Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Need help dealing with an http response in CURL

How can I render the response... so far it only works with die()

11:19 pm on Jan 24, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 15, 2003
votes: 0

So I have this really weird thing going on and I think my limited knowledge of PHP is making it worse.

I am changing an integrated login function to use POST instead of GET.

So what would happen is it would send off a hit to the 3rd party site. I tell it where I want it I want it to return to and check it's response and it posts back with a result

$redirectURL = "https://login.membee.com/login.aspx?clientID=" . $cm_client_id . "&appID=" . $cm_app_id . "&username=" . $_POST["username"] . "&password=" . urlencode($_POST["passwd"]) ."&replyURL=" . $sReplyURL . "&destURL=" . $sDestURL . "&txn=" . $stxn . "&integrated=Y" . "&remember=" . $sRememberMe;

Then later I check for the post back and check the response

if (isset($_POST["authResp"]) && $_POST["authResp"] != "") {
//check response codes for success

But now I am using CURL to post and since CURL sets up a new request I have to render the response into a POST.

Here is the new code the replaces the redirectURL above
$curl_connection = curl_init("https://login.membee.com/login.aspx");
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);

$post_data['clientID'] = $cm_client_id;
$post_data['appID'] = $cm_app_id;
$post_data['username'] = $_POST["username"];
$post_data['password'] = $_POST["passwd"];
$post_data['replyURL'] = $sReplyURL;
$post_data['destURL'] = $sDestURL;
$post_data['txn'] = $stxn;
$post_data['integrated'] = 'Y';
$post_data['remember'] = $sRememberMe;

foreach ( $post_data as $key => $value)
$post_items[] = $key . '=' . $value;

$post_string = implode ('&', $post_items);

curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);

$result = curl_exec($curl_connection);


So far the only way I have found to get the check method which is this

if (isset($_POST["authResp"]) && $_POST["authResp"] != "") {
//check response codes for success

Is to add in a die($result);

Once I die and output $result to the screen, it does the POST and the above code rturns true and runs... the problems are:

1) Using die() results in a blank screen for 1-2 seconds... I did this as a workaround so there is text on screen:

die('logging in, please wait to be redirect....' . $result);

2) This is a serious hack and there has to be a better way. (I stumbled on it debugging while trying to output $result to the screen and it worked)

This also works

var_dump returns:

STRING(800) "


Does anyone have any ideas on a better way to take the $result and render it another way?
3:58 pm on Jan 25, 2012 (gmt 0)


WebmasterWorld Administrator jatar_k is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:July 24, 2001
votes: 0

well, your response should be contained inside your $result variable

maybe try using print_r() to output what is in the var, odd that var_dump doesn't show it, have you viewed source on the page? (assuming you have it open in the browser) Maybe there are some tags that are stopping it from showing.
10:27 pm on Jan 25, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 15, 2003
votes: 0

Hey jatar thanks for replying.

print_r didn't show anything either, but I found out why.

What I did was is this:

echo '<textarea>';
echo '</textarea>';

And what was in the textarea was this bit of HTML. Looking at this at least it makes sense what is happening now. I am still not sure what I am doing is the best way of handling it.... any suggestions? My PHP knowledge isn't too deep, is there something like $result.renderHTML() that would be a better solution?

*************value of $result*************
<body onload="document.form1.submit()">
<form name="form1" method="POST" action="the_domain_this_runs_on.com" >
<input name="userroles" type="hidden" value="" />
<input name="firstname" type="hidden" value="Test" />
<input name="lastname" type="hidden" value="Account" />
<input name="id" type="hidden" value="262158" />
<input name="clientid" type="hidden" value="xxremoved for security**" />
<input name="desturl" type="hidden" value="a_page_in_the_domain_this_runs_on.com" />
<input name="authResp" type="hidden" value="2" />
<input name="ticks" type="hidden" value="634631268556132279" />
<input name="txn" type="hidden" value="16c355d6b1477e15d2338a592458fc5e" />
<input name="username" type="hidden" value="xxremoved for security**" />
<noscript><input type="Submit" value="Submit" /></noscript>
5:30 pm on Jan 26, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
votes: 0

What is the actual task here? Looks to me like you're trying to log in to /login.aspx, then proceed on to some login with php in another system, is that correct?

In any application - perl, ASP, PHP, it doesn't matter - when you submit data, you must return a response. The "two seconds or so" is probably the curl connection doing it's thing. You should be able to do something like this:

// compose your curl post string, like you're doing
// curl it.
// parse curl result (below)
// - If the curled login fails, output an error (and wisely, the login form again), EXIT
// - if the curled login succeeds
// -- Post your values to the second script
// --- if the second login fails, see above, output error and form, EXIT
// return a response, login was successful. You can display your PARSED $results here, script ends, no need to exit.

Does anyone have any ideas on a better way to take the $result and render it another way?


Are you actually doing anything with the curl? Generally this is a delimited or XML string, and you have to pick it apart - the reverse of what you're doing to create your curl data string. You can probably store these directly in $_POST, but be careful it doesn't stomp on any current $_POST values. For example, many curl-able locations and API's return a query string:

$post_pairs = explode('&',$result);
foreach ($postpairs as $pair) {
list($k,$v) = explode('=',$pair);
$_POST[$k] = urldecode($v);

If it's XML, you'd use some method to step through the tree.

Using the above wire frame, after parsing out $result to get at authResp, you'd only need to check it if it's not auth'ed.

if (! isset($_POST["authResp"]) or ($_POST["authResp"] != "true")) { // should be true or false, shouldn't it?
// print error, output login form
// Otherwise you proceed to second login and print a response
7:35 pm on Jan 26, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 15, 2003
votes: 0

Hey RnB.

I am taking the output of CURL (which is that HTML form above ^^) and if I dump that HTML form to the request then it does the final submit and that line (if (isset($_POST["authResp"]) && $_POST["authResp"] != "") returns true.

I didn't set up that logic though I just wanted to work with it.

The backstory on what I am trying to do is this:

A client with a Joomla site came to me because they use a 3rd party user tracking system called Membee I think they mostly use it to track paid memberships. I think Membee bills members and tracks all paid memberships, when they have to renew.. etc.

A few years back they had some developer create an authentication plugin that would check for a user in Joomla, validate then send off the request to Membee who looks up things like "paid status" and returns different statuses if the member is current and able to login, etc.

The way it was built at the time was using GET to send off the hit to Membee. This left the username and password in plain text in the browser history!?!?!?

I guess they realized this security issue, and then approached me to change it to a POST method to keep that out of the query strings and out of browser history.

Because their budget was a little low I didn't want to rewrite the whole plugin so I just tried to make it work within the logic already set up.

I am going to stick with the approach of using die($result); It works, and I can add text or a loading image to the screen while it renders this form and submits it.

This is how it ends up looking.

curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$result = curl_exec($curl_connection);

die('Logging in to WEBSITE_NAME, please wait to be redirected '. $result);

The client was good with it so so am I. They pointed out in the old solution that you get a blank page also... and depending on where you logged in from you would get the warning message popup about content being transferred from both http and https and asked if you want to proceed.

Thanks for your help though. There is likely a better way of parsing the response and completing the login but like I said the budget isn't allowing for that level of coding so.... on to the next one.