2

How do i set this header in php using Curl? (CustomInfo element is array (nested key value pairs) and AuthenticationInfo element is array(nested key value pair))

<xml bla bla...>
    <Header>
    <CustomInfo>
    <IsTestMessage>true</IsTestMessage>
    <IsContentCompressed>false</IsContentCompressed>
    </CustomInfo>
    <AuthenticationInfo>
    <ApplicationId>SomeId</ApplicationId>
    <VersionId>0.9</VersionId>
    <RelationId></RelationId>
    <UserId>SomeUserId</UserId>
    <Password>SomePassword</Password>
    </AuthenticationInfo>
    </Header>
    <Body>
    <!--etc...(actual xml)-->
    </Body>
    </xml bla bla...>

Normally i would do:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://www.example.com/process.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$vars);  //Body
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$headers = array();
$headers[] = 'key: value';
$headers[] = 'key2: value2';//and so on...

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$server_output = curl_exec ($ch);

curl_close ($ch);

print  $server_output ;

But how is this done when the header contains nested key value pairs?

Edit 1:

Done this way but doesnt work (real newby so i must be doing it wrong):

$headers = array();
            $headers[] = array('CustomInfo' => array(
                                'IsTestMessage' => "true",
                                'IsContentCompressed' => "false")
                                );
            $headers[] = array('AuthenticationInfo' => array(
                'ApplicationId' => "SomeId",
                'VersionId' => "0.9",
                'RelationId' => "",
                'UserId' => "SomeUserId",
                'Password' => "SomePassword"
                )
                );
            $headers = serialize($headers);

            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

            var_dump(curl_getinfo($ch,CURLINFO_HEADER_OUT));

Warning: curl_setopt(): You must pass either an object or an array with the CURLOPT_HTTPHEADER argument

Edit 2:

When i dont serialize $headers i get:

Notice: Array to string conversion

Sake
  • 31
  • 3

1 Answers1

0

Ideally, you should use CURLOPT_POSTFIELDS unless this is a specific requirement from an external API

$myArray = array();
$myArray[] = array('key' => 'value');
$myArray[] = array('key2' => array('value2' => array('foo' => 'bar')));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,array('myVars' => $vars, 'myArray' => $myArray));  //Body

Then access it $_POST['myArray']

Warning: Both headers and POST variables can be injected so I'd also recommend you do the check on the sender (e.g $_SERVER['REMOTE_ADDR'] == 127.0.0.1) if these requests are only meant to come from your own server

I can't mention accessing $_POST without also mentioning: How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
zanderwar
  • 3,440
  • 3
  • 28
  • 46
  • It is actually a specific requirement from an external API that these elements are placed in the header.. To be fair...i am trying to do a soap Post request. I have however been trying to do this without using the php soapclient but building the RAW Post myself (for a number of reasons) However to accomplish this i need to build a custom header (as stated) – Sake Sep 02 '16 at 11:04
  • Your problem may be that you're creating a multi-dimensional array – zanderwar Sep 02 '16 at 11:33
  • send `$headers = array('foo: bar','bar: foo');` in CURLOPT_HTTPHEADER and see if you get the error – zanderwar Sep 02 '16 at 11:34
  • So the service (as this is in pilot fase) is defined but proper documentation is not available – Sake Sep 02 '16 at 11:34