API no longer working with PHP curl or file_get_contents

[Mat Bourne]

Hi,

I've been developing an app in PHP that uses the Change.org API to pull in petition information and up until a couple of days ago this was working fine. It appears the developers part of the Change.org site is also not working also...

I am using curl to send the API request and have debugged it as far as checking that the correct URL is being provided to curl. The URL being provided is correct and when echo'd out and tested in a web browser, the JSON data is showing. However, all curl is receiving appears to be some 'header' information, please see var_dump below:

string(922) "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="Content-Script-Type" content="text/javascript"><script type="text/javascript">function setCookie(c_name, value, expiredays) { var exdate = new Date(); exdate.setDate(exdate.getDate()+expiredays); document.cookie = c_name + "=" + escape(value) + ((expiredays==null) ? "" : ";expires=" + exdate.toGMTString()) + ";path=/"; } function getHostUri() { var loc = document.location; return loc.toString(); } setCookie('YPF8827340282Jdskjhfiw_928937459182JAX666', '2.98.171.151', 10); setCookie('DOAReferrer', document.referrer, 10); location.href = getHostUri();</script></head><body><noscript>This site requires JavaScript and Cookies to be enabled. Please change your browser settings or upgrade your browser.</noscript></body></html>

"

This response is then causing what appears to be an infinite redirect on my site. Hope someone can help...

Thanks in advance!

Mat

[Eric Lukoff]

Hi Mat --

We see that problem as well. We'll look into it and get back to you. Thanks,

Eric

Eric Lukoff

Product Manager
Change.org

[Eric Lukoff]

Mat - this should be working again now. Please let me know if you continue to have problems. Thanks!

Eric

[br...@weareo3.com]

I hate to respond to an existing thread for something a tad off topic, but Google Groups is not allowing me to post a new thread (saying that I am using an invalid tag even though I am clicking the suggested ones... I have emailed you about this issue). But, I must get an answer to some of these issues I'm having.

I'm having a peculiar issue that hopefully someone has some insight into. I created a test petition, plugged in the API on our end and are hosting a form on our website. Filling out the form does yield a successful API submission into Change.org. However, even as JSON returns success for the API call, some entries are simply not logged. I'm getting around a 25% success rate with the submissions (submitting multiple times with different information without changing any back end code).

There are even some instances where a submission will be successful (with a comment), the comment will be posted to the petition but the signature is not logged.

Also, the state/province field, although I am setting it correctly in code, does not get posted to the petition (even though I am following the example set by the official documentation).

One other issue... When I submit a first name and a last name along with an email address that has been used at some other point in Change.org, under the Petition signers for my petition exists the first and last email of the FIRST (global change.org) submission with that name. Example, submitting per...@example.com returns a first and last name of "meow pie" regardless of what you submit. In production, this is obviously less of an issue but at least the download signatures uses the name used at time of submission).

The URL to the petition is: http://www.change.org/petitions/testing-54-testing-54

Seems to be quite a few bugs going on.

Any insight?

[Eric Lukoff]

Hi Brian, I've created a new thread for this, and quoted your post below.

I'm sorry to hear you're having trouble with the API. It would be really helpful to have code examples of what exactly you're doing that produces the results you've described. Can you paste in examples, obfuscating your secret token?

Thanks,

Eric

[br...@weareo3.com]

I honestly have no idea what's going on, but I can't seem to reply to you Eric... alas (I hate to do this, but seems the only way I can actually get something to post here)...

It looks like it was working earlier tonight but I just tested again (without changing code) and we're back where we started. It won't post every time, but some of the time. Even then, it puts weird data onto the change.org website.

Here's what we have.

My Code:

Enter code here...      function goToChangeOrg($entry,$form) {

echo "START FORM ENTRY OUTPUT...\r\n";

print_r($entry);

// Set my API key and secret token.

$api_key = '***';

$secret = '***';

// Set my authorization key for petition with Change.org ID 12345.

$petition_auth_key = '***';

$petition_id = 1078318;

// Set up the endpoint and URL.

$base_url = "https://api.change.org";

$endpoint = "/v1/petitions/$petition_id/signatures";

$url = $base_url . $endpoint;

// Set up the signature parameters.

$parameters = array();

$parameters['api_key'] = $api_key;

$parameters['timestamp'] = gmdate("Y-m-d\TH:i:s\Z"); // ISO-8601-formtted timestamp at UTC

$parameters['endpoint'] = $endpoint;

$parameters['source'] = '***';

$parameters['email'] = $entry[3];

$parameters['first_name'] = $entry[1];

$parameters['last_name'] = $entry[2];

$parameters['address'] = $entry[4];

$parameters['city'] = $entry[5];

$parameters['state_province'] = $entry[6];

$parameters['postal_code'] = $entry[7];

$parameters['country_code'] = 'US';

$parameters['reason'] = $entry[8];

if($entry['9.1'] == "true") {

$parameters['hidden'] = false;

} else {

$parameters['hidden'] = true;

}

echo "OUTPUTTING PARAMETERS...\r\n";

print_r($parameters);

// Build request signature.

$query_string_with_secret_and_auth_key = http_build_query($parameters) . $secret . $petition_auth_key;

// Add the request signature to the parameters array.

$parameters['rsig'] = hash('sha256', $query_string_with_secret_and_auth_key);

// Create the request body.

$data = http_build_query($parameters);

// POST the parameters to the petition's signatures endpoint.

$curl_session = curl_init();

curl_setopt_array($curl_session, array(

CURLOPT_POST => 1,

CURLOPT_URL => $url,

CURLOPT_POSTFIELDS => $data

));

$result = curl_exec($curl_session);

// Output  the returned JSON result.

echo "OUTPUTTING RESULT: " . $result;

}

And this is what is returned when executed:

START FORM ENTRY OUTPUT...

Array

(

   [1] => Person

   [2] => Example 34

   [3] => person293833@example.com

   [4] => 123 Main St.

   [5] => Honolulu

   [6] => HI

   [7] => 82383

   [8] => This is a comment on change.org

   [9.1] => true

)

OUTPUTTING PARAMETERS...

Array

(

   [api_key] => ***

   [timestamp] => 2013-04-05T03:28:52Z

   [endpoint] => /v1/petitions/1078318/signatures

   [source] => ***

   [email] => person293833@example.com

   [first_name] => Person

   [last_name] => Example 34

   [address] => 123 Main St.

   [city] => Honolulu

   [state_province] => HI

   [postal_code] => 82383

   [country_code] => US

   [reason] => This is a comment on change.org

   [hidden] =>

)

{"result":"success"}OUTPUTTING RESULT: 1

This actually posted to Change.org, but if you take a look at the test campaign, the signature is from Person Example 34, but lists their city as Boryslav with no state/province. 

It should be noted that I submitted once before under another name/email combo... the script resulted with "success" but didn't post. Posted again with the same information and did not get a "user has already signed this petition" error, instead, got "success" again of which it posted to change.org that time around.

Definitely something strange going on.

[br...@weareo3.com]

It's acting up again this morning. You can see that a comment has been posted by a fake account "John Anderson" which was submitted via API with "success" being returned, however, he does not show up in the Signatures list (either on the website or the downloaded CSV). 

Using same code as above.

[Eric Lukoff]

Hi Brian - Thanks for providing additional detail. We'll try to take a look as soon as we can.

Eric