homepage Welcome to WebmasterWorld Guest from 54.227.5.234
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Need help dealing with an http response in CURL
How can I render the response... so far it only works with die()
Demaestro




msg:4410464
 11:19 pm on Jan 24, 2012 (gmt 0)

So I have this really weird thing going on and I think my limited knowledge of PHP is making it worse.

I am changing an integrated login function to use POST instead of GET.

So what would happen is it would send off a hit to the 3rd party site. I tell it where I want it I want it to return to and check it's response and it posts back with a result

$redirectURL = "https://login.membee.com/login.aspx?clientID=" . $cm_client_id . "&appID=" . $cm_app_id . "&username=" . $_POST["username"] . "&password=" . urlencode($_POST["passwd"]) ."&replyURL=" . $sReplyURL . "&destURL=" . $sDestURL . "&txn=" . $stxn . "&integrated=Y" . "&remember=" . $sRememberMe;

Then later I check for the post back and check the response

if (isset($_POST["authResp"]) && $_POST["authResp"] != "") {
//check response codes for success
}

But now I am using CURL to post and since CURL sets up a new request I have to render the response into a POST.

Here is the new code the replaces the redirectURL above
************************
$curl_connection = curl_init("https://login.membee.com/login.aspx");
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

$post_data['clientID'] = $cm_client_id;
$post_data['appID'] = $cm_app_id;
$post_data['username'] = $_POST["username"];
$post_data['password'] = $_POST["passwd"];
$post_data['replyURL'] = $sReplyURL;
$post_data['destURL'] = $sDestURL;
$post_data['txn'] = $stxn;
$post_data['integrated'] = 'Y';
$post_data['remember'] = $sRememberMe;



foreach ( $post_data as $key => $value)
{
$post_items[] = $key . '=' . $value;
}

$post_string = implode ('&', $post_items);

curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

$result = curl_exec($curl_connection);

curl_close($curl_connection);
************************


So far the only way I have found to get the check method which is this

************************
if (isset($_POST["authResp"]) && $_POST["authResp"] != "") {
//check response codes for success
}
************************

Is to add in a die($result);

Once I die and output $result to the screen, it does the POST and the above code rturns true and runs... the problems are:

1) Using die() results in a blank screen for 1-2 seconds... I did this as a workaround so there is text on screen:

die('logging in, please wait to be redirect....' . $result);

2) This is a serious hack and there has to be a better way. (I stumbled on it debugging while trying to output $result to the screen and it worked)

This also works
var_dump($result);
die();

var_dump returns:

STRING(800) "

"

Does anyone have any ideas on a better way to take the $result and render it another way?

 

jatar_k




msg:4410721
 3:58 pm on Jan 25, 2012 (gmt 0)

well, your response should be contained inside your $result variable

maybe try using print_r() to output what is in the var, odd that var_dump doesn't show it, have you viewed source on the page? (assuming you have it open in the browser) Maybe there are some tags that are stopping it from showing.

Demaestro




msg:4410858
 10:27 pm on Jan 25, 2012 (gmt 0)

Hey jatar thanks for replying.

print_r didn't show anything either, but I found out why.

What I did was is this:

echo '<textarea>';
print_r($result);
echo '</textarea>';
die();

And what was in the textarea was this bit of HTML. Looking at this at least it makes sense what is happening now. I am still not sure what I am doing is the best way of handling it.... any suggestions? My PHP knowledge isn't too deep, is there something like $result.renderHTML() that would be a better solution?



