0

I have two different servers, and I need to send post data from one server to another. But there are some issues that I'll describe below. First, let me describe them:

  • First server's using Apache + PHP, running on Linux.
  • Second server's using IIS, running on Windows. PHP is installed.

Now, here's what I'm trying to do:

  • On my first server, user fills a form and submits it to a file in the same server.
  • In that file, I'll process the data filled by the user and redirect my user to a page on my second server. This redirection has to go with the result of my data processing as a POST request.
  • Still on my seconds server, my user will finish entering his credit card information. Then, I'll process the payment.
  • After my payment's done processing (on my IIS server), I redirect my user back to another file in my first server, with more POST data (results of payment processing).

I don't really know, though, how to redirect my user without 'echoing' a form and submitting it again.

I've done a lot of reading on the subject, and I managed to make my apache send post data using cURL or even using stream_context_create and stream_get_contents, and retrieve the result. What I want to do, though, is redirect my user along with the post data, instead of dispatching a request and displaying the result.

This is not a duplicate of this question, for my files are not in the same server, as q0987's were, making it impossible to store my data in the user's session.

I also realize I can't use header functions to make requests, as the header functions only creates response headers.

I don't have enough privileges to install any libraries on the IIS server (like cURL/libcurl). I can't process the payment on my first server, seeing only the IIS is allowed to access the VISAnet libraries. I also can't put it all on my IIS.

I'm trying to accomplish that with PHP, but I don't even know if what I'm trying to do is possible.

I don't want to write down and submit forms, as it messes up my user's history (and the back button).

Community
  • 1
  • 1
Pedro Cordeiro
  • 2,085
  • 1
  • 20
  • 41
  • Without Curl et al, you could AJAX the form to Server 1, then if it replies with good validation post the form to Server 2? It may mean duplicating data validation on both servers though. Sounds like a maintenance nightmare too. – Martin Lyne Nov 16 '12 at 13:45
  • My advice would be not to do it this way. It sounds like you are setting up a payment gateway. What I would do in this situation is cache the user's information that was submitted to server1 there, and redirect the user to server2 with a token. Then, have server 2 use cURL or another method to connect to server1 and exchange the token for the data the user submitted via a trusted channel. Otherwise, you risk the user utilizing a proxy or other tool to manipulate the data before being forwarded to server2, which could allow a malicious user to change data such as the purchase price. – Wige Nov 16 '12 at 13:49
  • If any data changes on the course of this process, the payment will not be marked as 'processed'. The response XML VISA gives me contains all the information I need to check against my database to see if the user changed any information. Also, to Martin Lyne, it is, indeed, a maintenance nightmare. I can't do it any other way (my company will not allow me to authorize my first server on the VISANET system, nor to continue production on the second server. – Pedro Cordeiro Nov 16 '12 at 13:59
  • http://stackoverflow.com/questions/653090/how-do-you-post-to-a-page-using-the-php-header-function – Elzo Valugi Nov 16 '12 at 14:55

2 Answers2

2

You can't use POST verb for redirecting. I think your problem could be solved with cross-server interaction:

server-1 receives data
server-1 sends data to server-2 and server-2 responds some associated id with that data
server-1 redirects user to server-2 with id in redirect uri query
server-2 receives user's GET request (id is stored in uri query).
server-2 receives data with given id
viola - server-2 knows what server-1 sent to it
nikita2206
  • 1,129
  • 2
  • 10
  • 17
0

What you're asking cannot be done in the way you've described. That is by design, it is not meant to be done that way. If it were possible, it would open up a whole new world of exploits.

You need to either change the approach or then you have misunderstood something crucial about how it is supposed to be done.

eis
  • 51,991
  • 13
  • 150
  • 199