Demaestro - 7:35 pm on Jan 26, 2012 (gmt 0)

Hey RnB.

I am taking the output of CURL (which is that HTML form above ^^) and if I dump that HTML form to the request then it does the final submit and that line (if (isset($_POST["authResp"]) && $_POST["authResp"] != "") returns true.

I didn't set up that logic though I just wanted to work with it.

The backstory on what I am trying to do is this:

A client with a Joomla site came to me because they use a 3rd party user tracking system called Membee I think they mostly use it to track paid memberships. I think Membee bills members and tracks all paid memberships, when they have to renew.. etc.

A few years back they had some developer create an authentication plugin that would check for a user in Joomla, validate then send off the request to Membee who looks up things like "paid status" and returns different statuses if the member is current and able to login, etc.

The way it was built at the time was using GET to send off the hit to Membee. This left the username and password in plain text in the browser history!?!?!?

I guess they realized this security issue, and then approached me to change it to a POST method to keep that out of the query strings and out of browser history.

Because their budget was a little low I didn't want to rewrite the whole plugin so I just tried to make it work within the logic already set up.

I am going to stick with the approach of using die($result); It works, and I can add text or a loading image to the screen while it renders this form and submits it.

This is how it ends up looking.


curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$result = curl_exec($curl_connection);
curl_close($curl_connection);

die('Logging in to WEBSITE_NAME, please wait to be redirected '. $result);

The client was good with it so so am I. They pointed out in the old solution that you get a blank page also... and depending on where you logged in from you would get the warning message popup about content being transferred from both http and https and asked if you want to proceed.

Thanks for your help though. There is likely a better way of parsing the response and completing the login but like I said the budget isn't allowing for that level of coding so.... on to the next one.