reposting $_POST variables after a header redirect

[taith]

just wondering if its possible (and how) to create a $_POST variable, then header('Location: elsewhere.php'); and have the variable accessable on the next page...?

[ratcateme]

you might want to try $_SESSION that way when you redirect the var is not hidden as POST or exposed as GET it is stored on the server.

 

Scott.

[taith]

unfortunatly thats not possible...

 

1) the redirecting to page is of a different domain(no $_SESSION)

2) $_GET is too unsecure and not supported by the site i'm directing too...

3) i'm directing via header('Location: '); so i cant use <input hidden>

[DarkWater]

Then no.  =/

[mbradley]

then u would be using the location:page.php?info=yada

 

what u might try is passing them to another page that actually takes info and sends them to another page with the sessions to keep it hiden?

[taith]

then u would be using the location:page.php?info=yada

i cannot use $_GET... the remote page does not allow $_GET... only $_POST

 

what u might try is passing them to another page that actually takes info and sends them to another page with the sessions to keep it hiden?

the page i'd be sending to would be remote, therefore cannot access the session info...

[papaface]

You can do this kind of thing using cURL.

<?php
  $curl = curl_init();
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $_POST);
  curl_setopt($curl, CURLOPT_URL, "http://www.google.com");
  curl_exec($curl);
  curl_close($curl);
?>

Will post the form vars to google.com

[DarkWater]

@papaface: That's great, but that won't help him redirect someone to a page with some variable carrying over. 

 

@taith:  They designed sessions and cookies to try to be "secure", so they can only be accessed from the domain that set them.

[taith]

ya... curl is for incoming data, not for forcing outgoing data...

 

and yes i know... sessions/cookies wont work...

 

i need a sort of "header("POSTVariable:var='content'");" but it doesnt seem to be created yet :'(

[DarkWater]

Do you know how HTTP headers work?

For example, when accessing the main PHPFreaks.com page, these are all the headers:

http://www.phpfreaks.com/



GET / HTTP/1.1

Host: www.phpfreaks.com

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008061015 Firefox/3.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Cookie: Let's not show my session ID and stuff, thanks.


HTTP/1.x 200 OK

Date: Fri, 04 Jul 2008 23:06:43 GMT

Server: Apache/2.2.8 (EL)

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: phpfreaks_session=mYsEsSiOnIdLololol; expires=Sun, 03 Aug 2008 23:06:43 GMT; path=/

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html; charset=utf-8

 

The first block is what the browser sends to the server, and the second block is the response.  When a Location header is sent, the browser interprets that as a redirect, which is why not every page has a Location header.  There's no real way to tell the browser about POST data...the browser has to SEND POST data, not recieve it.

[taith]

true... but the data is sent to the first server, then the redirect to the new page... and the post data is not available on the new page...

 

meaning the content does go to the first server... i was just hoping there'd be a way of forcing php to mimic a http request (sending the POST data) from the client side...