forwarding POST data to external host, data includes files

Posted on 2009-04-03
Medium Priority
Last Modified: 2012-05-06
Senario: I have to submit a form to an external host, the external host responds with an email, and returns the the user to a confirmation page, which is hosted on my server (the url is included in the form data). The confirmation page url has a unique 'ticket number' appended to it by the external server. I cannot submit the form directly as I need to validate the form before submission to the external site, using php.

So I need to catch the form submission, check that the required fields are filled in, using server side code, and then forward the data as a POST to the external server. The user is then shown the confirmation page.

I have succeded in doing this using a JS self submitting form, but I need to forward files uploaded on the original form, is it possible to forward uploaded files using this method?

Alternatively, I have tried CURL, fputs, and stream_get_contents. However is it possible to use a serverside approach and have the confirmation page displayed to the client as they didn't initiate the request?
Question by:Ginola
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2

Expert Comment

ID: 24059935
What happens serverside except for validation? If it's only the validation, I'd highly recommend doing the validation client-side in this case, and just let the form itself post to the external host..
LVL 111

Accepted Solution

Ray Paseur earned 1200 total points
ID: 24068317
Is this by any chance a homework assignment?

Regarding this statement: "I cannot submit the form directly as I need to validate the form before submission..." -- therein lies one of the central issues in WWW security.  You can validate all you want on the client side of things, but what happens when the client turns JavaScript off?  More importantly, what happens when a malicious script begins bombarding the "external host" with bogus information, attack data, etc.?

Simply put, you MUST validate the form data in the action script -- there is no alternative.  Any validation you do on the client side of things is a nicety, but is irrelevant in terms of security and the validity of the data model.

Now having unburdened myself of that, let me see if I can paraphrase what you want to do.

1. Client submits a form to an action script on your server.
2. Your server validates the form data and either rejects it accepts it.
3. On acceptance, your server posts the form data to a foreign server.
4. You get some kind of signal back from the foreign server and return this signal to the client.

Does that state it accurately?

Thanks, ~Ray

Assisted Solution

Pantalaim0n earned 800 total points
ID: 24068676
Validation works both ways. You can validate everything there is either client-side or (own) server side, but if the external host doesn't do its own validation server-side once it receives data, it's still pointless. I assume the author doesn't have control on the external host.
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

LVL 111

Expert Comment

by:Ray Paseur
ID: 24068697
@Pantalaim0n: you are probably right about no control of the external host.  Hope they are doing their own validation ;-)  A few more specifics from the OP would be helpful, for sure, like the code that is written so far.

Best regards, ~Ray

Author Comment

ID: 24116616
Hi all, sorry for the delayed reply.

I was given an incorrect spec by my boss, apparently it is possible to validate it clientside, and pass it directly to the external host (which does it's own 'proper' validation). I was told that it was not possible for the external server to validate and return the user to the 'confirmation page' if I had required fields on the form.

Many thanks for your comments, much appreciated, sorry for wasting your time.
LVL 111

Expert Comment

by:Ray Paseur
ID: 24168836
Before I post an objection to this request to delete, please explain why you do not feel that our comments deserve some points.  Thanks, ~Ray

Author Comment

ID: 24168896
I'm happy to give you some points, I appreciate that you have given time up to try to solve this, I don't know the procedure though, is it possible to give some points to both you and Pantalaim0n?
LVL 111

Expert Comment

by:Ray Paseur
ID: 24169250
Thanks for your consideration.  Yes, you can do that.  Go up to the original post and click the "request attention" button.   You can ask a moderator for guidance - there is a help page that tells how, but I don't have a link to it, sorry.

best regards, ~Ray

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question