Php redirect to another page with POST data

Question

In my php application I just need to redirect the user to a specific url (a third party) with some POST data to get their service done.

The data should pass to that Url securely (As they are the login credentials to that third party system).

I tried to do this with cURL but it doesn't do any redirect to that specific page. It works fine if I post the form with hidden fields with the values set up. But anyone can see the posted data easilly by viewing "View page source" option in browser.

I am searching for a sloution for long time but still no luck. If someone can guide me would be really grateful. Thanks in advance...!!!!

Edits

I can not use session as this is a third party url and it asks to post the login credentials to enter to that page.

Functionality in breif,

What I have to do is all the user credantials are stored here in my system.
When user press a button it should redirect him to that url and should POST that credetials to enter to that external 3rd party page. At the time when user press the button he doen't have to enter credantials by a text box. Thats why I even can't hard code hiddenfield as its visible if go to "View page source" option in browser.

----------

Simply I am looking for a method (in php) which will redirect the user to a url while POSTING some data. It can be simply done by creating a FORM and having textinputs(Textboxes) to allow the user to enter the post information and submit.

But in my case I can not let the user to enter the POST information for textboxes and submit. It has to POST the data and redirect to a specified URL when user click a button. Tried to do it via cURL but it does not redirect user to the URI. Also If I add hiddenFields hardcoding POST values it is not secured as anyone can see the POST information by Browser "View Page Source" option.

Answer 1

Just make a form with number of fields equal to credentials. i.e. if you want to send username and password, do like this,

<form id="uform" action="" method="post">
        <input type="text" name="uname" id="uname" style="opacity:0;" />
        <input type="text" name="pass" id="pass" style="opacity:0;" />
    </form>

In file.php,

<php
var $_uname = "Required username";
var $_pass = "Required password";
echo $_uname.",".$_pass;
?>

Then in your javascript, In the button click event, Get this form and set the values of input fields. Then submit the form,

<script>
var ajax = new XMLHttpRequest();
ajax.open("GET","file.php",true);
ajax.send();

ajaxRequest.onreadystatechange = function(){
    if(ajaxRequest.readyState == 4){
    var dt = ajax.responseText;
    dtsp = dt.split(",");
    var frm = document.getElementById("uform");
    var inp1 = document.getElementById("uname");
    var inp2 = document.getElementById("pass");
    inp1.value = dtsp[0];
    inp2.value = dtsp[1];
    frm.action = 'Url of the site to redirect to';
    frm.submit();
    }
}

    </script>

Then In the second site on which the user is redirected, if you want to get the data, do this,

<php
$uname = $_POST["uname"];

$pass = $_POST["pass"];
?>

And here u go. You will have the data transferred from one site to other safely.

Answer 2

You can send it through session,

At 1st site do this,

<?php
        session_start(); 
        $_dt = 'data to send';
        $_SESSION['dt'] = $_dt;
    ?>

In second do this,

<?php
     session_start(); 
        $_dt = $_SESSION['dt']
?>

Data will be in $_dt.

Answer 3

If you need to send data associated with a user to a third party without giving that data to the user, then you need to use a process along these lines:

• Send the data using server side code
• Get a token to identify that set of data (you can include it in the data you send originally, or get it from the response from the third party site)
• Redirect the user to the third party site and include the token in the URL

Obviously, this requires the co-operation of the third party site.

Update after a comment was added to the question:

This is a third party url and it asks to post the login credentials to enter to that page. Therefore session is not going to work here.

It sounds like you are trying to let users login as you without giving them the credentials. That is impossible.

Answer 4

function do_post_request($url, $data, $optional_headers = null)
{
  $params = array('http' => array(
              'method' => 'POST',
              'content' => $data
            ));
  if ($optional_headers !== null) {
    $params['http']['header'] = $optional_headers;
  }
  $ctx = stream_context_create($params);
  $fp = @fopen($url, 'rb', false, $ctx);
  if (!$fp) {
    throw new Exception("Problem with $url, $php_errormsg");
  }
  $response = @stream_get_contents($fp);
  if ($response === false) {
    throw new Exception("Problem reading data from $url, $php_errormsg");
  }
  return $response;
}

(you can also use ajax) ;)

Answer 5

Have you considered either:

a) encrypting it with javascript or a java app - which is how my bank used to do it..

b) post the variables back to itself, encrypt them, assuming it encrypts, then bounce the page on to the new page with the encryted variables..

The only problem with encryption is you need to be able to unencrypt it to give it to the 3rd party app unless they accept specific encoding, in which case if you can unencrypt it, someone else will work out how.