Automation

I'm still a little stuck on how to send data to my arduino. I have the arduino uploading data to my php script to then go into a database, this works fine. I also want to allow my arduino to get a string that will then trigger an event on the arduino (light on/off).

My first approach was to just get a string from the php script and use findtext to see if its on or off but this seemed more like a hack way of doing it.

I know i can run a webserver on the arduino but this seems a little insecure with anyone being able to connect to it.

Any ideas arduino people?

You are worried hackers will turn your Arduino's light on and off? I think they might have bigger fish to fry cough CIA cough.

Wouldn't you be on a private subnet? (Like, behind a router?)

Getting a string from serial input would be a reasonable way. I don't know why that would be a hack. If you send "on" and it turns the light on, what is wrong with that?

It would be connected to the internet because I plan to connect to it from a different location than my lan, and I’m not so worried about them turning my lights on and off as opposed to the fact people can connect to something of mine when I don’t wish for them to do so, not to mention the potential fire hazard if someone tried to short it or just break it by constantly turning it on and off.

Well my current one read through all of the HTML output until it found a string ie

and then it would read the next character until it hit
and output it to me. To me it just seemed like it was doing more work than it needed.

Well my current one read through all of the HTML output until it found a string ie

Yes but a web browser does that, not a web server. Web browsers read HTML, web servers create it.

Carlo060: I'm not so worried about them turning my lights on and off as opposed to the fact people can connect to something of mine...

So..., check what people are doing and make it harder to do any harm.

Introduce a username/password in your project and log all entries to see who's trying to log in for example. Log all changes of settings of your project to see how... it is operated. Limit the nr. of logins to once every 20 seconds to prevent automated attacks. Let your project send you a message after x faulty logins...

But doing all that is a waste of time. Why make something vulnerable and then secure it when you can just not make it vulnerable in the first place. If I don't allow connections to it, and specify who it connects to thats better than allowing it to receive commands and then try and password it etc..

I was kind of hoping I could allow it to connect to my server, upload its data and then receive a response, but it looks like I will just have to have it upload the data and then have the php display the response and have the arduino find it.

This sounds like you are having more of an IT problem than an Arduino problem. Mainly, you are looking for some way to securely connect to your arduino from a computer from very large distance. As far as I know, unless you figure out some form of complicated Radio control using a HAM radio (Which requires a license), if you want to be able to control your device from your PC that isn't in the room with the device, you'll need to use the internet. This just means setting up proper security.

Carlo060: I also want to allow my arduino to get a string that will then trigger an event on the arduino (light on/off).

Where does the string originate? Is it returning status data relating to the upload, or something initiated by another person, or what?

Carlo060: not to mention the potential fire hazard if someone tried to short it or just break it by constantly turning it on and off.

And here is another point where you may be looking at risk in the wrong way - if those are your concerns, you need to build the appropriate safety into your systems beyond the remote control function. If it should not be switched frequently, well you build in a limit to prevent this by whatever cause and if it might be a fire hazard, you deal with it as a fire hazard.

So I have an arduino connected to sensors and it is uploading this sensor data to my php script which then puts it in a database. This is all fine and easy. The thing that is the issue is I want to be able to turn on a single relay via the internet which then turns on a lamp. So when I change a variable via the internet, this then triggers the lamp to turn on and the arduino continues uploading sensor data.

I'm not needing HAM or anything, the issue isnt with it being on the internet. I just wouldn't want to have it running a server where anyone could potentially connect to it and upload data. With the arduino connecting to my server, and the server being secure, only I can change the input, instead of the arudino being open to connections and needing securing.

So I think I am going to go with the approach of letting it search for the number in the php data. Would this mean I have to constantly loop the connection to the webpage in order to check for updates? Ie if it uploaded data one every 15 minutes, it would then check for the light status and turn it on?

Thanks for the help guys

Don't most of the Ethernet shields allow you to set up a fairly sophisticated webserver? Or possibly look into the new Yun. I thought these actually had a lot of the security features you are looking for, IE secure webserver, though I don't have personal experience with them yet.

I really think what you want to do is create a secure webserver, and I thought the arduino ethernet stuff allowed you to do that without extra hardware.

In my mind having a little board hooked up to the internet waiting to receive commands is a bad idea, and much less safe than having the little board connect to a specific place and fetch the command.

