POST without a form - Possible

[papaface]

Hello,

Here is the scenario:

 

I have a page at domain.com. On that page I have a link to a page (page.php) that contains a form. The form contains private information, that is automatically POSTed to anotherdomain.com when the page loads.

 

How can I still POST the data, but without anyone downloading the HTML from page.php and stealing the form values?

 

I believe cURL can't be used as the person still needs to be directed to anotherdomain.com, and I think cURL only does it as a background process?

[kenrbnsn]

Did you read the cURL documentation? You're belief is incorrect.

 

Ken

[papaface]

No I didn't as I dont know cURL. My belief is just a passing statement, I wasnt sure if it was right or not.

 

Can anyone tell me how this can be done?

[MadTechie]

2 ways,

1. read CURL documentation

2. search the forum (i have written the script on here before).

[papaface]

2 ways,

1. read CURL documentation

2. search the forum.

I would do your second option, but to be frank, the search option for SMF is crap. No doubt some smart arse is gonna give me a link to a previous thread - so predicable.

[MadTechie]

one of a few

http://www.phpfreaks.com/forums/index.php/topic,161386.0.html

[papaface]

one of a few

http://www.phpfreaks.com/forums/index.php/topic,161386.0.html

Yeah, but for someone that doesn't know cURL, and posts in the "help" section. That isn't really "helping" me.

[MadTechie]

the basic concept is this (note the //heres)

 

<?php
//FIELD HERE
$post_data = array(
"url" => "http://pn-network.net/sprites/tc_012_2.png",
"fileupload" => "http://pn-network.net/sprites/tc_012_2.png",
"MAX_FILE_SIZE" => "13145728",
"refer" => "",
"brand" => "",
);
$ch = curl_init();//OF COURSE
curl_setopt($ch, CURLOPT_URL, "http://www.imageshack.us/transload.php"); //HERE
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_POST, true); //HERE
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); //HERE
curl_exec($ch);//OF COURSE
curl_close($ch);//OF COURSE
?>

[papaface]

Thanks for that, but will that actually take a person to the page a form would normally be posted to?

the basic concept is this (note the //heres)

 

<?php
//FIELD HERE
$post_data = array(
"url" => "http://pn-network.net/sprites/tc_012_2.png",
"fileupload" => "http://pn-network.net/sprites/tc_012_2.png",
"MAX_FILE_SIZE" => "13145728",
"refer" => "",
"brand" => "",
);
$ch = curl_init();//OF COURSE
curl_setopt($ch, CURLOPT_URL, "http://www.imageshack.us/transload.php"); //HERE
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
curl_setopt($ch, CURLOPT_POST, true); //HERE
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data); //HERE
curl_exec($ch);//OF COURSE
curl_close($ch);//OF COURSE
?>

[sKunKbad]

I use an email processing script that as a side process uses curl to add people to an email list. This side process is independent of the email processing script, and once both tasks have been completed the main script redirects the user to either a thank you page, a thank you page with email list confirmation, or an error page.

 

This is the side process that uses curl:

<?php
if ($aCleanedValues['opt-in'] == 'Y'){
$prename = $_POST['realname'];
$nameRegex = "/^[A-Z\s\.,'-]+$/i";
$preemail = $_POST['email'];
$emailRegex = "/^(?:^[A-Z0-9._%-]+@[A-Z0-9.-]+\.(?:[A-Z]{2}|com|org|net|biz|info|name|aero|gov|mobi|tv|biz|info|jobs|museum)$)$/i";
if(preg_match($nameRegex,$prename) && preg_match($emailRegex,$preemail)) {
	$name = $prename;
	$email = $preemail;
	$url = "http://newsletters.somedomain.com/subscribe.aspx?Task=Join";
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL,$url); // set url to post to
	curl_setopt($ch, CURLOPT_FAILONERROR, 1); //needed for some reason
	curl_setopt($ch, CURLOPT_TIMEOUT, 30); // times out after 31s
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); //so you dont see the process, it just happens before the redirect
	curl_setopt($ch, CURLOPT_POST, 1); // set POST method
	curl_setopt($ch, CURLOPT_POSTFIELDS,  array('Name'=>"$name",
												'Email'=>"$email",
												'DeliveryFormat'=>'HTML',
												'Password'=>'RandomNumber',
												'NewsletterListID'=>'526',
												'JoinType'=>'Menu',
												'SID'=>'{abcEB2A7-0B0C-A50B-ckjkaddB114A}')); // add POST fields
	curl_exec($ch); // run the whole process
	curl_close($ch);
}
}
?>

[MadTechie]

It will return the data from that form..

 

so you could do this

 

$html= curl_exec($ch);
echo $html;

 

i think the big question is why your taking this route!

[papaface]

It will return the data from that form..

 

so you could do this

 

$html= curl_exec($ch);
echo $html;

 

i think the big question is why your taking this route!

Always assume the worst!

I'm doing this to protect forms that contain confidential info. Why are you so suspicious !

 

I want the person to actually be taken to the place they'd be taken if they pressed the submit button in a form.

Echoing out the results isnt an option as they need to pay via paypal...

[MadTechie]

But PayPal has an API, for this...

 

i am so suspicious, because i am the one after you... Muahahha (just kidding)

i'm not suspicious, i am just trying to understand the problem..

[papaface]

I am aware Paypal has an API, but you have to submit values to it.

Meh it doesnt matter. I'm obviously not gonna get anywhere with this.