Im writing a form to post data off to paypal, and this works fine, i create the form with hidden fields and then have a submit button that submits everything to paypal.
However, when the user clicks that button, there is more that i want to do, for example change their cart status in the database. So, i want to be able to execute some code when they click submit and then post the data to paypal.
I dont want to use javascript for this.
My method at the moment is using cURL, the form posts back to the current page, i then check for $_POST data, do my other commands like updating the status of the cart, and then create a curl command, and post the form data to paypal. Now, it gets posted successfully, but the browser doesnt go off to paypal.
At first i was just retirieving the result in a string and then echoing it out and i could see that the post was successful, then i set CURLOPT_FOLLOWLOCATION to 1 assuming this would let the browser go off to paypal but it doesnt, what it seems to do is grab some stuff from paypal and put it on my page.
Is using cURL the right thing for this? and if so, how do i get round this problem? I want to stay away from javascript for this as only users with javascript enabled would have their cart updated.
The code im using for curl is below, the post_data is an array i created and then read key-value pairs into post_string.
//Set cURL Options
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, false);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_MAXREDIRS, 20);
//Set Data to be Posted
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
//Execute Request
curl_exec($curl_connection);
Perhaps try to combine CURL with a header statement
<?php
header ("Location: https://www.paypal.com/");
This might work depending if the browser need to pass any state (session) info to paypal. This session info are gathered in your CURL call, but there is no way to pass that on to the browser unfortunately. So if you need to maintain the state, then this will not work.
Curl operates on the server side. It won't affect your browser. CURLOPT_FOLLOWLOCATION simply instructs CURL to obey when for instance paypal sends it a header like the one mentioned above. The only way to instruct the browser to do something is to respond with an HTTP header like above or with some kind of meta tag in your HTML response e.g.
<META HTTP-EQUIV="refresh" CONTENT="10;URL=https://www.paypal.com/">
As an alternative, does paypal not provide a redirect function that will, when the transaction is finished, redirect back to your server. If so then just change the card status during this callback and the skip the whole curl process?
After receiving the form and doing what you need to do you should present another form with only a button (all other data in hidden fields) for the user to click and finally head off to paypal.
Related
I want to redirect my page when I get POST variable by other external domain, my page is:
http://goo.gl/kpm2GT
When you push the red button "Realizar Pago", automatically open a new windows to bank payment platform. Well, when you finish all the payment bank steps, this external web send me some POST variables with important data to my page.
This is what I want:: when someone click "Realizar Pago", the page stay waiting for new $_POST variables (from payment platform), so when the POST variables are already sended to my page, I want redirect my page to ha payment suscessfully page.
Thanks for help guys, and sorry for my english.
This is not possible in the way you think about it.
PHP executes each request separately. When your server executes the request from the external service you could assume it doesn't know anything about that other request from your user.
The $_POST array is unique for every request and could not be read across requests.
Okay, sounds like you are wanting to connect to an outside webservice from your page and then display the results to your users. In PHP, you'd probably want to create a form processor that takes user data and then uses cURL to pass it along to the banking end. Once the bank receives the request, they will send back a response to you which you can then display to the user or redirect them to a page that says it was a success.
cURL will wait for a while (you can specify how long it waits) for the response from the banking folks. In this example, I have told the program to wait for 30 seconds. If it finishes before the 30 seconds, it will go ahead and close the connection.
<?php
$bank_url = 'http://www.bank.com';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $bank_url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
print $response;
I`m using cuRL to get some data from remote server... The response is in JSON format..
This is my code:
$ch = curl_init();
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_URL, 'http://www.myaddress.com/mypage.php');
curl_setopt($ch, CURLOPT_POSTFIELDS, array("id" => $id));
$return = curl_exec($ch);
curl_close($ch);
If I access the link in the browser the page load OK, but if I access through the cuRL return a 404 error...
I can guess a few things that it can be checked from the server side, to show the error.
1) As it is stated in other answers, be sure to set all the necessary headers, you can check them e.g. by firebug, as it is shown in here,
or you can get the headers by php get_headers function.
to set it use
curl_setopt($ch, CURLOPT_HTTPHEADER, array("HeaderName: HeaderValue"));
2) When you open a page in the browser(excluding form submit with post method) it makes a get request, instead of post, so if in the server side it is checked $_GET, then your post request will not be considered.
