db-post.php

<?php

// The URL where the test-auth.php script resides.
define("POST_DATA_TO_URL", "http://someurl/my-script.php");

// Function to send value to my-script.php script via cURL with digest authentication.
function submitValue($myValue) {
	$ch = curl_init(POST_DATA_TO_URL);
	curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);
	curl_setopt($ch, CURLOPT_USERPWD, "admin:mypass");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, "myValue=$myValue");
	
	$output = curl_exec($ch);
	
	if (curl_getinfo($ch, CURLINFO_HTTP_CODE) != '200') {
		return null;
	}
	return $output;	
}

answer(30);
say("Hello, welcome to my sample application.", array("bargein" => false));

// Prompt the caller for the extension they want to call.
$event = ask("Please enter a 5 digit zip code.", array("choices" => "[5 DIGITS]", "choiceMode" => "dtmf", "repeat" => "3", "timeout" => "5"));

if($event->name == 'choice') {
	_log("*** User entered ".$event->value." ***");
	$result = submitValue($event->value);
	
	if($result == "SUCCESS") {
		say("Thank you. Goodbye", array("bargein" => false));
		hangup();
	}
	else {
		_log("*** $result ***");
		say("Sorry, there was a problem. Goodbye", array("bargein" => false));
		hangup();
	}
}

?>

my-script.php

<?php
/*
 * Simple Digest Authentication script for accepting HTTP POSTs from Tropo.
 * Modified from example in PHP Manual - http://php.net/manual/en/features.http-auth.php
 */

// Function to parse the http auth header.
function http_digest_parse($txt) {
    // protect against missing data
    $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
    $data = array();
    $keys = implode('|', array_keys($needed_parts));

    preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);

    foreach ($matches as $m) {
        $data[$m[1]] = $m[3] ? $m[3] : $m[4];
        unset($needed_parts[$m[1]]);
    }

    return $needed_parts ? false : $data;
}

define("REALM", "My Restricted area");

// A simple aray to hold usernames and passwords.
$users = array('admin' => 'mypass', 'guest' => 'guest');

if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
    header('HTTP/1.1 401 Unauthorized');
    header('WWW-Authenticate: Digest realm="'.REALM.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5(REALM).'"');
    die('Not authorized!');
}

// Analyze the PHP_AUTH_DIGEST variable.
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']]))
    die('Wrong Credentials!');

// generate the valid response
$A1 = md5($data['username'] . ':'.REALM.':' . $users[$data['username']]);
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

// If the wrong credentials are given, respond with a 403.
if ($data['response'] != $valid_response) {
	header('HTTP/1.1 403 Forbidden');
	die('Wrong Credentials!');
}

// Otherwise, sanitize the submitted value and insert into a MySQL database.
else {
	
	try {
	
		$conn = mysql_connect('host', 'username', 'password');
		$myValue = mysql_real_escape_string($_POST['myValue'], $conn);
		mysql_select_db('my-database', $conn);
	
		if(mysql_query("INSERT INTO my-table values ($myValue)", $conn)) {
		header('HTTP/1.1 200 OK');
		echo "SUCCESS";
		}
		else {
			throw new Exception(mysql_error());
		}
		
	}
	catch (Exception $ex) {
		header('HTTP/1.1 500 Internal Server Error');
		echo "FAILURE: ".$ex->getMessage();
	}
}


?>