Existing method of posting values to API
As per the API documentation, a form has to be posted to the API URL (method="POST" and action="API_URL") with some input fields and a customer token field. The API processes and then posts response to a callback.php file on my server (fixed - can't change it). The page redirects to the API URL and then comes back to callback.php. I can access the posted vals using $_POST
in that file. That's all about the existing method and it works fine.
Server side post to hide the customer token
For security reasons, I am trying to post from server side this time.
The Problem
Callback is not happening (code inside callback.php file not executing).
After sturggling hard with cURL to post to the API and receive callback, I realized that open_basedir is set in my server due to which CURLOPT_FOLLOWLOCATION
. I found the following code which seems to be able to accomplish the posting even if safe_mode
is On
or open_basedir
is set, provided that
we know generally where we'll be redirected to
Please go through the code below and tell me what is meant here by if we know generally where we'll be redirected to
. Is it the URL where the API will redirect to after the processing completes? Then yes I know, it has to send callback to a callback.php file on my server, but that is not happening.
:-
function curl($url, $postVars)
{
$go = curl_init($url);
curl_setopt ($go, CURLOPT_URL, $url);
curl_setopt($go, CURLOPT_VERBOSE, 1);
//follow on location problems
if (ini_get('open_basedir') == '' && (ini_get('safe_mode')== 'Off'))
{
curl_setopt ($go, CURLOPT_FOLLOWLOCATION, $l);
$syn = curl_exec($go);
if(curl_error($go))
return false;
}
else
$syn = curl_redir_exec($go, $postVars);
curl_close($go);
return $syn;
}
function curl_redir_exec($ch, $postVars)
{
static $curl_loops = 0;
static $curl_max_loops = 20;
if ($curl_loops++>= $curl_max_loops)
{
$curl_loops = 0;
return FALSE;
}
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postVars);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
$data = curl_exec($ch);
if(curl_error($ch))
return false;
list($header, $data) = explode("\n\r", $data, 2);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$redirect_page = "[0-9]*.html";
$base_redirect = "http://example.com/";
if ($http_code == 301 || $http_code == 302)
{
$matches = array();
$pregs = eregi($redirect_page, $data, $matches);
$new_url = $base_redirect . $matches[0];
if (!$new_url)
{
//couldn't process the url to redirect to
$curl_loops = 0;
return $data;
}
curl_setopt($ch, CURLOPT_URL, $new_url);
return curl_redir_exec($ch, $postVars);
}
else
{
$curl_loops=0;
return $data;
}
}
On running the code, it enters into the conditon where $http_code
is neither 301
nor 302
(it is 200
in my case). And printing the $data gives the following:-
HTTP/1.1 200 OK Date: Wed, 01 Sep 2010 10:02:44 GMT Server: Apache/2 X-Powered-By: PHP/5.2.11 Content-Length: 0 Connection: close Content-Type: text/html
Help
Help me guys..
Any code changes to this needed?
Will cURL not work in my case? (it is an asynchronous API - it triggers the callback when it's done. The original request does not receive a return value in this kind of setup.)
Thanks Sandeepan