Solved

forwarding POST data to external host, data includes files

Posted on 2009-04-03
9
448 Views
Last Modified: 2012-05-06
Senario: I have to submit a form to an external host, the external host responds with an email, and returns the the user to a confirmation page, which is hosted on my server (the url is included in the form data). The confirmation page url has a unique 'ticket number' appended to it by the external server. I cannot submit the form directly as I need to validate the form before submission to the external site, using php.

So I need to catch the form submission, check that the required fields are filled in, using server side code, and then forward the data as a POST to the external server. The user is then shown the confirmation page.

I have succeded in doing this using a JS self submitting form, but I need to forward files uploaded on the original form, is it possible to forward uploaded files using this method?

Alternatively, I have tried CURL, fputs, and stream_get_contents. However is it possible to use a serverside approach and have the confirmation page displayed to the client as they didn't initiate the request?
0
Comment
Question by:Ginola
  • 4
  • 2
  • 2
9 Comments
 
LVL 5

Expert Comment

by:Pantalaim0n
Comment Utility
What happens serverside except for validation? If it's only the validation, I'd highly recommend doing the validation client-side in this case, and just let the form itself post to the external host..
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 300 total points
Comment Utility
Is this by any chance a homework assignment?

Regarding this statement: "I cannot submit the form directly as I need to validate the form before submission..." -- therein lies one of the central issues in WWW security.  You can validate all you want on the client side of things, but what happens when the client turns JavaScript off?  More importantly, what happens when a malicious script begins bombarding the "external host" with bogus information, attack data, etc.?

Simply put, you MUST validate the form data in the action script -- there is no alternative.  Any validation you do on the client side of things is a nicety, but is irrelevant in terms of security and the validity of the data model.

Now having unburdened myself of that, let me see if I can paraphrase what you want to do.

1. Client submits a form to an action script on your server.
2. Your server validates the form data and either rejects it accepts it.
3. On acceptance, your server posts the form data to a foreign server.
4. You get some kind of signal back from the foreign server and return this signal to the client.

Does that state it accurately?

Thanks, ~Ray
0
 
LVL 5

Assisted Solution

by:Pantalaim0n
Pantalaim0n earned 200 total points
Comment Utility
Validation works both ways. You can validate everything there is either client-side or (own) server side, but if the external host doesn't do its own validation server-side once it receives data, it's still pointless. I assume the author doesn't have control on the external host.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
@Pantalaim0n: you are probably right about no control of the external host.  Hope they are doing their own validation ;-)  A few more specifics from the OP would be helpful, for sure, like the code that is written so far.

Best regards, ~Ray
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:Ginola
Comment Utility
Hi all, sorry for the delayed reply.

I was given an incorrect spec by my boss, apparently it is possible to validate it clientside, and pass it directly to the external host (which does it's own 'proper' validation). I was told that it was not possible for the external server to validate and return the user to the 'confirmation page' if I had required fields on the form.

Many thanks for your comments, much appreciated, sorry for wasting your time.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Before I post an objection to this request to delete, please explain why you do not feel that our comments deserve some points.  Thanks, ~Ray
0
 

Author Comment

by:Ginola
Comment Utility
I'm happy to give you some points, I appreciate that you have given time up to try to solve this, I don't know the procedure though, is it possible to give some points to both you and Pantalaim0n?
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Thanks for your consideration.  Yes, you can do that.  Go up to the original post and click the "request attention" button.   You can ask a moderator for guidance - there is a help page that tells how, but I don't have a link to it, sorry.

best regards, ~Ray
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article discusses the difference between strict equality operator and equality operator in JavaScript. The Need: Because JavaScript performs an implicit type conversion when performing comparisons, we have to take this into account when wri…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now