How can redirect from perl to another cgi sending parameters?

Forum Moderators: coopster & phranque

Message Too Old, No Replies

How can redirect from perl to another cgi sending parameters?

Is it possible hide the parameters?

Zhusaipei

3:01 am on Dec 26, 2003 (gmt 0)

I know that the following would work:

print "Location: [www\.site\.com...]

but, for security reasons (the newcgi.pl is my bank's page accepting payments) I'd like to avoid parameters be showed in the url.

I wonder if the client could only read the address of the new page (that of my bank) while parameters are sent invisibly to it by my perl script.

Does anyone know if it is possible?

thanks

volatilegx

8:41 pm on Dec 29, 2003 (gmt 0)

Sure it's possible :)

What you want to do is make a POST request to the other CGI script. This is basically the same as accessing a CGI script through an HTML form.

Here's a way to do it:

use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
$ua = LWP::UserAgent->new;

my $req = POST 'http://www.perl.com/cgi-bin/BugGlimpse',
[ search => 'www', errors => 0 ];

print $ua->request($req)->as_string;

(The above was taken from the LWP Cookbook, published here: [search.cpan.org...] )

In the above example, the data they are posting is this:

search => 'www', errors => 0

They are sending two fields: 'search' and 'errors'. The data those fields refer to is, respectively, 'www' and '0'. To add more fields/data, you'd simply put another comma after the last piece of data and specify a new field name, followed by a '=>', followed by the data.

It's important to URL-encode the fieldnames and data, just like you would for a GET request (the request you gave in your example).

Dan

Zhusaipei

6:48 pm on Jan 2, 2004 (gmt 0)

Thank you very much Dan,
I've read and tested your suggestion.

To have a correct header I replaced the line:
print $ua->request($req)->as_string;

with (I found it somewhere else):
my $output = $ua->request($req)->as_string;
$output =~ s!^HTTP/\d+\.\d+!Status:!;
print $output;

and it works good.

Anyway I'm afraid it doesn't solve the problem.
There's no redirection.
I mean it seems that (if I got it correctly reading cpan lwpcook) it is my script that first receive the bank's page and then send it to the browser.
That's why my browser never shows the bank's page address.

Due to the nature of information received by the bank's page (e.g. credit card numbers) I'd like not to be that sort of mediator between client and bank when processing such data.

Is it possible redirect + send parameters + hide parameters?

thank you again

alexhudson

12:29 am on Jan 3, 2004 (gmt 0)

It's not possible to redirect to a different request, which is what you're asking for. This isn't a Perl problem; it's an HTTP problem.

Your example is also a little wierd - a script at a bank accepting payment info over a non-secure connection? Using a GET request? I find that quite hard to believe; and even if it's true, you don't want to do things that way. Talk to the bank, see what they say.

Zhusaipei

2:21 pm on Jan 3, 2004 (gmt 0)

Thank you AlexHudson. At least now I can stop trying to do something impossible to do.

About my example, you're right, that was just an example.
The real address is:
[select.worldpay.com...]

alexhudson

2:09 pm on Jan 4, 2004 (gmt 0)

Ah, if you're using WorldPay there's a very good Perl module on CPAN for accessing it. Have you tried looking at that?

Zhusaipei

11:51 pm on Jan 4, 2004 (gmt 0)

In the README file of that module is written:
"Once you have registered your transaction you should send the user to the WorldPay website for payment - I usually just print a simple page to the user informing them of the amount owing and what it is for with a simple "Click here to pay" button. It's a simple HTML form."

I just wanted to skip that step.

thank you anyway

volatilegx

5:28 pm on Jan 6, 2004 (gmt 0)

I think the most efficient way of doing it would be to use a JavaScript redirect, then.