I would like the speed a webserver would offer, with it being able to sleep until a connection is established, but then if it were to be behind a router I would have to ensure all ports were forwarding correctly for someone to be able to connect, where as connecting to a webserver required no setup, however it must constantly connect and check the data.

Here's my take.

Put all your security in your PHP server. When you want to turn the lamp on or off, connect your client browser to your PHP server and let it take care of the username/password etc. Set a 'relay' flag in your PHP database.

Then, when your Arduino uploads it's datalog to the PHP server, have the PHP server reply based on the database 'relay' flag.

The Arduino can then check to make sure it hasn't already turned the lamp on or off in the last half hour (or whatever), and if not, go ahead and flip the relay as PHP is asking it to.

So I think I am going to go with the approach of letting it search for the number in the php data. Would this mean I have to constantly loop the connection to the webpage in order to check for updates? Ie if it uploaded data one every 15 minutes, it would then check for the light status and turn it on?

You just need to run client code on the arduino, and have the arduino download the current light control data from your main server. On your main server you could use what ever method you want to update the current control data. The arduino would download the data at the desired time intervals, and then do things based on the data . The data can be in a simple text file. The bottom client code downloads a simple file made with notepad contains only the below text.

Woohoo! Your arduino ethernet client works!
zoomkat

//zoomkat 9-22-12
//simple client test
//for use with IDE 1.0.1
//with DNS, DHCP, and Host
//open serial monitor and send an e to test
//for use with W5100 based ethernet shields
//remove SD card if inserted

#include <SPI.h>
#include <Ethernet.h>

byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; //physical mac address

char serverName[] = "web.comporium.net"; // zoomkat's test web page server
EthernetClient client;

//////////////////////

void setup(){

  if (Ethernet.begin(mac) == 0) {
    Serial.println("Failed to configure Ethernet using DHCP");
    // no point in carrying on, so do nothing forevermore:
    while(true);
  }

  Serial.begin(9600); 
  Serial.println("Better client test 9/22/12"); // so I can keep track of what is loaded
  Serial.println("Send an e in serial monitor to test"); // what to do to test
}

void loop(){
  // check for serial input
  if (Serial.available() > 0) //if something in serial buffer
  {
    byte inChar; // sets inChar as a byte
    inChar = Serial.read(); //gets byte from buffer
    if(inChar == 'e') // checks to see byte is an e
    {
      sendGET(); // call sendGET function below when byte is an e
    }
  }  
} 

//////////////////////////

void sendGET() //client function to send/receive GET request data.
{
  if (client.connect(serverName, 80)) {  //starts client connection, checks for connection
    Serial.println("connected");
    client.println("GET /~shb/arduino.txt HTTP/1.1"); //download text
    client.println("Host: web.comporium.net");
    client.println(); //end of get request
  } 
  else {
    Serial.println("connection failed"); //error message if no client connect
    Serial.println();
  }

  while(client.connected() && !client.available()) delay(1); //waits for data
  while (client.connected() || client.available()) { //connected or data available
    char c = client.read(); //gets byte from ethernet buffer
    Serial.print(c); //prints byte to serial monitor 
  }

  Serial.println();
  Serial.println("disconnecting.");
  Serial.println("==================");
  Serial.println();
  client.stop(); //stop client

}

Exactly what I needed thanks Zoomcat! Should I then use the arduino to search the string it gets from the php script to check the value of the lamp ie 0=off 1=on

It doesn't need to be 'constant'. At worst, it needs to be frequent enough to keep the latency acceptably low. But if you are particularly concerned about latency then you could implement a long-running query on your public web server so that the Arduino can submit the HTTP request and then wait until either the server has an event to send it, or the server times out the request and sends a 'nothing yet' reply (so that the Arduino can then re-submit the query). This approach was popular during the early days of AJAX. It's less popular now but still viable and appropriate if you have a client that doesn't have support for the more general communication frameworks that are available now.

Or you can just use UDP and have the web server send a packet to the arduino at whatever interval you deem necessary to tell it what state the light is supposed to be in.

wildbill: Or you can just use UDP and have the web server send a packet to the arduino at whatever interval you deem necessary to tell it what state the light is supposed to be in.

That takes you back into the situation where your Arduino has to be exposed to the internet. If the Arduino acts as a client fetching data from a server then it doesn't need to be exposed to the internet and is implicitly secured by the fact it has control over which server it is communicating with, and that server can be used to provide whatever authentication and access controls may be required.