• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

forwarding POST data to external host, data includes files

Senario: I have to submit a form to an external host, the external host responds with an email, and returns the the user to a confirmation page, which is hosted on my server (the url is included in the form data). The confirmation page url has a unique 'ticket number' appended to it by the external server. I cannot submit the form directly as I need to validate the form before submission to the external site, using php.

So I need to catch the form submission, check that the required fields are filled in, using server side code, and then forward the data as a POST to the external server. The user is then shown the confirmation page.

I have succeded in doing this using a JS self submitting form, but I need to forward files uploaded on the original form, is it possible to forward uploaded files using this method?

Alternatively, I have tried CURL, fputs, and stream_get_contents. However is it possible to use a serverside approach and have the confirmation page displayed to the client as they didn't initiate the request?
0
Ginola
Asked:
Ginola
  • 4
  • 2
  • 2
2 Solutions
 
Pantalaim0nCommented:
What happens serverside except for validation? If it's only the validation, I'd highly recommend doing the validation client-side in this case, and just let the form itself post to the external host..
0
 
Ray PaseurCommented:
Is this by any chance a homework assignment?

Regarding this statement: "I cannot submit the form directly as I need to validate the form before submission..." -- therein lies one of the central issues in WWW security.  You can validate all you want on the client side of things, but what happens when the client turns JavaScript off?  More importantly, what happens when a malicious script begins bombarding the "external host" with bogus information, attack data, etc.?

Simply put, you MUST validate the form data in the action script -- there is no alternative.  Any validation you do on the client side of things is a nicety, but is irrelevant in terms of security and the validity of the data model.

Now having unburdened myself of that, let me see if I can paraphrase what you want to do.

1. Client submits a form to an action script on your server.
2. Your server validates the form data and either rejects it accepts it.
3. On acceptance, your server posts the form data to a foreign server.
4. You get some kind of signal back from the foreign server and return this signal to the client.

Does that state it accurately?

Thanks, ~Ray
0
 
Pantalaim0nCommented:
Validation works both ways. You can validate everything there is either client-side or (own) server side, but if the external host doesn't do its own validation server-side once it receives data, it's still pointless. I assume the author doesn't have control on the external host.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Ray PaseurCommented:
@Pantalaim0n: you are probably right about no control of the external host.  Hope they are doing their own validation ;-)  A few more specifics from the OP would be helpful, for sure, like the code that is written so far.

Best regards, ~Ray
0
 
GinolaAuthor Commented:
Hi all, sorry for the delayed reply.

I was given an incorrect spec by my boss, apparently it is possible to validate it clientside, and pass it directly to the external host (which does it's own 'proper' validation). I was told that it was not possible for the external server to validate and return the user to the 'confirmation page' if I had required fields on the form.

Many thanks for your comments, much appreciated, sorry for wasting your time.
0
 
Ray PaseurCommented:
Before I post an objection to this request to delete, please explain why you do not feel that our comments deserve some points.  Thanks, ~Ray
0
 
GinolaAuthor Commented:
I'm happy to give you some points, I appreciate that you have given time up to try to solve this, I don't know the procedure though, is it possible to give some points to both you and Pantalaim0n?
0
 
Ray PaseurCommented:
Thanks for your consideration.  Yes, you can do that.  Go up to the original post and click the "request attention" button.   You can ask a moderator for guidance - there is a help page that tells how, but I don't have a link to it, sorry.

best regards, ~Ray
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now