Solved

redirect page with post variables, without submiting a form.

Posted on 2008-06-15
4
2,418 Views
Last Modified: 2013-11-19
Hi,

I have a problem I can't find a solution to since 2-3 days now.
I know about cUrl and fsockopen() and sessions.

The problem is as follows.

I have a page for payment which asks which payment method the user wants to choose, then this form is posted to the same page for handling and the handling script(php) will regenerate post variables named correctly for the wanted payment website (e.g. paypal, swreg etc.). And then redirect to that page and let the user finish his payment there.

Hence I cannot use sessions variables, because it will be a third party website that handles the query, so I have to conform to their strict standards for processing payments, which is $_POST (I won't be able to modify their handling pages anyway and I'm sure they won't use sessions variables for security...).

The problem with curl and fsockopen, is that it does post the data to (for this examples sake i'll keep to paypal) paypal payment page, but everything is done on the server side hence the user is not redirected to the paypal paying page like with a normal html/form submit, I just get the html code from the paypal page back as a string (inside the php script which is totally useless because I could output it and display the page of paypal, but it would still be located on my website hence would not work either) and that's not what I want, I want php, to sort of create a post like would happend with a html form and pressing a submit button. But without generating a form and hidden variables and adding a submit action for the onload event to handle redirection that way, that's not appropriate either, I don't want the user to able to see/access any of the payment data.
Also I can't use cUrl, because my online website doesn't support it..

I hope you can help me, I've looked at many topics here, but couldn't find an answer, because no one seemed to have exactly the same problem.
Or maybe I'm not searching in the right direction, if you can redirect me to the correct topic?
Thanks in advance
0
Comment
Question by:Braikar
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:afzz
ID: 21788313
I have used paypal php toolkit before

www.paypal.com/pdn is the link i think.


The process i used is when the post needs to be sent to paypal, i load a page into the users browser with all the post variables in a hidden form and use <body onload function to submit the form to paypal from the user's browser while showing a please wait.... message. there after paypal takes over and if payment is successful paypal would post the result to a secret url on my server and redirect the user back to my store. here i would compare what paypal has posted into the secret url and show the subsequent action to the user. hope i was of any help.
0
 

Author Comment

by:Braikar
ID: 21788471
That's exactly how i got my script working right now.
The problem is that the page generating the hidden form and onload event can still be stopped and every variable value can be read anyway... That's what I want to avoid (because for the website I want to add a tracking code to the order, but I don't want the user to know it, later on a reference is generated based on that hidden tracking number, therefore that's why I would like to be able to handle everything in php, without having to output any html/javascript etc ever so that it's totally server-managed and the user never has a slight chance to see this data.

But using fsockopen or curl, it posts without redirecting to the page where data was posted like would happen with a basic html form which is submitted normally. I'm sure there is a way to do it?
I would be appauled if php doesn't allow this, forms have been around since the existence of html.
0
 
LVL 4

Expert Comment

by:afzz
ID: 21788566
try this method.

before posting to paypal record the data in a temporary database table identified by an id like order id or invoice number and then post to paypal. even if the user reads this it is just an order number or invoice number, no tracking in it. then when paypal returns, you can access this from your temporary table and copy it into a permanent table for your reference.
Of course some regular cleaning up of the temp table will be required to delete incomplete transactions periodically.

Cheers,
Ak
0
 

Accepted Solution

by:
Braikar earned 0 total points
ID: 21893899
I found out why what I want to do can't be done :)

If a POST is issued by a client computer to a server, the server will reply to this client only.
Therefore if the php script is executing on the server side to process any data, then post the data to another server, the communication will be server to server. It's impossible that one server posts to another server and that this server posts back to a 3rd client, this cannot be done.

So I'll have to keep with temporary ids, as you suggested (afzz), I was just lazy and hoping to be able to do it more easily ;)
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question