comments
I think you should not try to
I think you should not try to send this data to drupal by filling and sumbitting drupal form but use hook_menu to provide callback function which would receive this data and then create 'classified' node programmatically.
Here is an example which would expect GET requests like http://shinezar.com/ad/I sell a car for 500 MNT
(Please note this code is not tested and can have some typos, etc.)
function YOUR_MODULE_NAME_menu() {
$items['ad/%'] = array(
'page callback' => ''add_advert",
'page arguments' => array(1),
'type' => MENU_CALLBACK
);
return $items;
}
function add_advert($ad) {
$node = new stdClass();
$node->title = 'YOUR TITLE';
$node->type = 'classified';
$node->body = $ad;
node_object_prepare($node); // Sets some defaults. Invokes hook_prepare() and hook_node_prepare().
$node->language = LANGUAGE_NONE; // Or e.g. 'en' if locale is enabled
$node->uid = 1; //node created by super user (user no 1)
$node->status = 1; //(1 or 0): published or not
$node = node_submit($node); // Prepare node for saving
node_save($node);
watchdog('title', 'message');
}
http://api.drupal.org/api/drupal/modules%21system%21system.api.php/funct...
http://drupal.org/node/1388922
http://drupal.org/node/1494678
It's a really bad idea to
It's a really bad idea to create data in response to a GET request like this. If the URL is open access then anyone will be able to add new rows to the DB just by visiting the URL. And even if the user must be signed in, then that's not proof against accidental repeat visits.
A basic rule of web services is that data isn't created by GET requests, only by POSTs.
Sure, but they receive that
Sure, but they receive that data from a phone operator as GET request anyway so what's other option?
Sorry for the late reply. If
Sorry for the late reply. If a service like this is requested via GET, then unless you protect it against malicious abuse and accidental repeated invocation you will be asking for trouble. There are various measures you might adopt but I don't know what's practical for you in this case. Ideally as a baseline the request would be associated with a Drupal session (ie, there's a logged in user) but that may not be possible.
Without a session cookie, you might consider adding some sort of security via a secret code in an extra variable. Doing this properly is far from trivial, as this article makes clear: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-au...
If the remote user is restricted to a particular IP address or addresses, that might be worth checking. Also I'd say that you need to reject duplicate requests however else you lock things down.
The "?" form
Thank you very much indeed. I only discover now your answers. I thought I would receive a notification mail from Drupal.org...
There is no much security problem, because anybody, including you, can post an ad for free on that website. So why people would use the hard way when they can just go to the site? The only risk is to be flooded with ads by a robot.
The problem is that hook_menu requires a path-like URL, not a GET-styled URL, with its traditional question mark. And I don't expect the nation-biggest phone exploitant operator to change its program for me.
The set format is:
http://xxx.xxx.xxx.xxx/../sms.php?sender=99999999&text=message_body
where "99999999" stands for the phone number and "message_body" stands for the message body.
The part I am free to choose is "xxx.xxx.xxx.xxx/..".
http://Fiable.biz Web site creation.
Nobody?
If nobody has any idea about capturing a GET query like that on Drupal, I think of using another domain name, putting there a non-Drupal web page and using CURL, like that:
http://davidwalsh.name/curl-post
but it would be a pity. There should be a Drupal way to do it...
http://Fiable.biz Web site creation.