2

In HTML we can create a form and put input data then send it as POST to some destination; It means we send and redirect in the same time and the destination detect both as a same thing. I want to do same thing using cURL; Means when I use cURL to post data, then I should be able to redirect using something like header() and the destination behaves like the process has been done regularly with an HTML form.

Is it Possible ?!

PRO MAX
  • 87
  • 3
  • 11

2 Answers2

4

Yes you can have cURL follow redirects using the option:

curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

From the Manual:

CURLOPT_FOLLOWLOCATION

TRUE to follow any "Location: " header that the server sends as part of the HTTP header (note this is recursive, PHP will follow as many "Location: " headers that it is sent, unless CURLOPT_MAXREDIRS is set).

Community
  • 1
  • 1
MrCode
  • 63,975
  • 10
  • 90
  • 112
  • I saw that before, But I wasn't sure what it actually does... Thank you very much... – PRO MAX Jun 17 '13 at 13:16
  • Sorry, But I think enabling this option means the function will be able to follow url redirects by destination server, Doesn't it?! If so, It won't solve my problem anymore... – PRO MAX Jun 17 '13 at 13:23
  • I'm not sure what you're saying. If you make a curl request with this option on, any redirect by the target will be followed. – MrCode Jun 17 '13 at 13:57
0

What you want to do, I believe, is something like this:

Client --> Server A

           Server A --> POST --> Server B

Client <------------------------ Server B

so that, for example, the client could login to Server B without knowing the password, which is known to Server A.

If this is so, you can do something similar, but not exactly what you want (which could be something like OpenID, though, and solvable with OpenID).

You can have Server A do the POST and receive the answer, and send the answer to Client. Unfortunately, you probably can't set cookies (they would be valid for A subdomain, and they wouldn't be sent to Server B anymore) and sessions are likely not to work for similar reasons.

You might be able to have Server A working as a complete proxy: see this answer How can I scrape website content in PHP from a website that requires a cookie login? .

Payment gateway

Most banks have API to do exactly that (Paypal, even it's not a bank, does, and so does WorldPay).

One possible workflow is to send all the data to the bank, which responds with an unique ID. You then either show all the information yourself or (much preferred by the banks) the bank shows the information to the customers, when you redirect them using a special URL and the unique ID.

The customer can change the data in his form -- but all that he obtains is to abort the transaction, for the two data copies no longer agree, and he can't touch the copy you sent (other methods and workflows of course exist).

If your system works according to this workflow (or similar) and using the bank's own API and suggested practices, please disregard and accept my apologies: you're doing it right. But just in case you are not, well, please think it over.

Trying to craft a custom workflow with cURL is maybe possible (for some banks it is definitely possible), but it is suspiciously close to rolling your own cryptography, is likely to be less supported by the bank, and might trigger some anomaly detector on the bank's part (just to cite one, lots of payments would appear to come from the same IP address or range).

Community
  • 1
  • 1
LSerni
  • 55,617
  • 10
  • 65
  • 107
  • Actually I'm writing a payment gateway module and I'm to pass variables via HTTP POST and redirect user to the bank url. Already I have done this by creating a second PHP file wich contains a HTML Form and a javascript which submit the form automatically. But now for more security I don't want to use the same way and provide a form which clients could read the source and take the data. I thought that I can use cURL and then redirect in some way, So there is no data output and all things will done in PHP side. – PRO MAX Jun 17 '13 at 17:04