0

I have a scenario where I want to pass a value AND redirect from the authentication.php file to index.php file without using GET but only POST. I want to keep it hidden from the user.

I thought about using cURL but as far as I know this will execute the index.php file, right?

// set post fields
$post = [
    'customer' => 'username',
    'token' => 'token123'
];

$ch = curl_init('www.domain.com/index.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

PS: I dont want to use SESSION nor COOKIES. I understand that COOKIES can be encrypted but I still dont prefer to use them.

So, is there a good way for doing this?

showtime
  • 1
  • 1
  • 17
  • 48
  • 1
    Are you looking to make this request server-side and return the result to the client? Or are you looking for the client to make the request from their browser? What's the actual user experience flow you're trying to achieve? – David Jul 29 '21 at 18:35
  • @David no this should be server-side. So, authentication.php checks if the user is valid and then it should redirect to index.php and in index.php I should be able to receive the values that have been generated in authentication.php – showtime Jul 29 '21 at 18:37
  • save IP and system parameters on server site. Check session by IP. – ALexander Lead Jul 29 '21 at 18:37
  • @bbb: In that case what isn't working in your approach? CURL would indeed be able to issue a POST request and read its response. What's failing here? – David Jul 29 '21 at 18:38
  • @ALexanderLead that can be an extra security measure but I cant totally rely on it. I need the token in index.php – showtime Jul 29 '21 at 18:39
  • @David cURL executes index.php, is that correct? I dont want it to be executed, just pass the parameters and catch them in index.php – showtime Jul 29 '21 at 18:40
  • @bbb: That doesn't make sense. You want to make a POST request to a PHP file, but don't want that PHP file to *handle* that request? Then what do you want it to do? What exactly are you trying to achieve here and why? – David Jul 29 '21 at 18:41
  • @David I want to: authenticate, redirect & pass token to index.php, catch that token value in index.php. Thats it! – showtime Jul 29 '21 at 18:43
  • @bbb: Shouldn't the token be returned to the client and the client can make the next request? It sounds like you're trying to invent your own authentication system, which is adding more complexity than security. Normally you'd either start a session indicating that the user is logged in and redirect them, or you'd return a token to the user (usually as a cookie) and redirect them. The authenticated pages would check for the session or the cookie before allowing access. Why can't you use those approaches? – David Jul 29 '21 at 18:46
  • @bbb: If you're set on this approach then what you're doing with CURL is exactly how you'd make a POST request from server-side code to a URL. After that request is completed you can redirect the user just like any other PHP redirect. So essentially what you already have does what you're trying to do. But what `index.php` *does* with the information you send it, that's for you to decide. How it handles the POST request and the subsequent GET request from the user, what logic it performs in each, etc. Since this is your custom authentication system, it's your custom logic. – David Jul 29 '21 at 18:53
  • @bbb: Correction, it's *close* to [how to make a POST request with CURL](https://stackoverflow.com/questions/2138527/php-curl-http-post-sample-code). But then, how to make a POST request in PHP code and how to redirect the user are both easily searchable things, so overall it's not really clear what help you need in this question. – David Jul 29 '21 at 18:57
  • @bbb If you want to redirect and pass POST parameters, you could trigger this using javascript. HOWEVER, from what it sounds like you are trying to accomplish, this really should be done by setting a session variable (which would be simpler and more secure). – Mike C Jul 29 '21 at 19:47

0 Answers0