Well the account was just for security purposes. I mean for what you're doing, you can make it really simple just to test things out.
So for ABC your code would have it check what GET data comes in like:
$_GET['account'];
Then say that 'account' needs to be: Prez123 in order to allow changes to be made.
Then on XYZ, you pass it the account info and the file name or path...let's say file name.
So XYZ would post to ABC with www.abc.com?account=Prez123&filename=myfilename
This is REALLY a hack way of doing things and I really kinda regret even typing up this kind of method....
You should look into CURL, and have it post data to ABC.com