Subscribe to PHPList via HTTP

Update: This script was turned into a plugin for wordpress. Read more in our wordpress/phplist integration section

PHPList is a excellent newsletter manager. Currently as of version 2.10.2, there is no API available to allow easy interaction with other third-party scripts. This page details how you can interact with PHPList via HTTP using the PHP and the cURL php library.

In my particular case, I wanted an use an existing php form to automatically add a user to the PHPList database. There are two general approaches to accomplish this –

1) Interface directly with the PHPList database to insert the user’s data
2) Simulate a post to the PHPList suscriber form

Solution #2 is the preferred solution because in theory, any changes to subsequent versions of PHPList should not affect this scripts operation. (Keep in mind however, that it’s possible this code will not work with subsequent versions).

The code is fairly straightfoward and original credit for the code goes to Rich C. of the phplist forums. The code uses the cURL library to simulate a post to the default subscriber form that is included with the PHPList installation. See instructions below for usage and further explanation.



/* LCsub.php —
Purpose: Remote List Control via HTTP, subscribe function
Original Author: Rich C. 8/8/05
Modified by: Jesse Heap 1/3/2006

With PHPList installed this procedure can be use to
subscribe a user using the HTTP command.  The procedure works
by simulating a POST to the default subscribe page.  It requires
the CURL PHP library.

LCsub.php — will subscribe a user


(we assuming list #1, master password is "plist")


This will subscribe John Doe to the email list; note that the
‘@’ sign has been replaced here by %40 which is needed by most
web servers.


This will subscribe John Doe to the email list, but also add
user data for him, namely John’s first name, last name, and
state, which must be set up as phplist attributes for List #2


Just copy this script to the home directory of phplist, the lists folder.

To configure, just replace the values below for settings with the
location of your phplist installation, and a working admin password
for this installation.



// CONFIGURATION SETTINGS.  Set them up for your host
$domain = "";
$lid = 1;                                 // lid is the default PHPlist List ID to use
$masterpassword = "yourmasterpassword";       // Master password prevents unauthorized calls to script
$login = "admin";                       // phplist admin Login
$pass = "yourphpplistassword";             // phplist admin password
$skipConfirmationEmail = 1;               // Set to 0 if you require a confirmation email to be sent.
//TODO: Put in check to only allow script to be called from authorized domains
// 1) Retrieve the password parameter supplied in http request
$pwd = $_GET[‘pwd’];

if ($pwd == $masterpassword) {              // make sure password matches
echo("Master Password was correct.<br>");   //debug code, ok to remove

// 2) if script password is correct, then retrieve other parameters
   $ary = explode(‘&’, $_SERVER[‘QUERY_STRING’]);
   $i = 0;
      $post_data = array();
   while ($i < count($ary)) {
      $getArray = split(‘=’, $ary[$i]);    
       // Set each GET value pair to the post_data associative array in preperation for the POST
      if (strcasecmp(urldecode($getArray[0]),‘pwd’)!=0) { // Ignore PWD parameter – not needed for POST
         $post_data[urldecode($getArray[0])] = urldecode($getArray[1]);
   // Ensure email is provided
   $email = $post_data[’email’];
   $tmp = $_GET[‘lid’];
   if ($tmp != ) {$lid = $tmp; }   //user may override default list ID
   if ($email == ) {
         echo(‘You must supply an email address’);

// 3) Login to phplist as admin and save cookie using CURLOPT_COOKIEFILE
// NOTE: Must log in as admin in order to bypass email confirmation
   $url = $domain . "admin/?";
   $ch = curl_init();
   $login_data = array();
   $login_data["login"] = $login;
   $login_data["password"] = $pass;
   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_URL, $url);    
   curl_setopt($ch, CURLOPT_POSTFIELDS, $login_data);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   curl_setopt($ch, CURLOPT_COOKIEFILE, "/tmp/nofileneeded.txt"); //Enable Cookie Parser.  
   //File does not need to exist – for more info
   $result = curl_exec ($ch);
//   echo("Result was: $result<br>"); //debug

// 3) Now simulate post to subscriber form.  
   $post_data["emailconfirm"] = $email;
   $post_data["htmlemail"] = "1";
   $post_data["list[$lid]"] = "signup";
   $post_data["subscribe"] = "Subscribe";
   $post_data["makeconfirmed"] = $skipConfirmationEmail;  //If set to 1 it will confirm user bypassing confirmation email
   $url = $domain . "?p=subscribe";

   curl_setopt($ch, CURLOPT_POST, 1);
   curl_setopt($ch, CURLOPT_URL, $url);    
   curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      $result = curl_exec ($ch);
   echo("Result was: $result<br>");
//) Clean up

}  // end of if clause

else {
echo("Password not supplied.");

// close the php tag