*************value of $result*************
<html>
<head>
</head>
<body onload="document.form1.submit()">
<form name="form1" method="POST" action="the_domain_this_runs_on.com" >
<input name="userroles" type="hidden" value="" />
<input name="firstname" type="hidden" value="Test" />
<input name="lastname" type="hidden" value="Account" />
<input name="id" type="hidden" value="262158" />
<input name="clientid" type="hidden" value="xxremoved for security**" />
<input name="desturl" type="hidden" value="a_page_in_the_domain_this_runs_on.com" />
<input name="authResp" type="hidden" value="2" />
<input name="ticks" type="hidden" value="634631268556132279" />
<input name="txn" type="hidden" value="16c355d6b1477e15d2338a592458fc5e" />
<input name="username" type="hidden" value="xxremoved for security**" />
<noscript><input type="Submit" value="Submit" /></noscript>
</form>
</body>
</html>
****************************************************

rocknbil




msg:4411155
 5:30 pm on Jan 26, 2012 (gmt 0)

What is the actual task here? Looks to me like you're trying to log in to /login.aspx, then proceed on to some login with php in another system, is that correct?

In any application - perl, ASP, PHP, it doesn't matter - when you submit data, you must return a response. The "two seconds or so" is probably the curl connection doing it's thing. You should be able to do something like this:

// compose your curl post string, like you're doing
// curl it.
// parse curl result (below)
// - If the curled login fails, output an error (and wisely, the login form again), EXIT
// - if the curled login succeeds
// -- Post your values to the second script
// --- if the second login fails, see above, output error and form, EXIT
// return a response, login was successful. You can display your PARSED $results here, script ends, no need to exit.

Does anyone have any ideas on a better way to take the $result and render it another way?


STRING(800)


Are you actually doing anything with the curl? Generally this is a delimited or XML string, and you have to pick it apart - the reverse of what you're doing to create your curl data string. You can probably store these directly in $_POST, but be careful it doesn't stomp on any current $_POST values. For example, many curl-able locations and API's return a query string:

//authResp=true&user=rocknbil&last-login=2012-01-01&bleah=blah
$post_pairs = explode('&',$result);
foreach ($postpairs as $pair) {
list($k,$v) = explode('=',$pair);
$_POST[$k] = urldecode($v);
}


If it's XML, you'd use some method to step through the tree.

Using the above wire frame, after parsing out $result to get at authResp, you'd only need to check it if it's not auth'ed.

if (! isset($_POST["authResp"]) or ($_POST["authResp"] != "true")) { // should be true or false, shouldn't it?
// print error, output login form
}
// Otherwise you proceed to second login and print a response

Demaestro




msg:4411212
 7:35 pm on Jan 26, 2012 (gmt 0)

Hey RnB.

I am taking the output of CURL (which is that HTML form above ^^) and if I dump that HTML form to the request then it does the final submit and that line (if (isset($_POST["authResp"]) && $_POST["authResp"] != "") returns true.

I didn't set up that logic though I just wanted to work with it.

The backstory on what I am trying to do is this:

A client with a Joomla site came to me because they use a 3rd party user tracking system called Membee I think they mostly use it to track paid memberships. I think Membee bills members and tracks all paid memberships, when they have to renew.. etc.

A few years back they had some developer create an authentication plugin that would check for a user in Joomla, validate then send off the request to Membee who looks up things like "paid status" and returns different statuses if the member is current and able to login, etc.

The way it was built at the time was using GET to send off the hit to Membee. This left the username and password in plain text in the browser history!?!?!?

I guess they realized this security issue, and then approached me to change it to a POST method to keep that out of the query strings and out of browser history.

Because their budget was a little low I didn't want to rewrite the whole plugin so I just tried to make it work within the logic already set up.

I am going to stick with the approach of using die($result); It works, and I can add text or a loading image to the screen while it renders this form and submits it.

This is how it ends up looking.


curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$result = curl_exec($curl_connection);
curl_close($curl_connection);

die('Logging in to WEBSITE_NAME, please wait to be redirected '. $result);

The client was good with it so so am I. They pointed out in the old solution that you get a blank page also... and depending on where you logged in from you would get the warning message popup about content being transferred from both http and https and asked if you want to proceed.

Thanks for your help though. There is likely a better way of parsing the response and completing the login but like I said the budget isn't allowing for that level of coding so.... on to the next one.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved