Results 1 to 13 of 13
  1. #1
    Join Date
    Mar 2008
    Posts
    606

    POST with curl, and redirect to that site ?

    i still haven't found any answer to this...

    it seems pretty simple.

    write now if i submit a form to a login page on some site,

    it will return the output to my browser.

    however, i would like to be redirected to the remote site, because i find all the links are now http://myserver.com/index.php instead of http://somesite.com/index.php


    any help would be greatly appreciated.

  2. #2
    Join Date
    Mar 2004
    Location
    USA
    Posts
    4,342
    How are you redirecting?

    Insure you enter entire URL, for example:

    header('Location: index.php');

    should be:

    header('Location: http://somesite.com/index.php');

    Peace,
    Testing 1.. Testing 1..2.. Testing 1..2..3...

  3. #3
    Join Date
    Mar 2008
    Posts
    606
    yes doing that will invoke GET, which will completely ignore all the POST vars.

    the problem is that my webserver running the script and the remote site are communicating.

    my browser is completely unaware.

    i suspect i'd need javascript. but i dont know any

  4. #4
    Join Date
    Oct 2005
    Posts
    289
    You need to understand that POST is only used on actions that create or perform an update. That is, POST have side effects.

    GET on the other hand is simply for reading. Ideally.

    From what I gather, you seem to need a reverse proxy. Investigate on how to use mod_rewrite of apache for example. Research on reverse proxy as it will provide you a means to hide a website behind another website transparently to you users.

    I wouldn't recommend doing curl or javascript; higher maintenance, higher security risks.

  5. #5
    Join Date
    Oct 2004
    Location
    Shimonoseki
    Posts
    2,101
    Before you send the data to remote server, do you use FORM to collect POST data, or creating the data via PHP (from database etc.)?
    Closed for winter...

  6. #6
    Join Date
    Mar 2008
    Posts
    606
    Quote Originally Posted by BurakUeda View Post
    Before you send the data to remote server, do you use FORM to collect POST data, or creating the data via PHP (from database etc.)?
    database.

    the script will POST onto a remote site.

    the results can be returned via echoing

    however, of course the user's browser is completely unaware of this when they go to that remote site, they will find that they are not logged in.

  7. #7
    Join Date
    Oct 2004
    Location
    Shimonoseki
    Posts
    2,101
    hmmm...
    One thing I can think of is this:
    • Send login data to remote site, and receive the response (result). You can either fopen/fget or cURL.
    • Extract the PHP session ID from the result and put it in a variable like $session.
    • Redirect the user to the remote site, with the session ID:
      header("location: http://website.tld/after_succesful_login_page.php?PHPSESSID=$session")

    However, this will not work if the remote site are not using sessions(or not using PHP altogether), have a custom PHP session ID or have some kind of session hijacking protection.
    Closed for winter...

  8. #8

    My Input

    This sounds like a crazy idea. Why don't you just login to the final website at the outset? Why redirect? Just put an inline frame in your webpage with the remote webpage displaying its own login form.

  9. #9
    Join Date
    Mar 2008
    Posts
    606
    reverse proxy might do the trick. session id tiy are right most sites have session hijaking and stuff.....

    check out http://www.clipperz.com

    they do the exact thing im talking about.

  10. #10
    Join Date
    Jun 2007
    Posts
    55
    Does anyone know how to solve this?

    I have a very similar problem.

    Using ecommerce site.

    I post data to 3rd party ecommerce site using curl

    I get response but went I redirect to site for client to complete order, it throws an error message on their side.

    If I simply use hidden fields and post, it works fine but I pass some data across I don't want users to see.

    I also tried to set return_transfer to 1 and the correct page is displayed (albeit with www.site.com instead of www.3rdpartysite.com) but even though I take the session ID and stuff from the header and set cokkies on the user's browser with this, When they try to proceed beyond this page, the 3rd party site gives a message suggesting the session has expired.

  11. #11
    Join Date
    Jun 2007
    Posts
    55
    OK.

    I can now see what I want can't be done as I cannot transfer my server connection to the 3rd party site to the user browser instead.

  12. #12

    Javascript solution

    I use this solution
    <script language="javascript" version="1.3" type="text/javascript">
    function postwith (to,p) {
    var myForm = document.createElement("form");
    myForm.method="post" ;
    myForm.action = to ;
    for (var k in p) {
    var myInput = document.createElement("input") ;
    myInput.setAttribute("name", k) ;
    myInput.setAttribute("value", p[k]);
    myForm.appendChild(myInput) ;
    }
    document.body.appendChild(myForm) ;
    myForm.submit() ;
    document.body.removeChild(myForm) ;
    }
    </script>
    <body onload="postwith('hxtp://urlropost.com',{key:value,key1:value1});">

  13. #13
    thanks for the code

    var myInput = document.createElement("input") ;('Location: index.php');

    myInput.setAttribute("name", k) ;
    myInput.setAttribute("value", p[k]);

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •