1

I've been e3xperimenting with JSON replies latelly. So as a test i created a small service that autenticates users on another domain. Here's the gist of my initial test:

On domain A, i have a php file that when called with specific GET variables (URI) will return a JSON string to the caller. The idea is i send user and pass and get back a json string with a variable saying wether it was successfully loggedin, user data in case yes and error message case no.

Then i created in domain B a page with javascript and a form. On form submit, the javascript uses XHR (HTMLRequest) to call the page in domain A, retrieve the JSON string, turn it to object and depending on result claim login or not.

This works.

Upon rethinking this i realised for some services this works fine but as login it doesn't since the cliente would be then claiming to the site in domain B 'Hey i've logged in with domain A as user C so you can trust me' - And you really should never trust the cliente.

So i changed things a bit and now the page in domain B submits the user and pass to domain B, and domain B (server-side in PHP) uses file_get_contents to get the JSON string from domain A and decide based on it wether the user is now logged in or not.

This also works and is a lot better in my opinion.

However now i am on phase 3 - even with the server authenticating, i'm still sending the user and pass through URI to domain A. I want to rather send it as POST (or OPTIONS) - as in not in URI - PHP to PHP, preferably as a composed encoded string - like MD5('user:'.$user.':pass:'.$pass) or something of the kind.

Creating the MD5's string is easy, but how do i POST via PHP then retrieve the result of the POST as string to handle in PHP?

537mfb
  • 1,374
  • 1
  • 16
  • 32
  • 1
    possible duplicate of [How do I send a POST request with PHP?](http://stackoverflow.com/questions/5647461/how-do-i-send-a-post-request-with-php) – CBroe Sep 22 '14 at 08:41
  • @CBroe Missed that one in my search - need to test those to see if they work in my scenario - no accepted answer in that question though (probably why i missed it in the first place - good catch) - +1 for leading me to a possible answer – 537mfb Sep 22 '14 at 08:54
  • @CBroe Thanks for the link - dbau's answer worked nicelly - thanks again – 537mfb Sep 23 '14 at 09:05

1 Answers1

1

I would recommend you write your PHP code to assume all incoming JSON data is encoded as UTF-8, since that's the default in the spec, and certainly the default in most JSON codecs.

It would be a good idea though to make it explicit in your API documentation that UTF-8 is assumed for application/json content. And if a client wants to transmit JSON encoded differently, instruct them to pass a different Content-Type header that specifies the non-default encoding, with a header like this: Content-Type: application/json; charset=UTF-16

munsifali
  • 1,732
  • 2
  • 24
  • 43
  • This does not relate to my question since i asked how to send via POST rather than GET. As for your points, The service page is using UTF-8 and won't use anything else. It doesn't receive data as JSON - only answers JSON - although it probably should get requests as JSON too (or instead of current state) - good point even if not answering the question itself - thanks – 537mfb Sep 22 '14 at 09:28