3) If you sure that it should be a post request(say, it is a form submit), then the following can be a problem: some forms can have hidden fields, that again are being checked in the server, and if they are not set, error can be returned. So, you should look at the source code of the form and add them(if there are any) to your post parameters.
4) if you are submitting a form, be sure to set the submit button with its name and value as well, because similar to hidden fields, this can be checked as well.
5) Cookies can be a problem as well, because by default browser has it , and curl does not. To to able to set and read cookies use this code
// set cookie
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file);
// use cookie
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file);
here, $cookie_file path to the cookies file. Do not know in linux or mac, but in windows be sure to use absolute path to the cookie file.
6) Also, you can set the referer by
curl_setopt($ch, CURLOPT_REFERER, 'http://www.myaddress.com/mypage.php');
EDIT: In case of ajax request you might want to add a header X-Requested-With with value as XMLHttpRequest
It's possible the server check the HTTP Header, it's the case in the majority of case.
So add the same HTTP Header of your browser, verify with Firebug :
curl_setopt($ch, CURLOPT_HTTPHEADER, array('SomeName: SomeValue'));
Probably there is something else the browser is sending your cURL code is not. You can use any of the tools other folks have suggested, Firebug, Wireshark, Fiddler, etc, etc.
What you need to do is add missing pieces to your request to match the browser as closely as possible in the cURL request until the remote page responds with a 200.
I notice you're doing a POST. In many cases what happens with your browser is you visit a page with a GET request. A session is initialized on the remote site and a cookie is saved in your browser with the session id.
This cookie then needs to be supplied along with subsequent POST requests. PHP cURL has many options to support cookies. There may be other requirements such as CSRF tokens and so forth.
Again, reverse-engineering is the key.
I've read a lot of cURL questions on here and none of them seem to have had the same problem I am having.
I have a form set up to submit the following:
if(isset($_POST['submitted_form']) && $_POST['submitted_form'] == "yes"){
$ch = curl_init("https://www.pipelinedeals.com/web_lead");
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_REFERER, "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']."");
curl_setopt($ch, CURLOPT_POSTFIELDS, "developer_mode=".$_POST['developer_mode']."&thank_you_page=".$_POST['thank_you_page']."&w2lid=".$_POST['w2lid']."&assign_to_id=".$_POST['assign_to_id']."&lead[lead_source]=".$_POST['lead[lead_source]']."&lead[full_name]=".$_POST['lead[full_name]']."&lead[phone]=".$_POST['lead[phone]']."&lead[email]=".$_POST['lead[email]']."");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_exec($ch);
curl_close($ch);
}
Before anyone asks why I am using such a convoluted method to post the data, rather than just submitting the form, it is because I want to use the data for some other purposes before passing it on to PipelineDeals.
It's so close to working properly I can taste it. My problem is that when I run the code on say "http://exampledomain.com" it goes ahead and posts the data perfectly. The problem is it isn't performing the redirect properly.
What happens is the data posts. "http://exampledomain.com" is left in the address bar, the content of "https://www.pipelinedeals.com/web_lead" loads on the page (and loads in a way that demonstrates it received the posts), then the content of "http://exampledomain.com" loads under it. It's like cURL is pulling in the content of the other page, rather than redirecting the user to it.
Any suggestions?
It's like cURL is pulling in the content of the other page, rather
than redirecting the user to it.
cURL won't actually redirect the user to the page in question. The client's browser is completely oblivious to what cURL is doing. As far as the browser is concerned, it is simply receiving this data back from your server (which is executing the POST request).
To solve this, you might want to setup a hidden form and then submit that form via JavaScript. Small example:
<form id="pipeline" action="https://www.pipelinedeals.com/web_lead" method="post">
<input type="hidden" name="w2lid" value="<?php echo $_POST['w2lid']; ?>">
<!-- the rest of your POST vars -->
</form>
And the JS:
document.getElementById('pipeline').submit();
Because that is exactly what curl does. It grabs the output of your request, and then you can do some fancy things with it if you like, and then you use that information to render your own page for example.
Are you not looking for: header("Location: http://www.example.com/"); /* Redirect browser */
http://php.net/manual/en/function.header.php
(possibly together with the CURL of course)
How can i redirect to a different page along with passing some POST parameters using PHP ?
