⚠️ Urgent! Active Attacks on MODX Revolution Sites Below Revolution 2.6.5
Subscribe: RSS
  • Hi All.

    Client has asked me to write an API integration to thier CRM.

    The code I have written works fine outside of MODX and I get a response from the API as expected. However when I place it into a snippet, whilst the POST information is grabbed successfully and the XML is populated I don't get any response from the API (As if the cURL even doesn't happen)!

    I have checked phpInfo and cURL is installed. I'm just wondering if the Snippet is allowed to use cURL and handle responsed.

    I'm relatively green at MODX, so any points in the right direction would be great!

    Excuse the long XML.

    <?php
    $salutation = $_POST['greeting'];
    $fname =  $_POST['fname'];
    $lname =  $_POST['lname'];
    $email = $_POST['email'];
    $tel = $_POST['tel'];
    $add1 = $_POST['add1'];
    $add2 = $_POST['add2'];
    $add3 = $_POST['add3'];
    $add4 = $_POST['add4'];
    $enq = $_POST['enquiry'];
    $coinsID = $_POST['coinsid'];
    
    $date =  date('c');
    $date2 = date('d-m-y');
    
    $xml = '<COINSInterface>';
    $xml .= '<Header action="CREATE" entity="HSESB042" testMsg="false">';
    $xml .= '<UserID>1</UserID>';
    $xml .= '<From>WEB ENQUIRY</From>';
    $xml .= '<HostName>**REDACTED**</HostName> ';
    $xml .= '<Environment>cplive</Environment>';
    $xml .= '<Created>' . $date . '</Created> ';
    $xml .= '<Login> ';
    $xml .= '<User>**REDACTED**</User>';
    $xml .= '<Password>**REDACTED**</Password>';
    $xml .= '<CID>3</CID>';
    $xml .= '</Login> ';
    $xml .= '</Header> ';
    $xml .= '<Body>';
    $xml .= '<hs_visitorRow>';
    $xml .= '<externalID></externalID>';
    $xml .= '<hvi_ref>1</hvi_ref>';
    $xml .= '<hvi_level>S</hvi_level>';
    $xml .= '<hvi_sprice>99.99</hvi_sprice>';
    $xml .= '<hvi_eprice>99.99</hvi_eprice>';
    $xml .= '<hvi_status>HTB</hvi_status>';
    $xml .= '<hvi_init_movepd__1></hvi_init_movepd__1>';
    $xml .= '<hvi_init_movepd__2></hvi_init_movepd__2>';
    $xml .= '<hvi_sdate></hvi_sdate>';
    $xml .= '<hvi_edate></hvi_edate>';
    $xml .= '<hvi_pxplot></hvi_pxplot>';
    $xml .= '<hvi_req></hvi_req>';
    $xml .= '<hvi_req2></hvi_req2>';
    $xml .= '<vud_code></vud_code>';
    $xml .= '<vud_code2></vud_code2>';
    $xml .= '<hvi_beds__1>1</hvi_beds__1>';
    $xml .= '<hvi_beds__2>1</hvi_beds__2>';
    $xml .= '<hvi_location></hvi_location>';
    $xml .= '<hvi_location2></hvi_location2>';
    $xml .= '<hvi_specreq></hvi_specreq>';
    $xml .= '<hvi_nomail>true</hvi_nomail>';
    $xml .= '<hvi_noemail>true</hvi_noemail>';
    $xml .= '<hvi_nosms>true</hvi_nosms>';
    $xml .= '<hvi_cmix></hvi_cmix>';
    $xml .= '<hvi_cdesc></hvi_cdesc>';
    $xml .= '<hvi_cvalue>99.99</hvi_cvalue>';
    $xml .= '<hvi_built>1</hvi_built>';
    $xml .= '<hvi_pxadd__1></hvi_pxadd__1>';
    $xml .= '<hvi_pxadd__2></hvi_pxadd__2>';
    $xml .= '<hvi_pxadd__3></hvi_pxadd__3>';
    $xml .= '<hvi_pxadd__4></hvi_pxadd__4>';
    $xml .= '<hvi_pxpcode></hvi_pxpcode>';
    $xml .= '<hvi_pxreq>true</hvi_pxreq>';
    $xml .= '<hvi_reasonMove>DESIGN</hvi_reasonMove>';
    $xml .= '<hvi_init_htr_sourceEnq>EST99</hvi_init_htr_sourceEnq>';
    $xml .= '<hvi_toreview>true</hvi_toreview>';
    $xml .= '<rsp_action>I</rsp_action>';
    $xml .= '<pp_personRow>';
    $xml .= '<externalID></externalID>';
    $xml .= '<ppp_intref>99</ppp_intref>';
    $xml .= '<ppp_title>' . $salutation . '</ppp_title>';
    $xml .= '<ppp_fname>' . $fname . '</ppp_fname>';
    $xml .= '<ppp_sname>' . $lname . '</ppp_sname>';
    $xml .= '<ppp_add__1>' . $add1 . '</ppp_add__1>';
