douzhengyi5022 2014-10-22 22:29
浏览 65
已采纳

PHP伪造并从PHP页面执行表单POST ... cURL

I am creating a checkout process in PHP and have 4 stages/pages. Each page collects different information about the user etc and the 4th stage/page is the secure checkout page which is hosted externally and accepts a POST form submission (from stage 3).

All would be fine however I need to validate the data in stage 3 before I send the user on to the external stage 4 so I looked into this and found this article on cURL...

http://www.html-form-guide.com/php-form/php-form-submit.html

All looked great but it only seems to post the data to the external 4th page but I need the user to actually be taken there at the same time so they see the 4th page. Ive tried...

header('Location: http://externalURLLink');

...straight after the cURL connection is closed but it didn't work.

The obvious way is to have a page that basically says "Now click here to go to our secure payment page but I would rather not do that.

Any suggestions?

Thanks

  • 写回答

2条回答 默认 最新

  • duangan4070 2014-10-24 11:32
    关注

    You could try the following function which may work for you:

    function curl_redir_exec($ch,$test = false)
    {
    static $curl_loops = 0;
    static $curl_max_loops = 20;
    if ($curl_loops++>= $curl_max_loops)
    {
    $curl_loops = 0;
    return FALSE;
    }
    curl_setopt($ch, CURLOPT_HEADER, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $data = curl_exec($ch);
    list($header, $data) = explode("

", $data, 2);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    if ($http_code == 301 || $http_code == 302)
    {
    $matches = array();
    preg_match('/Location:(.*?)
/', $header, $matches);
    $url = @parse_url(trim(array_pop($matches)));
    if (!$url){
        //couldn't process the url to redirect to
        $curl_loops = 0;
        return $data;
    }
    $last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));
    if (!$url['scheme'])
    $url['scheme'] = $last_url['scheme'];
    if (!$url['host'])
    $url['host'] = $last_url['host'];
    if (!$url['path'])
        $url['path'] = $last_url['path'];
        $new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');
        curl_setopt($ch, CURLOPT_URL, $new_url);
        return $this->curl_redir_exec($ch);
    } else {
        $curl_loops=0;
        if($test){
            return curl_getinfo($ch, CURLINFO_EFFECTIVE_URL).'<br />'.$http_code.'<br />'.$data;
        }else{
            return curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
        }
    }
}

    You would use it like this:

    $curl_session = curl_init($DESTINATION_URL);
curl_setopt($curl_session, CURLOPT_URL, $DESTINATION_URL);
curl_setopt($curl_session, CURLOPT_COOKIESESSION, 1);
curl_setopt($curl_session, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($curl_session, CURLOPT_HTTPHEADER, array('X-Forwarded-For: '.$_SERVER['REMOTE_ADDR']));
curl_setopt($curl_session, CURLOPT_VERBOSE, 1);
curl_setopt($curl_session, CURLOPT_POST, 1);
curl_setopt($curl_session, CURLOPT_POSTFIELDS, $POST_DATA);
curl_setopt($curl_session, CURLOPT_TIMEOUT, 30);
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, FALSE);
$redirect_url = $shop->curl_redir_exec($curl_session);
if(curl_errno($curl_session))
{
    echo '<p>An error has occurred, please take note of the information below and contact support.</p>';
    echo "<br>Errno : ".curl_errno($curl_session) ."<br>";
    echo "<br>Error : ".curl_error($curl_session) ."<br>";
    die();
}
curl_close($curl_session);
header("location:$redirect_url");

    Hope this is useful.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 用visual studi code完成html页面
  • ¥15 聚类分析或者python进行数据分析
  • ¥15 逻辑谓词和消解原理的运用
  • ¥15 三菱伺服电机按启动按钮有使能但不动作
  • ¥15 js,页面2返回页面1时定位进入的设备
  • ¥50 导入文件到网吧的电脑并且在重启之后不会被恢复
  • ¥15 (希望可以解决问题)ma和mb文件无法正常打开,打开后是空白,但是有正常内存占用,但可以在打开Maya应用程序后打开场景ma和mb格式。
  • ¥20 ML307A在使用AT命令连接EMQX平台的MQTT时被拒绝
  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?