You cannot "redirect" with the POST method per se, what you're after is to execute a POST request to the site you were planning to redirect to. Have a look at the cURL POST example from http://php.net/manual/de/book.curl.php:
$ch = curl_init();
$data = array('name' => 'Foo', 'file' => '#/home/user/test.png');
curl_setopt($ch, CURLOPT_URL, 'http://localhost/upload.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_exec($ch);
Substitute the CURLOPT_URL with your target and set the required fields in the $data array. For this to work your PHP needs to have the cURL module enabled.
Alternatively you could store all the data you plan to send in the POST in your session and just have the target read from there.
you need to store the POST parameters in SESSION variable
How can i redirect to a different page along with passing some POST parameters using PHP?
That is difficult to do, because redirecting needs both, the server and the browser.
Your script can tell the browser that it should redirect.
But the browser, according to the specs, must get confirmation to allow to send the POST request to the redirected URL.
But even so, not all browsers will re-send the post data with the redirect:
Note: When automatically redirecting a POST request after
receiving a 301 status code, some existing HTTP/1.0 user agents
will erroneously change it into a GET request. (Ref)
So as this does not consistently work and I guess you don't want to have the user to press a button to perform the redirect, you can't create easily what you're looking for with just a redirect.
However as Kashif Khan wrote, you can store the submitted post data into some session and then redirect the user to a new location in which you could read again from that session.
To have this working in the browser nicely, use the 303 See Other status code for the redirect.
I have the following code to login into an external site application (asp.net app) from a local site login form (written in php):
<?php
$curl_connection = curl_init('www.external.com/login.aspx');
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT,
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
// Post data array
$post_data['LoginControl$UserName'] = 'ExampleUName';
$post_data['LoginControl$Password'] = 'ExamplePWord';
// Add form fields into an array to get ready to post
foreach ($post_data as $key => $value)
{
$post_items[] = $key . '=' . $value;
}
$post_string = implode ('&', $post_items);
// Tell cURL which string to post
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
// Execute and post
$result = curl_exec($curl_connection);
?>
I get directed to the login form of the external site instead of being directed to the application logged in. I think the problem is that I need to pass the viewstate values through, but i'm not sure how to go about doing that?
I don't have control over the external application. But we want users to be able to login to the application through our website, to maintain branding etc.
I've posted a couple of other threads recently about the use of php cURL, but I'm at the stage now where I think the viewstate is the problem ...
Thanks, Mark.
This seems to be a real problem when trying to scrape the asp.net pages.
The pages contain a hidden field named "__VIEWSTATE" which contains a base64 encoded set of va;ues containing some or all of the page state when the page was sent. It usually also contains the SHA1 of the viewstate.
What this means is that your post must contain everything in the _VIEWSTATE or it will fail.
I have been able to post a simple login page that has only 2 fields but not a more complex page in which the author has chosen to put the entire page state in the viewstate.
As yet I have not been able to come up with a solution.
Change:
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
To:
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, false);
You also need to set up a cookie file, take a look at CURLOPT_COOKIEFILE
CURLOPT_COOKIEFILE:
The name of the file containing the cookie data. The cookie file can be in Netscape format, or just plain HTTP-style headers dumped into a file.
CURLOPT_COOKIE:
The contents of the "Cookie: " header to be used in the HTTP request. Note that multiple cookies are separated with a semicolon followed by a space (e.g., "fruit=apple; colour=red")
CURLOPT_COOKIEJAR:
he name of a file to save all internal cookies to when the connection closes.
#see http://www.php.net/manual/en/function.curl-setopt.php
curl_setopt($curl_connection, CURLOPT_COOKIEFILE, 'cookiefile.txt');
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, 'cookiefile.txt');
Don't expect it to work without encoding the __VIEWSTATE string in php using
rawurlencode($viewstate);
I've encountered the same problem recently, so I just leave my way to go about it here, in case someone else stumbles on this thread looking for an answer too.
I solved this by preceding every POST request with a GET request to the same url, and scraping all the input fields into an array of key-value pairs out of the response from that GET. Then I replaced some values in that array (login field values, for example), and sent the whole thing back in the subsequent POST. This way my POST request contained all the valid __VIEWSTATE, __EVENTVALIDATOR and yada-yada data generated for that particular url too.
This way the site allowed me to log in and visit subdomains normally.