Best way to include my SaaS form on 3rd party sites?

Posted on 2013-05-19
Last Modified: 2013-05-20
I have a SaaS app I've been working on (forever) and am looking for a 'best practice' to include a form on my users sites. The forms are slightly different (they allow someone to subscribe to their own email list etc)

I've considered having the site owners simply pull it into an iframe - may be the easiest but not particularly pretty. I have a modal issue then with the form and its kind of kludgy

Another idea is simply give them the code to stick in. But its much harder to make any changes or update at all if I need to.

The idea I'm leaning toward is since the sites all run php, perhaps I could have them include a file on their site which executes a cURL request and pulls in the form from my site. ie:

They put the require where they want the form to appear:
<?php require_once("getform.php"); ?>

getform.php looks like:

	function get_data($url) {
	$ch = curl_init();
	$timeout = 5;
	$data = curl_exec($ch);
	return $data;

$form = get_data('');
echo $form;

Open in new window

It seems to work not bad, returns the form based on the user variable so it pertains to the correct list. And still resides on my site. The form submits via jsonp so it is very seamless and works cross domain.

So... is using a cURL request a good way to go as long as the servers have php? Any gotcha's waiting to destroy me publicly? I'm not particularly experienced so any issues or improvements in my cURL request sticking out?
Question by:tjyoung
  • 3
  • 2
  • 2
LVL 109

Expert Comment

by:Ray Paseur
ID: 39181075
I think the way Google Analytics does this sort of thing is via JavaScript.  Pretty sure that FB does it that way, too.  They make AJAX requests to load forms (and other things) into the appropriate DIVs of the document.

You might put some thought into client authentication.  Example:  Let's say I am user #123456, but I'm curious about what user #123457 is doing.  It would appear easy for me to manipulate this code and sample other users' information.  You may or may not want to allow that.
LVL 34

Accepted Solution

Slick812 earned 400 total points
ID: 39182074
greetings  tjyoung,  You seem to be on the right tract, if you need to have information (data, html display)  on several other PHP sites that are not your domain name, However there may be some things you might consider for this.
You say = "But its much harder to make any changes or update at all if I need to"
I guess you mean that you could update or change the -
form.php script, to do different or updated things. And yes, this would allow you to distribute the getform.php to many other PHP site developers to get your display on their page.

Some of my thoughts (opinions) are -
You really should have an authentication with any "User" info requested, such as -
$form = get_data('');
where the "acb4d2ef3cf10dacca4defa8f1d6bc01" is a Unique value that you generate and store, so that if  user=123456  data is requested, the correct access (authentication) string must exactly match your stored aut string.

You may not need the cURL , I think that the cURL is for more complicated URL like a POST, Also I would think that this would do your data fetch -
$form = file_get_contents('');
if ((strlen($form) < 5) || ($form == 'ERROR') {
    echo '<h2>ERROR for Form setup</h2>';
    } else echo $form;

Also you may should check the return string "$form" for a correct beginning like get a sub-string and check for "<form", because, if it returns a "404, page not here" status error, then you should not echo out the $form.
- - - - - - - - -
You may want to allow some customization, such as colour -
<?php $uZ765v_colour = "light blue"; // Use Special Prefix Variables to avoid overwrite of site's variables
require_once("getform.php"); ?>

in the getform, maybe -
if (isset($uZ765v_colour)) {
    $form = file_get_contents(''.$uZ765v_colour);
    } else
    $form = file_get_contents('');

But thinking about this is not the same as getting results from using it, testing and trying to do common errors like programmers mis typing or or mis placement of your code in their code, like putting your -
<?php require_once("getform.php"); ?>
at the beginning of there PHP code before the  session_start();   or other things.

I hope I have  given u some that will help, but there may be other factors, depending on the developers using your -
<?php require_once("getform.php"); ?>

Author Comment

ID: 39182572
Hi, yes the user id is actually a much longer/random string. I just used 123456 as example. Its actually 12 random characters including alpha and numerical.
Never thought of file_get_contents.

Trying it and tried creating an error. That works but I noticed I get the warning php error as well as whatever I want to send back as an error message. Can I suppress this or is this something that is happening on that server's end and I can't suppress?

Warning: file_get_contents( [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/biggest/public_html/test/index.php on line 19
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 39182698
You can suppress any PHP error message by prepending the @ to the function call.

if (!$str = @file_get_contents('path/to/file')) { /* file-get-contents() Failed */ }

But that said, I still think I would try to do this with JavaScript / AJAX.  I have a "hello world" example in this article.  It could just as easily send a complete HTML form.
LVL 34

Expert Comment

ID: 39182953
something else I thought of, I guess that your html echo inserted form, will have an action that goes to your domain with the POST inputs, so whoever submits the form, will leave the domain of the containing page, , not sure, but I could test it, but I seem to remember that there may be restrictions about some browsers using a different domain in the form action. And after you get the POST data in your -
you will have to redirect the page back to the original domain where the form was inserted. Maybe I do not understand all of the functionality and data transfers for your idea of a web hosted SaaS app, but I do not feel now, from what I have read here or considered, that your easy to use insert with -
<?php require_once("getform.php"); ?>
can be set up with ease. You might want to have a web hosted SaaS app, that uses a published web API, with a web REST System (stateless transfer of info), and then have GET http requests like -
return some string or XML or JSON that has the data (html form in this case) to the PHP code that another developer is doing and show how to do PHP code with file_get_contents( ) or cURL (API) for those developers to use your web hosted SaaS app. You will no doubt have to have a SaaS that is worth bothering with and time spent, ,  and has useful services for data returns that would require more API than -
<?php require_once("getform.php"); ?>

You really need to have two independent Domains, that you can test this with, one as the SaaS and the other as the user of that SaaS, your test in the Same domain may be meaningless, except to see if the PHP code will run.

@ Ray, I do not think that you can not do cross domain calls in Ajax, at least as far as I know of.
LVL 109

Expert Comment

by:Ray Paseur
ID: 39183002
TLDR.  I'll leave it to you guys to sort it out.  Best of luck and best regards, ~Ray

Author Comment

ID: 39183049
I use jsonp with a callback to circumvent that exact issue. That I've tried and have been using two servers and different domains.  I can return simple json but using json with padding and specifying a callback in the URL I can accomplish cross domain without problems. The saas is biz to biz so fortunately won't rely on typical consumers but companies with IT available. Regardless I appreciate your help and plan to implement your suggestions

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question