emulating POST data on local files

[dadamssg87]

I know cURL is primarily for fetching data from remote sites. Should you use cURL to get data from local urls that use POST data?

 

For example, i have a page the displays a receipt.  i use this to send html emails and also for the customer to view the receipt in their browser if their email client isn't displaying it correctly.

 

If POST cardholder data is present it will display the first name, last name, address, city, state, zip, phone, email, and method of payment in the receipt.

 

I use the file_get_contents() function to retrieve that web page and send the email. The problem: No POST data is present when doing that so if you're the one getting the receipt email, your billing information won't be on it. There's no way to prove that the receipt is actually yours.

 

I'm trying to comply with PCI standards so i'm trying to avoid storing cardholder data in sessions or a database table.

[Andy-H]

Why not just include the script, I assume it's the script that generates an email?

//?name=andy&card=0000111122223333
extract($_POST, EXTR_SKIP);


include 'create_email.php';

create_email.php

$mail = <<<EMAIL
   <table>
      <tr>
         <td>Name</td>
         <td>{$name}</td>
      </tr>

      <tr>
         <td>Card No.</td>
         <td>{$card}</td>
      </tr>
   </table>
EMAIL;

 

 

[requinix]

Does it help to know that you can set $_POST manually? It's just an array.

 

If receipt.php expects $_POST["name"] and $_POST["total"] then you can

$_POST = array(
    "name" => $name,
    "total" => $a + $b + $c
);
include "receipt.php";