We help IT Professionals succeed at work.

PHP Secure Post SSL

Brant Snow
Brant Snow asked
on
Im going to be doing a secure post in PHP, this is my first time, I believe the certificate is installed or is going to be installed so we have the .csr

Ill be writing the shopping cart then gathering personal information including credit card then making a secure post to a specific URL they maintain.

I need someone to walk me through the process, what i will need to do, how do i encode the data for my post using the certificate etc and point me in the right direction with code or tutorials that will help me out in this matter.
Comment
Watch Question

http://www.php.net/manual/en/function.curl-setopt.php#76047
<?php 
$ch = curl_init(); 
curl_setopt($ch, CURLOPT_COOKIEJAR, "/Library/WebServer/Documents/tmp/cookieFileName"); 
curl_setopt($ch, CURLOPT_URL,"https://www.example.com/myaccount/start.asp"); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
ob_start();      // Prevent output 
curl_exec ($ch); 
ob_end_clean();  // End preventing output 
curl_close ($ch); 
unset($ch); 

$ch = curl_init(); 
curl_setopt($ch, CURLOPT_POST, 1); 
curl_setopt($ch, CURLOPT_POSTFIELDS, "field1=".$f1."&field2=".$f2."&SomeFlag=True"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); 
curl_setopt($ch, CURLOPT_COOKIEFILE, "/Library/WebServer/Documents/tmp/cookieFileName"); 
curl_setopt($ch, CURLOPT_URL,"https://www.example.com/myaccount/Login.asp"); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
$result = curl_exec ($ch); 
curl_close ($ch); 
?>

Open in new window

Author

Commented:
hankknight this looks good but i have a question, there is going to be a valid SSL so will i need to set that to true or rather 1 or 0, will it automatically encode and decode it using this script.

The other question is what does the response come back as, in other words what is the variable that processes the response?

Author

Commented:
And just to clarify, the verifypeer is only to the site im posting too correct, it has nothing to do with the site im currently on, i could be on a secure site with a ssl certificate and post to a https location and just use verify peer =false if i didnt care to verify who i was posting to correct?

If i wanted to verify the peer i would use something like this correct?

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, getcwd() . "/CAcerts/BuiltinObjectToken-EquifaxSecureCA.crt");
Looks like you are on track.  The two servers will take care of all the security stuff, just like browsers do.