KuJoe Posted February 5, 2010 Share Posted February 5, 2010 I created a custom order form on a different domain/IP than my actual WHMCS installation but cannot get it to work for some reason. The error I am receiving is: An error occured1. Please contact support. () (I know, not helpful at all.) I opened a ticket with WHMCS and they suggested I look for a curl error, I added an error check but it returned with "Curl Success". if(curl_exec($ch) === false) { die("Curl Error"); } else { die("Curl Success"); } Here is the code: <?php $url = "https://www.jweb2.com/myinstall/api.php"; $apiusername = "myadmin"; # Admin username goes here $apipassword = "mypassword"; # Admin password goes here if ($_POST["action"]=="submit") { # Get Values $domain = trim(htmlentities($_POST["domain"])); $firstname = trim(htmlentities($_POST["firstname"])); $lastname = trim(htmlentities($_POST["lastname"])); $companyname = trim(htmlentities($_POST["companyname"])); $email = trim(htmlentities($_POST["email"])); $address1 = trim(htmlentities($_POST["address1"])); $address2 = trim(htmlentities($_POST["address2"])); $city = trim(htmlentities($_POST["city"])); $state = trim(htmlentities($_POST["state"])); $postcode = trim(htmlentities($_POST["postcode"])); $country = trim(htmlentities($_POST["country"])); $phonenumber = trim(htmlentities($_POST["phonenumber"])); $password = trim(htmlentities($_POST["password"])); $password2 = trim(htmlentities($_POST["password2"])); $customfield1 = trim(htmlentities($_POST["customfield1"])); $securityqans = trim(htmlentities($_POST["securityqans"])); $tosagreement = $_POST["accepttos"]; # Error Checking if (!$domain) { $errors[] = "You did not enter a domain name."; } if (ereg('[^a-z0-9.-]', $domain)) { $errors[] = "The domain you entered is not valid."; } if (!$firstname) { $errors[] = "You did not enter your first name."; } if (!$lastname) { $errors[] = "You did not enter your last name."; } if (!$email) { $errors[] = "You did not enter your email address"; } elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,6})$", $email)) { $errors[] = "The email address you entered is invalid."; } if (!$address1) { $errors[] = "You did not enter the first line of your address."; } if (!$city) { $errors[] = "You did not enter your city."; } if (!$state) { $errors[] = "You did not enter your state."; } if (!$postcode) { $errors[] = "You did not enter your postcode."; } if (!$country) { $errors[] = "You did not enter your country."; } if (!$phonenumber) { $errors[] = "You did not enter your phone number."; } if (!$password) { $errors[] = "You must enter a password"; } elseif ($password!=$password2) { $errors[] = "The password you entered did not match."; } if (!$customfield1) { $errors[] = "You must choose a forum username."; } if (!$securityqans) { $errors[] = "You must provide an answer to your secret question."; } if (!$tosagreement) { $errors[] = "You must agree to the terms of service."; } if (!$errors) { # Submit Order $postfields = array(); $postfields["username"] = $apiusername; $postfields["password"] = md5($apipassword); $postfields["action"] = "addclient"; $postfields["firstname"] = $firstname; $postfields["lastname"] = $lastname; $postfields["companyname"] = $companyname; $postfields["email"] = $email; $postfields["address1"] = $address1; $postfields["address2"] = $address2; $postfields["city"] = $city; $postfields["state"] = $state; $postfields["postcode"] = $postcode; $postfields["country"] = $country; $postfields["phonenumber"] = $phonenumber; $postfields["password2"] = $password; $postfields["securityqid"] = $securityqid; $postfields["securityqans"] = $securityqans; $postfields["customfield[1]"] = $customfield1; $query_string = ""; foreach ($postfields AS $k=>$v) { $query_string .= "$k=".urlencode($v)."&"; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 100); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); $data = curl_exec($ch); curl_close($ch); $data = explode(";",$data); foreach ($data AS $temp) { $temp = explode("=",$temp); $results[$temp[0]] = $temp[1]; } if ($results["result"]=="success") { $clientid = $results["clientid"]; } else { die("An error occured1. Please contact support. ({$results['message']})"); } $postfields = array(); $postfields["username"] = $apiusername; $postfields["password"] = md5($apipassword); $postfields["action"] = "addorder"; $postfields["clientid"] = $clientid; $postfields["pid"] = $pid; $postfields["domain"] = $domain; $postfields["domaintype"] = $domaintype; $postfields["billingcycle"] = $billingcycle; $postfields["paymentmethod"] = $paymentmethod; $query_string = ""; foreach ($postfields AS $k=>$v) { $query_string .