I'm working with Laravel 5.8 and I'm trying to sent parameters from my controller to a php file that is not a view.
I've tried this way:
return redirect('my-route/?my-parameter='.'value');
But I want to send it with POST method, how can I do that ?
If you are sending a request to another php application (or any application really) then I would also second #Nikolay and check out Guzzle. Or, another option would be to check out Requests I've used both and both I think would get you what you're looking for.
Either option works great when communicating server-to-server (not an ajax call to an internal controller method).
The php file in your public folder will need to be able to check for such request(s). Without knowing what that file looks like, somewhere/how you'll need to check if there are query parameters.
Hope this helps!
Related
I wrote a API for a system. It is a PHP file, which is called with some parameters. It is called like this: "https://abcdefg.de/api/api.php?test=test". This script returns sensitive data when it is called. To make sure only the right api users get the information the parameters has to contain correct credentials.
To make the api more secure the idea was to check in addition who is calling the script. For example only the website "https://test.de" should be able to call the api script. But how to achieve this in PHP? How to check what is the url of the "caller"?
I already tried $_SERVER['HTTP_REFERER']; but I read that it can be easily manipulated and in our case it returns always null, because we use https instead of http.
Is there a solution to our problem?
Thanks in advance,
Filip.
HTTP_REFERER will not be working in real with API, it's related to the form submitted from another page or website, in case this is the situation this is called cross-site request forgery, the solution here is to create a token in every rendered form and send it with the submitted data, from the backend, you will validate this token (most of the time is saved in the sessions), you can check it
I am working on a system that receives a request to a URL and forwards the request to a different URL after performing some actions (not relevant for the question). Example: The system receives a GET request to http://localhost/users/123/my/path?foo=1&bar=abc and then forward the user to http://localhost/my/path?foo=1&bar=abc using GET as well. Getting the new path and arguments is not a problem.
Using redirects works perfectly when there are no arguments. However, I need to keep all the request data, like method name (GET, POST, etc) and arguments, which does not work with the redirect($newRoute). According to Laravel documentation and some experiments I tried, redirect($newRoute)->whith($params) works only for URL parameters, like http://localhost/{$id}/some/path, but not for http://localhost/some/path?id=456, for example.
I also tried creating a new request based in the old one. It works fine except for one essential detail: the URL in the browser remains the old one. Exemple: when requesting http://localhost/users/123/my/path?foo=1&bar=abc, the system behaves as expected but stays in the same URL, not the right one (http://localhost/my/path?foo=1&bar=abc). It is a requirement that the system return/go to the new URL. I create the new request like this, as in here:
$newRequest = Request::create("/" . $newRoute, $originalRequest->getMethod(), $originalRequest->all());
return Route::dispatch($newRequest);
Any thoughts on how can I accomplish what I need?
Thanks guys!
What about:
return redirect()->away('https://localhost/my/path?foo='.$foo.'&bar='.$bar.');
Redirecting to External Domains (Laravel)
this is my first post, i'd like to ask you how can i avoid a direct call of a php page passing POST parameters in the browser?Because I have an iOS application and this should send data to a php page with POST method and then the php page will store data on a database but i don't want that someone, which somehow find the page address, type directly in the browser the address of php page followed by post parameters. I've searched and find that creating a .htaccess file could prevent the php call but, being a newbie, i would like to ask if this prevent the direct passage of parameters on browser.
Thanks in advance for your answer.
NO.
You can't control the user-side operations. anybody that can call your php page - can send any parameter as he like to.
What you can do is this:
1) block all IP addresses without your own (if your IP is static).
2) add a secret parameter to all of your requests. and in php file add condition like
if($_POST["secret"]!="some secret string")
exit("No permissions");
Make the parameter name (or value...) - hard to guessing!
I think the best way is to pass a secret code, work on https website and make some coditions for the variables that passed to your ftp like it must not be Null , if you are passing an email for example you have to validate it's format... so you make it hard for the hacker to get control :)
I have written code in a php file that gets called from Paypal when a charge is processed (also called as PIN/API etc.). Paypal sends some parameters, may be many get and post variables etc. too along with the page call using which I send email to customer based of the user details, amount etc. from the parameters. Is it possible that I can save all the call info by any line of code in the php file so that I can simulate same call again, because Paypal sandbox is very time consuming and if I can debug by code locally instead of writing a log code on each step and transferring the php file on server for testing after each code change, then it will save many hrs.
I hope I am clear in my question. I just want to simulate a page request which third-party server is calling and I don't know their parameters. So, I was thinking may be there is a way to do an exact page request by any mean on my local computer.
You know which parameters Paypal will be sending you, it's in their documentation. But I can understand you might want this for debugging or error reporting.
How to capture input
To capture a request it's usually sufficient to capture $_GET and $_POST. In some cases you will want to read from file_get_contents("php://input") as well but I don't believe PayPal uses that.
How to make a request
If your request is simple you can just do a file_get_contents("mypage.php"). If you want to send POST parameters as well: make a stream context with stream_context_create. Or chicken out and use curl :P
What I'm trying to do is:
I have a form. I submit that form. In the code of the target script I want to make some validations. In a certain case, I want to make a POST to another URL. I don't want to just make a redirect to an URL.
I don't know if this is possible, that's why I'm asking.
I'm working with PHP.
Thanks!
To the people who suggested cURL: Building a request like so will send the data on behalf of the server not the client. I don't think he wants that.
He wants POST forwarding and that, if it were to exist (and I don't think it does), should be implemented by the browser.
What I suggest is to use an AJAX call to make the validation before posting. And then depending on the response you choose the destination for posting (on the client side).
To summarize: You request a validation from the client. You do that validation on the server. You send back instructions to the client. You post according to the instructions received from the server.
I'm not sure if you understand this, but any details of requests made by the user(client) are known in full by him. You can't make him POST to an URL, have a password in that POST, and not have access to that password.
Note: If it's easier you can read JavaScript and PHP instead of client and server.
It is definitely possible. You could use the PHP cURL library to easily create a POST request. But this might be overkill for what you are trying to achieve. Is it a possibiity to do the validation in JavaScript and change the form action attribute with JavaScript after submitting?
In what case would you need to post it to another PHP file.
Couldn't you simply use IF statements to redirect the script to another script depending on the results of the validation?