Posted by "Ragnar" on 10/07/05 07:30

Message-ID: <3B.35.54476.92125434@pb1.pair.com>
To: php-general@lists.php.net
Date: Thu, 06 Oct 2005 15:04:41 +0200
From: Petr Smith <pesmail2003@seznam.cz>
Subject: Re: How do I POST data with headers & make the browser follow?

> I have to apologize if this issue has been discussed in detail before but
I
> couldn't find anything obvious so far.
>
> What I need/want to do is to :
>
> 1. Take POST data from a form (no problem)
> 2. Do whatever i need to on the target page (no problem)
> 3. Pass some other data on to a 3rd page as a POST
> request.
> 4. Get the browser to follow to said 3rd page.
>
>
> All this is happening via SSL.
>
> So basically what i am trying to do is to "fake" whatever happens
> at a normal POST request that is handled by the browser.
>
> Now point 4. in my example above is giving me a massive headache,
> I have managed to pass data on to the 3rd page as POST quite comfortably
> using cURL but the browser doesn't follow (ie. the URL in the address bar
> remains unchanged).
>
> I did see that there is a FOLLOWLOCATION option you can set in cURL when
you
> do you request, and though "wicked, just what I needed" only to find out
> that it's not working (probably because I understand what it does wrong).
>
> Pretty pretty please if anyone knows a solution for the above, let me
know.
>
> Oh, and I'd also like to add that the information I am trying to get to
the
> 3rd page in the example is sensitive (Credit Card details etc.), so $_GET
> and $_COOKIE are out of the question.

>Hi,
>
>it seems you have no understanding how http protocol works.. I can't
>learn you the whole thing, but I can give you some hints. Read something
>about HTTP
>(http://www.digital-web.com/articles/powering_the_web_with_http/),
>install some network sniffer (ethereal, HttpWatch for IE - great tool
>for beginners) and see what happens.
>
>- you cannot force browser to POST something somewhere with PHP. You
>have to realize, that PHP is running on server, but the browser is the
>client.
>- you cannot use curl to do it. With curl it all happens on the server.
>If you want to use curl, you have to use same technique used by "web
>based anonymous proxy". Return all loaded data to client, rewrite urls
>to your script, handle everything correctly until client closes browser.
>Very complex stuff
>- followlocation has nothing to do with browser. it only says to curl to
>evaluate Location header and do auto-redirection
>- sensitive information? GET, POST, COOKIE, everything could be
>intercepted
>- your only help is javascript. You can generate something like this to
>client browser with php. But you couldn't hide sensitive information
>this way.
><body onload="document.forms.myform.submit()">
><form name="myform" method="post">
> <input type="hidden" name="..." value="...">
></form>
>- think about your problem and possible solutions again

>Petr

Hi Petr,

thanks for the reply, first off i certainly didn't claim to be an expert on
the HTTP, which is why i was asking the question I did.
I do realise that PHP runs on the server and can't force the browser to do
anything directly, I was merely wondering why header("Location:"); got the
browser to follow and if there was a way for me to get the same behaiviour
working when PHP was posting data.

Anyway, I will look at my problem at hand again and will try something else.

Thanks for the tips.


--
Highspeed-Freiheit. Bei GMX superg

[Back to original message]