    $xml .= '<ppp_add__2>' . $add2 . '</ppp_add__2>';
    $xml .= '<ppp_add__3>' . $add3 . '</ppp_add__3>';
    $xml .= '<ppp_add__4>' . $add4 . '</ppp_add__4>';
    $xml .= '<ppp_pcode></ppp_pcode>';
    $xml .= '<ppp_dob></ppp_dob>';
    $xml .= '<ppp_occupation></ppp_occupation>';
    $xml .= '<ppp_employer></ppp_employer>';
    $xml .= '<ppp_empadd__1></ppp_empadd__1>';
    $xml .= '<ppp_empadd__2></ppp_empadd__2>';
    $xml .= '<ppp_empadd__3></ppp_empadd__3>';
    $xml .= '<ppp_empadd__4></ppp_empadd__4>';
    $xml .= '<ppp_emppcode></ppp_emppcode>';
    $xml .= '<ppp_salary></ppp_salary>';
    $xml .= '<ppp_bonus></ppp_bonus>';
    $xml .= '<ppp_service></ppp_service>';
    $xml .= '<ppp_hphone></ppp_hphone>';
    $xml .= '<ppp_wphone></ppp_wphone>';
    $xml .= '<ppp_mphone></ppp_mphone>';
    $xml .= '<ppp_salutation></ppp_salutation>';
    $xml .= '<ppp_email>' . $email . '</ppp_email>';
    $xml .= '<ppp_consent>true</ppp_consent>';
    $xml .= '<ppp_conmeth></ppp_conmeth>';
    $xml .= '<ppp_contime></ppp_contime>';
    $xml .= '<ppp_resident>true</ppp_resident>';
    $xml .= '<ppp_lcertref></ppp_lcertref>';
    $xml .= '<ppp_photoid>true</ppp_photoid>';
    $xml .= '<ppp_proofadd>true</ppp_proofadd>';
    $xml .= '<ppp_account></ppp_account>';
    $xml .= '<ppp_sortcode></ppp_sortcode>';
    $xml .= '<ppp_iban></ppp_iban>';
    $xml .= '<ppp_swift></ppp_swift>';
    $xml .= '<ppp_bankname></ppp_bankname>';
    $xml .= '<ppp_bankadd__1></ppp_bankadd__1>';
    $xml .= '<ppp_bankadd__2></ppp_bankadd__2>';
    $xml .= '<ppp_bankadd__3></ppp_bankadd__3>';
    $xml .= '<ppp_bankadd__4></ppp_bankadd__4>';
    $xml .= '<ppp_bankpcode></ppp_bankpcode>';
    $xml .= '<ppp_taxable>true</ppp_taxable>';
    $xml .= '<ppp_hold>true</ppp_hold>';
    $xml .= '<ppp_hnote></ppp_hnote>';
    $xml .= '<ppp_paymeth></ppp_paymeth>';
    $xml .= '<vat_code></vat_code>';
    $xml .= '<ppp_thirdparty>true</ppp_thirdparty>';
    $xml .= '<ppp_password></ppp_password>';
    $xml .= '<ppp_logindate></ppp_logindate>';
    $xml .= '<ppp_logintime></ppp_logintime>';
    $xml .= '<ppp_agent>true</ppp_agent>';
    $xml .= '<ppp_accname></ppp_accname>';
    $xml .= '<ppp_age>1</ppp_age>';
    $xml .= '<ppp_nationality></ppp_nationality>';
    $xml .= '<ppp_nomail>true</ppp_nomail>';
    $xml .= '<ppp_noemail>true</ppp_noemail>';
    $xml .= '<ppp_nosms>true</ppp_nosms>';
    $xml .= '<ppe_deposit>99</ppe_deposit>';
    $xml .= '<ppe_loanamt>99</ppe_loanamt>';
    $xml .= '<ppe_loanpay>99</ppe_loanpay>';
    $xml .= '<ppe_loanyr>99</ppe_loanyr>';
    $xml .= '<ppe_loanmth>99</ppe_loanmth>';
    $xml .= '<ppe_morrent>99</ppe_morrent>';
    $xml .= '<ppe_mormax>99</ppe_mormax>';
    $xml .= '<ppe_advcred>true</ppe_advcred>';
    $xml .= '<ppe_morref></ppe_morref>';
    $xml .= '<rsp_action>I</rsp_action>';
    $xml .= '</pp_personRow>';   
    $xml .= '<hs_transRow>';
    $xml .= '<externalID></externalID>';
    $xml .= '<hev_code>VISIT</hev_code>';
    $xml .= '<htr_date>' . $date2 . '</htr_date>';
    $xml .= '<vsi_jobph>' . $coinsID . '</vsi_jobph>';
    $xml .= '<htr_reqPlot__1></htr_reqPlot__1>';
    $xml .= '<htr_reqPlot__2></htr_reqPlot__2>';
    $xml .= '<htr_reqHouse__1></htr_reqHouse__1>';
    $xml .= '<htr_reqHouse__2></htr_reqHouse__2>';
    $xml .= '<htr_log__1>true</htr_log__1>';
    $xml .= '<htr_comment></htr_comment>';
    $xml .= '<htr_ref>1</htr_ref>';
    $xml .= '<htr_sourceEnq>EST99</htr_sourceEnq>';
    $xml .= '<rsp_action>I</rsp_action>';
    $xml .= '</hs_transRow>';
    $xml .= '</hs_visitorRow>';
    $xml .= '</Body>';
    $xml .= '</COINSInterface>';
    
