Best way to include my SaaS form on 3rd party sites?

Posted on 2013-05-19
Last Modified: 2013-05-20
I have a SaaS app I've been working on (forever) and am looking for a 'best practice' to include a form on my users sites. The forms are slightly different (they allow someone to subscribe to their own email list etc)

I've considered having the site owners simply pull it into an iframe - may be the easiest but not particularly pretty. I have a modal issue then with the form and its kind of kludgy

Another idea is simply give them the code to stick in. But its much harder to make any changes or update at all if I need to.

The idea I'm leaning toward is since the sites all run php, perhaps I could have them include a file on their site which executes a cURL request and pulls in the form from my site. ie:

They put the require where they want the form to appear:
<?php require_once("getform.php"); ?>

getform.php looks like:

	function get_data($url) {
	$ch = curl_init();
	$timeout = 5;
	$data = curl_exec($ch);
	return $data;

$form = get_data('');
echo $form;

Open in new window

It seems to work not bad, returns the form based on the user variable so it pertains to the correct list. And still resides on my site. The form submits via jsonp so it is very seamless and works cross domain.

So... is using a cURL request a good way to go as long as the servers have php? Any gotcha's waiting to destroy me publicly? I'm not particularly experienced so any issues or improvements in my cURL request sticking out?
Question by:tjyoung
  • 3
  • 2
  • 2
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I think the way Google Analytics does this sort of thing is via JavaScript.  Pretty sure that FB does it that way, too.  They make AJAX requests to load forms (and other things) into the appropriate DIVs of the document.

You might put some thought into client authentication.  Example:  Let's say I am user #123456, but I'm curious about what user #123457 is doing.  It would appear easy for me to manipulate this code and sample other users' information.  You may or may not want to allow that.
LVL 33

Accepted Solution

Slick812 earned 400 total points
Comment Utility
greetings  tjyoung,  You seem to be on the right tract, if you need to have information (data, html display)  on several other PHP sites that are not your domain name, However there may be some things you might consider for this.
You say = "But its much harder to make any changes or update at all if I need to"
I guess you mean that you could update or change the -
form.php script, to do different or updated things. And yes, this would allow you to distribute the getform.php to many other PHP site developers to get your display on their page.

Some of my thoughts (opinions) are -
You really should have an authentication with any "User" info requested, such as -
$form = get_data('');
where the "acb4d2ef3cf10dacca4defa8f1d6bc01" is a Unique value that you generate and store, so that if  user=123456  data is requested, the correct access (authentication) string must exactly match your stored aut string.

You may not need the cURL , I think that the cURL is for more complicated URL like a POST, Also I would think that this would do your data fetch -
$form = file_get_contents('');
if ((strlen($form) < 5) || ($form == 'ERROR') {
    echo '<h2>ERROR for Form setup</h2>';
    } else echo $form;

Also you may should check the return string "$form" for a correct beginning like get a sub-string and check for "<form", because, if it returns a "404, page not here" status error, then you should not echo out the $form.
- - - - - - - - -
You may want to allow some customization, such as colour -
<?php $uZ765v_colour = "light blue"; // Use Special Prefix Variables to avoid overwrite of site's variables
require_once("getform.php"); ?>

in the getform, maybe -
if (isset($uZ765v_colour)) {
    $form = file_get_contents(''.$uZ765v_colour);
    } else
    $form = file_get_contents('');

But thinking about this is not the same as getting results from using it, testing and trying to do common errors like programmers mis typing or or mis placement of your code in their code, like putting your -
<?php require_once("getform.php"); ?>
at the beginning of there PHP code before the  session_start();   or other things.

I hope I have  given u some that will help, but there may be other factors, depending on the developers using your -
<?php require_once("getform.php"); ?>

Author Comment

Comment Utility
Hi, yes the user id is actually a much longer/random string. I just used 123456 as example. Its actually 12 random characters including alpha and numerical.
Never thought of file_get_contents.

Trying it and tried creating an error. That works but I noticed I get the warning php error as well as whatever I want to send back as an error message. Can I suppress this or is this something that is happening on that server's end and I can't suppress?

Warning: file_get_contents( [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/biggest/public_html/test/index.php on line 19
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
Comment Utility
You can suppress any PHP error message by prepending the @ to the function call.

if (!$str = @file_get_contents('path/to/file')) { /* file-get-contents() Failed */ }

But that said, I still think I would try to do this with JavaScript / AJAX.  I have a "hello world" example in this article.  It could just as easily send a complete HTML form.
LVL 33

Expert Comment

Comment Utility
something else I thought of, I guess that your html echo inserted form, will have an action that goes to your domain with the POST inputs, so whoever submits the form, will leave the domain of the containing page, , not sure, but I could test it, but I seem to remember that there may be restrictions about some browsers using a different domain in the form action. And after you get the POST data in your -
you will have to redirect the page back to the original domain where the form was inserted. Maybe I do not understand all of the functionality and data transfers for your idea of a web hosted SaaS app, but I do not feel now, from what I have read here or considered, that your easy to use insert with -
<?php require_once("getform.php"); ?>
can be set up with ease. You might want to have a web hosted SaaS app, that uses a published web API, with a web REST System (stateless transfer of info), and then have GET http requests like -
return some string or XML or JSON that has the data (html form in this case) to the PHP code that another developer is doing and show how to do PHP code with file_get_contents( ) or cURL (API) for those developers to use your web hosted SaaS app. You will no doubt have to have a SaaS that is worth bothering with and time spent, ,  and has useful services for data returns that would require more API than -
<?php require_once("getform.php"); ?>

You really need to have two independent Domains, that you can test this with, one as the SaaS and the other as the user of that SaaS, your test in the Same domain may be meaningless, except to see if the PHP code will run.

@ Ray, I do not think that you can not do cross domain calls in Ajax, at least as far as I know of.
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
TLDR.  I'll leave it to you guys to sort it out.  Best of luck and best regards, ~Ray

Author Comment

Comment Utility
I use jsonp with a callback to circumvent that exact issue. That I've tried and have been using two servers and different domains.  I can return simple json but using json with padding and specifying a callback in the URL I can accomplish cross domain without problems. The saas is biz to biz so fortunately won't rely on typical consumers but companies with IT available. Regardless I appreciate your help and plan to implement your suggestions

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now