= "$k=".urlencode($v)."&"; } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $apiurl); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 100); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $query_string); $data = curl_exec($ch); curl_close($ch); $data = explode(";",$data); foreach ($data AS $temp) { $temp = explode("=",$temp); $results[$temp[0]] = $temp[1]; } if ($results["result"]=="success") { $invoiceid = $results["invoiceid"]; header("Location: ".$whmcsurl."dologin.php?username=$email&password=$password&goto=viewinvoice&id=$invoiceid"); exit; } else { die("An error occured2. Please contact support. ({$results['message']})"); } } } ?><html> <head> <title>Order Form</title> </head> <body> <h1>Order Form</h1> <?php if ($errors) { echo "<p>The following errors occured.</p><ul>"; foreach ($errors AS $error) { echo "<li>$error</li>"; } echo "</ul>"; } ?> <form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>"> <input type="hidden" name="action" value="submit" /> <table> <tr> <td>First Name:</td><td><input type="text" name="firstname" size="30" value="<?php echo $firstname ?>" /></td> <td>Last Name:</td><td><input type="text" name="lastname" size="30" value="<?php echo $lastname ?>" /></td> </tr> <tr> <td>Address 1:</td><td><input type="text" name="address1" value="<?php echo $address1 ?>" size="30" /></td> <td>Address 2:</td><td><input type="text" name="address2" value="<?php echo $address2 ?>" size="30" /></td> </tr> <tr> <td>Company Name:</td><td><input type="text" name="companyname" value="<?php echo $companyname ?>" size="30" /></td> <td>E-mail Address:</td><td><input type="text" name="email" value="<?php echo $email ?>" size="30" /></td> </tr> <tr> <td>City:</td><td><input type="text" name="city" size="30" value="<?php echo $city ?>" /></td> <td>State:</td><td><input type="text" name="state" size="30" value="<?php echo $state ?>" /></td> </tr> <tr> <td>Zip Code:</td><td><input type="text" name="postcode" size="30" value="<?php echo $postcode ?>" /></td> <td>Country:</td><td><select name="country"><option value="AU">Australia</option><option value="CA">Canada</option><option value="IE">Ireland</option><option value="GB">United Kingdom</option><option value="US" selected="selected">United States</option></select></td> </tr> <tr> <td>Phone Number:</td><td><input type="text" name="phonenumber" size="30" value="<?php echo $phonenumber ?>" /></td> <td>(Used by our automated anti-fraud system.)</td><td></td> </tr> <tr> <td>Domain Name:</td><td><input type="text" name="domain" size="20" value="<?php echo $domain ?>" />.CXR.CC</td> <td>(For example.cxr.cc type: <i>example</i>)</td><td></td> </tr> <tr> <td>Forum Username:</td><td><input type="text" size="30" name="customfield1" value=""></td> <td>(Automatically Generated)</td><td></td> </tr> <tr> <td>Password:</td><td><input type="password" name="password" size="30" /></td> <td>Confirm Password</td><td><input type="password" name="password2" size="30" /></td> </tr> <tr> <td>Security Question:</td><td><select name="securityqid"> <option value=2>Mother's maiden name?</option> <option value=3>Name of first pet?</option> <option value=4>Color of first car?</option> <option value=5>Favorite color?</option> </select></td> <td>Security Answer:</td><td><input type="password" name="securityqans" size="30"></td> </tr> <tr> <td colspan="4"> <input type="hidden" name="domaintype" value="selsubdomain" /> <input type="hidden" name="paymentmethod" value="paypal" /> <input type="hidden" name="pid" value="16" /> <input type="hidden" name="billingcycle" value="free" /> <input type="checkbox" name="accepttos" id="accepttos" />I have read and agree to the <a href="http://www.jweb2.com/tos.php" target="_blank">Terms of Service</a><br /> <strong>Please have your phone available because we use an automated telephone system to verify high-risk orders.