Solved

redirect page with post variables, without submiting a form.

Posted on 2008-06-15
4
2,412 Views
Last Modified: 2013-11-19
Hi,

I have a problem I can't find a solution to since 2-3 days now.
I know about cUrl and fsockopen() and sessions.

The problem is as follows.

I have a page for payment which asks which payment method the user wants to choose, then this form is posted to the same page for handling and the handling script(php) will regenerate post variables named correctly for the wanted payment website (e.g. paypal, swreg etc.). And then redirect to that page and let the user finish his payment there.

Hence I cannot use sessions variables, because it will be a third party website that handles the query, so I have to conform to their strict standards for processing payments, which is $_POST (I won't be able to modify their handling pages anyway and I'm sure they won't use sessions variables for security...).

The problem with curl and fsockopen, is that it does post the data to (for this examples sake i'll keep to paypal) paypal payment page, but everything is done on the server side hence the user is not redirected to the paypal paying page like with a normal html/form submit, I just get the html code from the paypal page back as a string (inside the php script which is totally useless because I could output it and display the page of paypal, but it would still be located on my website hence would not work either) and that's not what I want, I want php, to sort of create a post like would happend with a html form and pressing a submit button. But without generating a form and hidden variables and adding a submit action for the onload event to handle redirection that way, that's not appropriate either, I don't want the user to able to see/access any of the payment data.
Also I can't use cUrl, because my online website doesn't support it..

I hope you can help me, I've looked at many topics here, but couldn't find an answer, because no one seemed to have exactly the same problem.
Or maybe I'm not searching in the right direction, if you can redirect me to the correct topic?
Thanks in advance
0
Comment
Question by:Braikar
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:afzz
Comment Utility
I have used paypal php toolkit before

www.paypal.com/pdn is the link i think.


The process i used is when the post needs to be sent to paypal, i load a page into the users browser with all the post variables in a hidden form and use <body onload function to submit the form to paypal from the user's browser while showing a please wait.... message. there after paypal takes over and if payment is successful paypal would post the result to a secret url on my server and redirect the user back to my store. here i would compare what paypal has posted into the secret url and show the subsequent action to the user. hope i was of any help.
0
 

Author Comment

by:Braikar
Comment Utility
That's exactly how i got my script working right now.
The problem is that the page generating the hidden form and onload event can still be stopped and every variable value can be read anyway... That's what I want to avoid (because for the website I want to add a tracking code to the order, but I don't want the user to know it, later on a reference is generated based on that hidden tracking number, therefore that's why I would like to be able to handle everything in php, without having to output any html/javascript etc ever so that it's totally server-managed and the user never has a slight chance to see this data.

But using fsockopen or curl, it posts without redirecting to the page where data was posted like would happen with a basic html form which is submitted normally. I'm sure there is a way to do it?
I would be appauled if php doesn't allow this, forms have been around since the existence of html.
0
 
LVL 4

Expert Comment

by:afzz
Comment Utility
try this method.

before posting to paypal record the data in a temporary database table identified by an id like order id or invoice number and then post to paypal. even if the user reads this it is just an order number or invoice number, no tracking in it. then when paypal returns, you can access this from your temporary table and copy it into a permanent table for your reference.
Of course some regular cleaning up of the temp table will be required to delete incomplete transactions periodically.

Cheers,
Ak
0
 

Accepted Solution

by:
Braikar earned 0 total points
Comment Utility
I found out why what I want to do can't be done :)

If a POST is issued by a client computer to a server, the server will reply to this client only.
Therefore if the php script is executing on the server side to process any data, then post the data to another server, the communication will be server to server. It's impossible that one server posts to another server and that this server posts back to a 3rd client, this cannot be done.

So I'll have to keep with temporary ids, as you suggested (afzz), I was just lazy and hoping to be able to do it more easily ;)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now