Do Response to Https POST Request coming from Client Site in PHP

Question

I have a central Web Site (A) which will secure with SSL.

Other Client Sites (lets say B, C, D, E .....) will connect to this site A.

Requirement is to send a HTTPS POST request to Site A from Site B (or C,D,E.....).

Request will have parameters as

WEBSITEKEY=keyvalue;

then the Site A must give a response to this request.

Response should have a essential one parameters as,

SECUREKEY=key-value-secure;
Para1=para1value;
Para2=para2value;
Para3=para3value;
Para4=para4value;

How can I implement this response part in PHP? I'm new to SSL POST and Responses.

Later Edit,

We always send requests and get the coming response. Here I need to give the response/create the response for the client request. How can I do this in PHP? I found following code..

<?php
//process the request by fetching the info
$headers = http_get_request_headers();
$result = http_get_request_body();
//do stuff with the $headers and $result variables....
//then send your response
HttpResponse::status(200);
HttpResponse::setContentType('text/xml');
HttpResponse::setHeader('From', 'Lymber');
HttpResponse::setData('<?xml version="1.0"?><note>Thank you for posting your data! We    love php!</note>');
HttpResponse::send();
?>    

is this correct for send the response from my SSL enable site to normal site?

Answer 1

The SSL part doesn't matter; it will be handled by the Web server and PHP will receive the request as usual.

The only thing you need to do is build your request, and to do that, you need to know the format this request is going to be in. Also, whether you need some special MIME types or whatever.

For example let's say the answer has to be in JSON. Then it would need to be something like:

<?php
    if (!isset($_POST['WEBSITEKEY'])) {
         // Handle error. E.g.
         Header("HTTP/1.1 400 Bad Request");
         die();
    }

    $websitekey = $_POST['WEBSITEKEY'];

    require 'yourcode.php';

    $response = array(
        'SECUREKEY' => md5($secret . $websitekey),
        'para1'     => date('Y-m-d H:i:s'),
        'para2'     => 'Hello world',
    );
    // Specifying charset isn't strictly necessary but may be useful.
    Header("Content-Type: application/json;charset=UTF-8");
    $data = json_encode($response);
    $len  = strlen($data);
    // Some browser/proxy/load balancer may get better performance if the
    // length is known beforehand. This also disables Chunked-Encoding, which
    // in some scenarios may give problems.
    Header("Content-Length: {$len}");
    die($data); // Ensure no more output after this..

What to do with $websitekey depends completely on your application logic. Here it is concatenated to a secret salt string and used to build the response SECUREKEY, but you can do basically whatever you want to.