19

I'm setting up a custom e-commerce solution, and the payment system I'm using requires me to send HTTPS POSTS.

How can I do this using php (and CURL?), is it any different from sending http posts?

UPDATE:

Thanks for your replies, they've been very useful. I assume I will need to purchase an SSL certificate for this to work, and I will obviously do this for the final site, but is there any way for me to test this without buying one?

Thanks, Nico

Nico Burns
  • 16,639
  • 10
  • 40
  • 54
  • 5
    You just need a certificate if someone wants to connect with your server, not if you want to connect to another server. – Gumbo Jul 20 '09 at 15:56
  • You don't need to buy a certificate if your only connecting to you own servers. self signing cert's are as good as any other as long as you're sure of both ends of the communication channel. Also if your connecting to their server by https they have to get the cert not you. you only need to buy one if the public are connecting to a server (via the web or API) –  Nov 27 '13 at 20:31

5 Answers5

44

PHP/Curl will handle the https request just fine. What you may need to do, especially when going against a dev server, is turn CURLOPT_SSL_VERIFYPEER off. This is because a dev server may be self signed and fail the verify test.

$postfields = array('field1'=>'value1', 'field2'=>'value2');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://foo.com');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_POST, 1);
// Edit: prior variable $postFields should be $postfields;
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfields);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // On dev server only!
$result = curl_exec($ch);
laurent
  • 88,262
  • 77
  • 290
  • 428
  • @brent baisley it works fine but when i try to fetch from some website it gives "400 Bad Request nginx" what to do in that case ? –  May 21 '13 at 12:59
  • 2
    @VivekSancheti probably it needs to enable SSL verification, and create certificate PEM file – Roman Podlinov Oct 08 '14 at 18:33
  • 1
    +1 Option CURLOPT_SSL_VERIFYPEER on my local machine saved me couple of hours because without it server didn't want to accept my self-signed certificate – Anonymous Dec 08 '16 at 20:35
12

You can also use the stream api and http/https context options

$postdata = http_build_query(
  array(
    'FieldX' => '1234',
    'FieldY' => 'yaddayadda'
  )
);

$opts = array(
  'http' => array(
    'method'  => 'POST',
    'header'  => 'Content-type: application/x-www-form-urlencoded',
    'content' => $postdata
  )
);
$context  = stream_context_create($opts);
$result = file_get_contents('https://example.com', false, $context);

You still need an extension that provides the SSL encryption. That can either be php_openssl or (if compiled that way) php_curl.

Ronni Egeriis Persson
  • 2,209
  • 1
  • 21
  • 43
VolkerK
  • 95,432
  • 20
  • 163
  • 226
  • Oh, sorry. I should have clarified that: adding post parameters works the same for http:// and https:// – VolkerK Jul 16 '14 at 11:40
  • You did imply it, but I'm suggesting you edit to `https://` in the last line to more directly answer the original question. :) I was wondering if that's *all* you need to change, and confirmed that it is, PHP 5.3.3. – Bob Stein Jul 16 '14 at 18:39
2

No, there is no much difference. Curl does everything necessary itself.

See the examples in the user comments on the curl_setopt reference page how it’s done.

Gumbo
  • 643,351
  • 109
  • 780
  • 844
1

If you are using curl, you can pass in the -d switch for your parameters. This results in using an HTTP post. Something like

curl http://foo.com -d bar=baz -d bat=boo

would result in an HTTP post to http://foo.com with the appropriate parameters

Rob Di Marco
  • 43,054
  • 9
  • 66
  • 56
1

Similar question: POST to URL with PHP and Handle Response

Using the accepted solution (Snoopy PHP Class), you can do something like the following:

<?php

  $vars = array("fname"=>"Jonathan","lname"=>"Sampson");
  $snoopy = new Snoopy();

  $snoopy->curl_path = "/usr/bin/curl";  # Or whatever your path to curl is - 'which curl' in terminal will give it to you.  Needed because snoopy uses standalone curl to deal with https sites, not php_curl builtin.

  $snoopy->httpmethod = "POST";
  $snoopy->submit("https://www.somesite.com", $vars);
  print $snoopy->results;

?>
Community
  • 1
  • 1
Sampson
  • 265,109
  • 74
  • 539
  • 565