I’m trying to learn how to do this, but I’m not sure if I’m on the right track… I’m in a php script on the initiator page and from within that script I want to post to a target url with certain parameters so that a process in that target url will be kicked off. However, I don’t want to leave the current page I’m on… I want to stay right on the same initiator page.
This is new to me, so I found some stuff on cURL which I think might be the approach to take (although I’m not sure.) What I have so far is:
function cURL_test() {
session_start();
if ( $_SESSION) {
//open connection
$ch = curl_init();
$url = 'https://testdomain.com/beta/';
$fields_string = '?mbr_value=--thisval--&email=' . $_SESSION[ 'member']['email'];
$output = "url = " . $url . $fields_string; // $output looks correct when echoed
//set the url, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
}
return $output;
}
When looking at the called url (the $output) the url sting looks correct, and if I manually copy the url string and put in a browser it correctly works and starts the target process. But two problems when I try curl_exec:
The target process is not triggered. So maybe there is something wrong with my cURL setup?
The browser seems like it is being redirected to the $output url. But I want to stay on the initiator page. Is there a way to do that?
And this is the code… effectively, when someone visits the page the user test@test.com should automatically be logged in and then redirected to a login success page. (The parameters in the url causes all that to happen.)
// This is the php code that is executed when visiting the page
function cURL_login() {
session_start();
if ( $_SESSION) {
//open connection
$ch = curl_init();
$url = 'https://wellnessstockshop.com/beta/';
$fields_string = 'mbr_autologin=--Brilliant--&email=test@test.com&redir=https://wellnessstockshop.com/beta/test-curl-login-success/';
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
$output = "url = " . $url . "?" . $fields_string;
}
return $output;
}
You first have to sort out who is who. You have a person that is clicking through your page (1), you have a foreign server that can be logged on (2) - and now you just add another user: the server that’s making the actual login via CURL (3). That’s why your human user (1) can’t be forwarded to the foreign server (2), because your server (3) is holding the credentials, e.g. session-id or cookie. You can not easily share the login without sharing the login-secret. And even if you are able to get the cookie from your server (3) to the actual user (1), there still may be some IP-check on the foreign server (2) that prevents sharing this session. Because what you are trying to do is session-hijacking. Have a research on single sign-on.
But you already have two opposing requirements:
I want to stay right on the same initiator page.
the user test@test.com should automatically be logged in and then redirected to a login success page.