Reputation: 963
with php, how can I send data via POST simulating in full a form submit?
My problem is this: I have an online service which hosts my customer's catalogue.
This service requires authentication, but I have one single username/pwd.
My customer, instead, wants to manage separately every single user with their own user/pwd and access statistics. So what I did was to build my own account management, so far so good.
What I need to do now is to add a login form which users should fill in with their own credentials; once sent, the script should proceed with the authentication and, if everything's ok, increment the access count, send the remote system's login data via POST and redirect the browser to the response page, exaclty the same way as a normal form would do.
I tried using curl this way:
if (authenticate($_POST['usr'],$_POST['pwd'])) {
$url = "http://www.foo.com/login.php";
$postdata = http_build_query(array('username'=>"foo",'password'=>"bar"));
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($curl);
curl_close($curl);
}
but I end up loading the destination page's data into my own page, instead of being redirected to the site.
What should I do?
P.S. I would avoid resorting to an hidden form submitted via JS, if possible.
Thanks!
Upvotes: 3
Views: 2587
Answers (2)
Reputation: 19909
curl_setopt($curl, CURLOPT_RETURNTRANSFER, false);
From the manual:
TRUE to return the transfer as a string of the return value of curl_exec() instead of outputting it out directly.
Upvotes: 2
Reputation: 3362
I don't think you see the whole picture of what you are trying to do. Basically, redirect won't help you, because authentication is not URL-based, it's cookie or session based. In other words, you can't authenticate youself (which happens when you emulate form submit on that website with hidden credentials) and make your visitor get that authentication for himself. Redirect won't help you here. Even if you redirect him, he's not authenticated. Your server is, because it submited the form, not the user himself.
What I don't get is you are ok with authenticating a user with that hidden credentials and then giving him full access to the statistics, why not just give him the access? You are providing him with full access to everything, but don't give him the login and password?
As a side not, POST redirect is not possible, so you can't redirect him on form submit with forged POST data. All POST data is lost on redirect.
As an ugly workaround, I'll suggest the following: you can authenticate yourself like you are doing now, and then let user browse the statistics from your website, similar to what proxies do. You can then change all links on the page to something like yoursite.com/viewstats/?page=URL, where URL is the page of the statistics site user wants to see. You grab that page and show it to user. You will need to change relative paths to css/js files to keep their design, and you will also need to change all within-website links like this "/viewstats/?page=" . urlencode($old_url) so they point on your proxy-like gate.
Upvotes: 2
Related Questions
- How can I use cURL to post form data in php?
- Send data with cURL by post's data
- How to simulate curl -X Post with PHP
- Sending Data Using Post Method Without Form
- How to simulate browser form POST method using PHP/cURL
- How do I submit POST data using PHP and cURL?
- How do I simulate a POST request in PHP
- CURL send POST data
- PHP: programatically submit form and get contents of resulting page?
- send cURL post to be received exactly like form post