</strong> <p align="center"><input type="submit" value="Submit Order" /></p> </td> </tr> </table> </form> </body> </html> 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 8, 2010 Author Share Posted February 8, 2010 Still no luck with this. $5 via Paypal to whoever can either get this to work or produce an error message. 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted February 8, 2010 Share Posted February 8, 2010 hi, $apiurl != $url see: $url = "https://www.jweb2.com/myinstall/api.php"; and: curl_setopt($ch, CURLOPT_URL, $apiurl); 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted February 8, 2010 Share Posted February 8, 2010 Make sure you have added your IP in "General Settings"/ "Security" / "API IP Access Restriction" the following codepart is the important, and it work! <?php #$url = "https://www.jweb2.com/myinstall/api.php"; $url = 'http://www.MYPATH/includes/api.php'; $apiusername = "MYUSER"; # Admin username goes here $apipassword = "MYPASS"; # Admin password goes here if ($_POST["action"]=="submit") { //... #if (!$errors) { # Submit Order $postfields["action"] = "addclient"; $postfields["firstname"] = "Test"; $postfields["lastname"] = "User"; $postfields["companyname"] = "WHMCS"; $postfields["email"] = "demo@whmcs.com"; $postfields["address1"] = "123 Demo Street"; $postfields["address2"] = $address2; $postfields["city"] = "Demo"; $postfields["state"] = "Florida"; $postfields["postcode"] = "AB123"; $postfields["country"] = "US"; $postfields["phonenumber"] = "123456789"; $postfields["password2"] = "demo"; $postfields["currency"] = "1"; //Start: new send code $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true) ; curl_setopt($curl, CURLOPT_TIMEOUT, 100); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $postfields["username"] = $apiusername; $postfields["password"] = md5($apipassword); echo "<pre>request";print_r($postfields);echo "</pre>"; curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields); $result = curl_exec($curl); if (curl_errno($curl)) { $errmsg = curl_error($curl); $errcode = curl_errno($curl); curl_close($curl); echo "CURL ERROR <br />$errcode - $errmsg"; } curl_close($curl); // parse response $result= explode(";",$result); foreach ($result AS $temp) { $temp = explode("=",$temp); $resultarray[$temp[0]] = $temp[1]; } echo "Result: <pre>resultarray: " . print_r($resultarray,TRUE) . "</pre>"; // End: new send code #} // ... } 0 Quote Link to comment Share on other sites More sharing options...
RMIGHTY1 Posted February 10, 2010 Share Posted February 10, 2010 Hi KuJoe, This might sound trite but is the other domain/IP a secure one? Submitting to a secure site from a non-secure site may cause problems. Cheers, RMIGHTY1 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 10, 2010 Author Share Posted February 10, 2010 Make sure you have added your IP in "General Settings"/ "Security" / "API IP Access Restriction" the following codepart is the important, and it work! <?php #$url = "https://www.jweb2.com/myinstall/api.php"; $url = 'http://www.MYPATH/includes/api.php'; $apiusername = "MYUSER"; # Admin username goes here $apipassword = "MYPASS"; # Admin password goes here if ($_POST["action"]=="submit") { //... #if (!$errors) { # Submit Order $postfields["action"] = "addclient"; $postfields["firstname"] = "Test"; $postfields["lastname"] = "User"; $postfields["companyname"] = "WHMCS"; $postfields["email"] = "demo@whmcs.com"; $postfields["address1"] = "123 Demo Street"; $postfields["address2"] = $address2; $postfields["city"] = "Demo"; $postfields["state"] = "Florida"; $postfields["postcode"] = "AB123"; $postfields["country"] = "US"; $postfields["phonenumber"] = "123456789"; $postfields["password2"] = "demo"; $postfields["currency"] = "1"; //Start: new send code $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true) ; curl_setopt($curl, CURLOPT_TIMEOUT, 100); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $postfields["username"] = $apiusername; $postfields["password"] = md5($apipassword); echo "<pre>request";print_r($postfields);echo "</pre>"; curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields); $result = curl_exec($curl); if (curl_errno($curl)) { $errmsg = curl_error($curl); $errcode = curl_errno($curl); curl_close($curl); echo "CURL ERROR <br />$errcode - $errmsg"; } curl_close($curl); // parse response $result= explode(";",$result); foreach ($result