Sending $_POST variable to another page using PHP without forms

Question

I have searched a lot but didn't quite find what I am looking for. My scenario is, I am trying to add payment processing in my website. The gateway requires me to send POST data to a specific url (not part of my site). I don't want to use

<input type="hidden" name="secret_key" value="somevalue" />
<input type="hidden" name="auth_key" value="othervalue" />
<input type="hidden" name="charge_total" value="345" />

as this can be manipulated easily. My question is can I grab the data in a php page, process it and send the required data using POST to the payment url without exposing it to the client end. Just to be sure, I would like the user to be actually redirected to that page as well, like it would when you submit the form.

I don't want to use AJAX as well, because that would mean exposing it to the client end.

Thanks.

EDIT: Just to be more elaborate, currently users fill the form, including radio buttons and text fields (along with my hidden fields). The form is submitted to the payment gateway hosted page, where they can confirm their choices and see the Merchant Name (me), which payment gateway determines using secret code. There, the users fill in their Card details and proceed on with payment and are shown the result of the transaction, which is sent back to my server in xml as well. Then they are redirected back to my website success/failure page.

Now, I would like to fetch those user supplied form items, append my custom data, and then submit those values to the gateway hosted page, and continue the rest of the process. Any help is highly appreciated.

Thanks again.

Answer 1

See my update below.

I think you can use php/curl examples here: http://curl.haxx.se/libcurl/php/examples/, especially http://curl.haxx.se/libcurl/php/examples/simplepost.html

<?php
//
// A very simple PHP example that sends a HTTP POST to a remote site
//

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,"http://www.example.com/tester.phtml");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
            "postvar1=value1&postvar2=value2&postvar3=value3");

curl_exec ($ch);
curl_close ($ch); 
?>

It can be wrote into function likes this:

function sendPost($postURL, $post_string) {

// initiate curl object
$request = curl_init($postURL);

// set to 0 to eliminate header info from response
curl_setopt($request, CURLOPT_HEADER, 0);

// Returns response data instead of TRUE(1)
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);

// use HTTP POST to send form data
curl_setopt($request, CURLOPT_POSTFIELDS, $post_string);

// execute curl post and store results in $post_response
$post_response = curl_exec($request);

// Checks for Errors if needed
if (curl_errno($request) > 0)
{
        $_SESSION['curl_error'] = curl_getinfo($request);
}

curl_close ($request);

return $post_response;

}

$postURL is URL of your payment gateway

$post_string is your variables which match with format of payment gateway.

and you can parse the $post_response and take it values to show status to user. Of course, you know how to use var_dump or echo to see values of $post_response already

Answer 2

Use cURL to send the POST from the server:

//set POST variables
$fields = array(
                  'secret_key' => urlencode('somevalue'),
                  'auth_key' => urlencode('othervalue'),
                  'charge_total' => 345
                );

//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, 'https://www.yourgateway.com');
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);