Solved

forwarding POST data to external host, data includes files

Posted on 2009-04-03
9
449 Views
Last Modified: 2012-05-06
Senario: I have to submit a form to an external host, the external host responds with an email, and returns the the user to a confirmation page, which is hosted on my server (the url is included in the form data). The confirmation page url has a unique 'ticket number' appended to it by the external server. I cannot submit the form directly as I need to validate the form before submission to the external site, using php.

So I need to catch the form submission, check that the required fields are filled in, using server side code, and then forward the data as a POST to the external server. The user is then shown the confirmation page.

I have succeded in doing this using a JS self submitting form, but I need to forward files uploaded on the original form, is it possible to forward uploaded files using this method?

Alternatively, I have tried CURL, fputs, and stream_get_contents. However is it possible to use a serverside approach and have the confirmation page displayed to the client as they didn't initiate the request?
0
Comment
Question by:Ginola
  • 4
  • 2
  • 2
9 Comments
 
LVL 5

Expert Comment

by:Pantalaim0n
ID: 24059935
What happens serverside except for validation? If it's only the validation, I'd highly recommend doing the validation client-side in this case, and just let the form itself post to the external host..
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 300 total points
ID: 24068317
Is this by any chance a homework assignment?

Regarding this statement: "I cannot submit the form directly as I need to validate the form before submission..." -- therein lies one of the central issues in WWW security.  You can validate all you want on the client side of things, but what happens when the client turns JavaScript off?  More importantly, what happens when a malicious script begins bombarding the "external host" with bogus information, attack data, etc.?

Simply put, you MUST validate the form data in the action script -- there is no alternative.  Any validation you do on the client side of things is a nicety, but is irrelevant in terms of security and the validity of the data model.

Now having unburdened myself of that, let me see if I can paraphrase what you want to do.

1. Client submits a form to an action script on your server.
2. Your server validates the form data and either rejects it accepts it.
3. On acceptance, your server posts the form data to a foreign server.
4. You get some kind of signal back from the foreign server and return this signal to the client.

Does that state it accurately?

Thanks, ~Ray
0
 
LVL 5

Assisted Solution

by:Pantalaim0n
Pantalaim0n earned 200 total points
ID: 24068676
Validation works both ways. You can validate everything there is either client-side or (own) server side, but if the external host doesn't do its own validation server-side once it receives data, it's still pointless. I assume the author doesn't have control on the external host.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 24068697
@Pantalaim0n: you are probably right about no control of the external host.  Hope they are doing their own validation ;-)  A few more specifics from the OP would be helpful, for sure, like the code that is written so far.

Best regards, ~Ray
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Ginola
ID: 24116616
Hi all, sorry for the delayed reply.

I was given an incorrect spec by my boss, apparently it is possible to validate it clientside, and pass it directly to the external host (which does it's own 'proper' validation). I was told that it was not possible for the external server to validate and return the user to the 'confirmation page' if I had required fields on the form.

Many thanks for your comments, much appreciated, sorry for wasting your time.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 24168836
Before I post an objection to this request to delete, please explain why you do not feel that our comments deserve some points.  Thanks, ~Ray
0
 

Author Comment

by:Ginola
ID: 24168896
I'm happy to give you some points, I appreciate that you have given time up to try to solve this, I don't know the procedure though, is it possible to give some points to both you and Pantalaim0n?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 24169250
Thanks for your consideration.  Yes, you can do that.  Go up to the original post and click the "request attention" button.   You can ask a moderator for guidance - there is a help page that tells how, but I don't have a link to it, sorry.

best regards, ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now