AS $temp) { $temp = explode("=",$temp); $resultarray[$temp[0]] = $temp[1]; } echo "Result: <pre>resultarray: " . print_r($resultarray,TRUE) . "</pre>"; // End: new send code #} // ... } I tried the above script in a test script I am using and this is the output I receive: requestArray ( [action] => addclient [firstname] => Test [lastname] => User [companyname] => WHMCS [email] => demo@whmcs.com [address1] => 123 Demo Street [address2] => [city] => Demo [state] => Florida [postcode] => AB123 [country] => US [phonenumber] => 123456789 [password2] => demo [currency] => 1 [username] => myadmin [password] => a266efe3g2d411203f200773faca36sb ) Result: resultarray: Array ( [] => ) Hi KuJoe, This might sound trite but is the other domain/IP a secure one? Submitting to a secure site from a non-secure site may cause problems. Cheers, RMIGHTY1 The other domain/IP isn't secure but I also changed the $url to http instead of https so now I'm no longer submitting to a secure site. 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted February 10, 2010 Share Posted February 10, 2010 type the following in your script: phpinfo(); search the output for: cURL support cURL should be enabled! for confirmation the following code in a .php file works (just fill in the url, user and pwd)! <?php #$url = "https://www.jweb2.com/myinstall/api.php"; $url = 'http://www.mydomain/mywhmcsroot/includes/api.php'; $apiusername = "MYUSER"; # Admin username goes here $apipassword = "MYPASS"; # Admin password goes here # Submit Order $postfields["action"] = "addclient"; $postfields["firstname"] = "TEster"; $postfields["lastname"] = "User"; $postfields["companyname"] = "WHMCS"; $postfields["email"] = "demo50@whmcs.com"; $postfields["address1"] = "123 Demo Street"; #$postfields["address2"] = $address2; $postfields["city"] = "Demo"; $postfields["state"] = "Florida"; $postfields["postcode"] = "AB123"; $postfields["country"] = "US"; $postfields["phonenumber"] = "123456789"; $postfields["password2"] = "demo"; $postfields["currency"] = "1"; //Start: new send code $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true) ; curl_setopt($curl, CURLOPT_TIMEOUT, 100); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $postfields["username"] = $apiusername; $postfields["password"] = md5($apipassword); echo "<pre>request";print_r($postfields);echo "</pre>"; curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields); $result = curl_exec($curl); if (curl_errno($curl)) { $errmsg = curl_error($curl); $errcode = curl_errno($curl); curl_close($curl); echo "CURL ERROR <br />$errcode - $errmsg"; } curl_close($curl); // parse response $result= explode(";",$result); foreach ($result AS $temp) { $temp = explode("=",$temp); $resultarray[$temp[0]] = $temp[1]; } echo "Result: <pre>resultarray: " . print_r($resultarray,TRUE) . "</pre>"; phpinfo(); ?> regards 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 11, 2010 Author Share Posted February 11, 2010 Yup, that's the first thing I checked. cURL support enabled cURL Information libcurl/7.19.7 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted February 11, 2010 Share Posted February 11, 2010 do you tried out the last posted code? 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 11, 2010 Author Share Posted February 11, 2010 Same results as before except with the output from phpinfo(). If you want to look at that output I have a page setup here for it: http://www.jweb2.com/info.php 0 Quote Link to comment Share on other sites More sharing options...
HerrZ Posted February 11, 2010 Share Posted February 11, 2010 Same results as before except with the output from phpinfo(). If you want to look at that output I have a page setup here for it: http://www.jweb2.com/info.php :shock: This is a security risk. Please remove phpinfo from your website. 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 11, 2010 Author Share Posted February 11, 2010 It's not really a security risk, and if it was there is nothing I can do about it unless I disable the phpinfo function which I don't plan to do. 0 Quote Link to comment Share on other sites More sharing options...
KuJoe Posted February 17, 2010 Author Share Posted February 17, 2010 OMG... I feel so stupid. Damn custom hooks! 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.