How to send a request to hide the password?

There is such a line,
https://СМС_ПРОВАЙДЕР/http_send.php?user=ЛОГИН&pass=ПАРОЛЬ&or_id=ПОДПИСЬ&phone=ТЕЛЕФОН&message=БЛА_БЛА_БЛА

substitute the data, go to the link and voila!
But you need to embed that in a form to send client data to the server (name, phone....to send).
The first thing that came to mind, to alter a string in JavaScript, then it should be such as to conceal the password and login so that the client could not learn, for example through the browser console after clicking on submit to send faster.
Tell me how to solve?
March 12th 20 at 08:43
3 answers
March 12th 20 at 08:45
PHP curl() and send from the server a request to send SMS.
<?PHP
 $connection = curl_init();
 curl_setopt($connection, CURLOPT_URL, "https://СМС_ПРОВАЙДЕР/http_send.php?user=ЛОГИН&pass=ПАРОЛЬ&or_id=ПОДПИСЬ&phone=ТЕЛЕФОН&message=БЛА_БЛА_БЛА
");
curl_exec($connection);
curl_close($connection);
?>

So? - clyde_Hauck commented on March 12th 20 at 08:48
@clyde_Hauck, well if it works so) - Fredy commented on March 12th 20 at 08:51
@Fredy, does not work.
it works, but I don't know how so safely:
$headers = stream_context_create(array(
 'http' => array(
 'method' => 'POST',
 'header' => 'Content-Type: application/x-www-form-urlencoded' . PHP_EOL,
 'content' = > 'https://СМС_ПРОВАЙДЕР/http_send.php?user=ЛОГИН&pass=ПАРОЛЬ&or_id=ПОДПИСЬ&phone=ТЕЛЕФОН&message=БЛА_БЛА_БЛА
',
),
));
- clyde_Hauck commented on March 12th 20 at 08:54
@clyde_Hauck, the client (browser) will not see the password because it asks for a server.
Or about safety, talking about something else? - Fredy commented on March 12th 20 at 08:57
@clyde_Hauck,
$url = "https://СМС_ПРОВАЙДЕР/http_send.php?user=ЛОГИН&pass=ПАРОЛЬ&or_id=ПОДПИСЬ&phone=ТЕЛЕФОН&message=БЛА_БЛА_БЛА";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, THIS, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

$result = curl_exec($ch);
curl_close($ch);

print_r($result);
- Mohamed99 commented on March 12th 20 at 09:00
@Mohamed99, it is strange that the password - in the line... and not a token. - Fredy commented on March 12th 20 at 09:03
@Fredy, Yes, I'm talking about the password out - clyde_Hauck commented on March 12th 20 at 09:06
@clyde_Hauck, If the API is not yours, no options. And if Your modify the authorization token. - Fredy commented on March 12th 20 at 09:09
@Mohamed99, made Your option. Thank you! - clyde_Hauck commented on March 12th 20 at 09:12
March 12th 20 at 08:47
You need to a form which will send to some sort of file example the following form
<form action="sms.php" method="post">
<input type="tel" name="phone" >
<input type="tel" name="msg" >
<button href="" type="submit" name="send_sms" >

And this is the contents of the file sms.php
if (isset($_POST['send_sms'])) {
 $phone = strip_tags($_POST['phone']);
 $msg = strip_tags($_POST['msg']);

$request_params = [
 'id' => '38887',
 'key' => '2E312486098743932',
 'to' => "$phone",
 'from' => "sms-info",
 'text' => "$msg",

];

$url = "http://api.bytehand.com/v1/send?".http_build_query($request_params);
file_get_contents($url);


But the finished form in php you var dump to see what and how (it is just for the example file sms.php imposed over the shape)
<?php

if (isset($_POST['send_sms'])) {
 $phone = strip_tags($_POST['phone']);
 $msg = strip_tags($_POST['msg']);

$request_params = [
 'id' => '38887',
 'key' => '2E312486098743932',
 'to' => "$phone",
 'from' => "sms-info",
 'text' => "$msg",
 'send_after' => "0"
];


$url = "http://api.bytehand.com/v1/send?".http_build_query($request_params);

file_get_contents($url);
var_dump($url);


}
?>

<!doctype html>
<html lang="en">
the <head>
 <meta charset="UTF-8">
 <meta name="viewport"
 content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
 <meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>Document</title>
</head>
the <body>
the <div>
the <div>Choose directories:</div>
<form action="" method="post">
<input type="text" value="" name="phone" placeholder="Enter phone number">
<input type="text" value="" name="msg" placeholder="Enter text">
<input type="submit" value="Send SMS" name="send_sms">
</form>
</div>
</body>
</html>
sometimes just not so good.
if on the account will be 15 thousand rubles, the speed with which I can pull ? - Silas commented on March 12th 20 at 08:50
particularly pleased that in your version I can for free to produce the newsletter, as
the number of the SMS alert comes in the form of the argument ;) - Silas commented on March 12th 20 at 08:53
@Silasif you write faster on average of 60,000 words))))))), over time - clyde_Hauck commented on March 12th 20 at 08:56
well advised right. to send from your scripts on the server, but
before you pull the IPA gate to check that it is not a double,
consider a quota on the ip . to fold the incoming posts to the database.
in General, keep a log . with the results from the response of the gate. - Silas commented on March 12th 20 at 08:59
@Silas, And how you can do it? if the form is hidden and what and where it sends you not know and see this, too, is impossible =) If possible, show how. - Shawna.Crist commented on March 12th 20 at 09:02
ctrl+shift+i
the network tab
the checkbox preserve log - Silas commented on March 12th 20 at 09:05
In addition to this form, I saw nothing phone=7915555555&msg=CVC&send_sms=%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C+%D0%A1%D0%9C%D0%A1

Can you show a short video?
I really wonder how you will be able to see if there is https://
instead of http://
Thank you for your answer! - Shawna.Crist commented on March 12th 20 at 09:08
March 12th 20 at 08:49
Why the request for sending SMS should be sent by the client?

If it is a form of registration / login, the client POST request sends data to the server and the server decides to send an SMS / do not send (and if you already sent, and if the client exceeded the limit, but if...).

With this approach your data to interact with the API of the SMS provider will not be compromised.
Show how you supramentality is a standard request.
If it's about the form at the bottom of it for example and see php on the server I don't know of a single case. Form fact that at the bottom is an example file sms.php shall be taken separately. - Shawna.Crist commented on March 12th 20 at 08:52

Find more questions by tags JavaScriptPHP