            //setting the curl parameters.
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, 'https://larkfleet.coinscloud.com/env/oacplive/wouesb.p?service=HSESB042');
            curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
            curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 300);
            curl_setopt($ch,CURLOPT_FAILONERROR,true);
            $data = curl_exec($ch);
            curl_close($ch);
    
            //convert the XML result into array
            $array_data = json_decode(json_encode(simplexml_load_string($data)), true);
    
            $sending_data = json_decode(json_encode(simplexml_load_string($data)), true);
    
     if(!empty($fname)){
    
            echo('<p>We will be sending the following payload into COINS<p>');
            echo('<p>' . $date . '</p>');
            echo('<p>Greeting:<strong>' . $salutation . '</strong></p>');
            echo('<p>First Name:<strong>' . $fname . '</strong></p>');
            echo('<p>Last Name:<strong>' . $lname . '</strong></p>');
            echo('<p>Email:<strong>' . $email . '</strong></p>');
            echo('<p>Tel:<strong>' . $tel . '</strong></p>');
            echo('<p>Add1:<strong>' . $add1 . '</strong></p>');
            echo('<p>Add2:<strong>' . $add2 . '</strong></p>');
            echo('<p>Add3:<strong>' . $add3 . '</strong></p>');
            echo('<p>Add4:<strong>' . $add4 . '</strong></p>');
            echo('<p>Enq:<strong>' . $enq . '</strong></p>');
            echo('<h2>XML Payload</h2>');
            echo('<pre>' . $xml . '</pre>');
            echo('<p>COINS API Response</p>');
            echo('<pre>' . $data . '</pre>');
            echo 'error:' . curl_error($ch);
            
    
        } else {
            echo('No Name Set');
        }
    
    • cUrl should definitely work fine in a snippet.

      I would add this at line 169 above:

      $modx->log(modX::LOG_LEVEL_ERROR, print_r($data, true));


      You should see what's returned from the cURL call, either your data, or an error message in the MODX error log.

      You could also look at what's happening on the Network tab in Chrome Dev. Tools or Firefox (Ctrl-shift-i). You can click on a line and drill down to see the request and the response.

      A couple of suggestions:

      First, your $xml lines might be faster and easier to maintain as a heredoc string assignment.

      Second, your echo statements should definitely be replaced by a single variable:

      $output = '';
      
      if(!empty($fname)){
          $output .= '<p>We will be sending the following payload into COINS<p>';
          $output .= '<p>' . $date . '</p>';
          $output .= '<p>Greeting:<strong>' . $salutation . '</strong></p>';
          // etc.
      } else {
          $output = 'No Name Set';
      }
      
      return $output;
      


      Don't forget to remove the closing ')'.

      The failure to have a return statement with the output could be part of your problem.
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/MODx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • Hi BobRay,

        Thanks for the advice.

        	
        $modx->log(modX::LOG_LEVEL_ERROR, print_r($data, true));


        Returned '[2017-06-08 12:53:56] (ERROR @ \www\core\cache\includes\elements\modsnippet\63.include.cache.php : 178) PHP warning: curl_error(): 23 is not a valid cURL handle resource'

        So I removed that reference to cURL. and now I don't get an error, but I also don't get anything back from $data.

        $modx->log(modX::LOG_LEVEL_ERROR, print_r('COINS--'));
        $modx->log(modX::LOG_LEVEL_ERROR, print_r($data, true));


        Returns 'COINS---' but nothing else. Again it's like curl isn't doing anything.

        Thanks,

        Chris.
        • Try replacing your curl_init() line with this, just to make sure cURL is working:

          if (curl_init() === false) {
             $modx->log(modX::LOG_LEVEL_ERROR, 'Curl init failed');
          } else {
             $modx->log(modX::LOG_LEVEL_ERROR, 'Curl init succeeded');
          }


          Also, add this line just before the curl_close($ch); line (*after* the exec line):

           $modx->log(modX::LOG_LEVEL_ERROR, curl_error ($ch));


          With the line below, you're asking to print a string, so that's all it's ever going to do. Maybe you meant to use a variable there, though I don't see a variable named $coins or anything similar in your code.

          $modx->log(modX::LOG_LEVEL_ERROR, print_r('COINS--'));
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/MODx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting