472,993 Members | 2,511 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,993 software developers and data experts.

Reconstructing a POST request and redirecting?

I am working on a PHP 4 app that interacts with an external authorization
server. The external server does "third-party" authorization of users.
So I do the following:

1) Each of my PHP scripts has an include file (require_once) that checks to
see if the current user has recently been authorized.

2) If not, the user is "handed off" to the external server. I do this by
building the necessary URL for authorization and using refresh to perform
the redirection.

3) The external server authorizes the user by asking them to login.

4) The external server then redirects the user's browser back to a
predefined URL on my server.

I have created a MySQL database, indexed by user ID, that stores the current
URL request (to my server), the request type (GET/POST), and the GET & POST
arguments.

Before I hand the user off to the external server, I store all that
information in the database. This all works fine so far.

What I need to do now, in item 4 above, is look up the URL request info from
the database, reconstruct the GET/POST request, and redirect the user's
browser to that reconstructed destination.

All I need is some helpful code snippets to show me a clean way to
reconstruct POST requests; getting the headers right and such, and telling
the user's browser to execute/fetch that POST request. If it matters, I am
using the PEAR libraries for HTTP requests and I have no problem using
Javascript based solutions.

Does anybody have a code snippet that could save me some time here? Any
caveats or warnings?

Thanks.


Jul 24 '05 #1
2 3075
On Sun, 24 Jul 2005 17:16:15 -0400, "Robert Oschler"
<no************@nospam.com> wrote:
I am working on a PHP 4 app that interacts with an external authorization
server. The external server does "third-party" authorization of users.
So I do the following:

1) Each of my PHP scripts has an include file (require_once) that checks to
see if the current user has recently been authorized.

2) If not, the user is "handed off" to the external server. I do this by
building the necessary URL for authorization and using refresh to perform
the redirection.

3) The external server authorizes the user by asking them to login.

4) The external server then redirects the user's browser back to a
predefined URL on my server.

I have created a MySQL database, indexed by user ID, that stores the current
URL request (to my server), the request type (GET/POST), and the GET & POST
arguments.

Before I hand the user off to the external server, I store all that
information in the database. This all works fine so far.

What I need to do now, in item 4 above, is look up the URL request info from
the database, reconstruct the GET/POST request, and redirect the user's
browser to that reconstructed destination.

All I need is some helpful code snippets to show me a clean way to
reconstruct POST requests; getting the headers right and such, and telling
the user's browser to execute/fetch that POST request. If it matters, I am
using the PEAR libraries for HTTP requests and I have no problem using
Javascript based solutions.

Does anybody have a code snippet that could save me some time here? Any
caveats or warnings?


I do a similar thing for GET requests on an intranet at work, except I pass
the "return URL" to the authentication page - I've chickened out of POST
requests as it's reasonably safe to assume that nobody will be POSTing in from
an unauthenticated area into the authenticated area (at the moment anyway), and
the POST data may be too long to encode in a GET request.

You don't have that problem as you say you're storing it in a database -
that's a decent idea. Could also presumably do that in a session variable
reasonably safely as well.

If it's a GET request, then you can just reconstruct the URL and
header("Location: $absolute_url") to it. Main thing to watch out for is array
parameters (i.e. value[]=x;value[]=y or value[1]=x;value[3]=y) etc.

What sort of format are you using to store the data in the DB? Do you
basically end up with a copy of the full (possibly multi-dimensional) $_GET
array as it was before you went into the authentication section?

If it's POST then you can't redirect into it, but you can reproduce all the
form data using input type="hidden", fields and present a submit button to post
back to the correct location.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool
Jul 25 '05 #2

"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:p5********************************@4ax.com...
On Sun, 24 Jul 2005 17:16:15 -0400, "Robert Oschler"
<no************@nospam.com> wrote:

I do a similar thing for GET requests on an intranet at work, except I pass the "return URL" to the authentication page - I've chickened out of POST
requests as it's reasonably safe to assume that nobody will be POSTing in from an unauthenticated area into the authenticated area (at the moment anyway), and the POST data may be too long to encode in a GET request.

You don't have that problem as you say you're storing it in a database -
that's a decent idea. Could also presumably do that in a session variable
reasonably safely as well.

If it's a GET request, then you can just reconstruct the URL and
header("Location: $absolute_url") to it. Main thing to watch out for is array parameters (i.e. value[]=x;value[]=y or value[1]=x;value[3]=y) etc.

What sort of format are you using to store the data in the DB? Do you
basically end up with a copy of the full (possibly multi-dimensional) $_GET array as it was before you went into the authentication section?

If it's POST then you can't redirect into it, but you can reproduce all the form data using input type="hidden", fields and present a submit button to post back to the correct location.

--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool


Andy,

You basically answered my question when you told me that you can't redirect
a POST. I'll have to modify my POST target scripts to look for a URL
argument that tells them to pull the POST data from the database instead of
the $_POST array. Not too hard.

Thanks.
Jul 26 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Dave Smithz | last post by:
Hi there, I have a situation where I want to have multiple submit buttons on the same form and therefore want to use a redirection php script that checks the value associated with the submit...
6
by: Pete Mahoney | last post by:
I am trying to 'POST' values from a form in a ASP file that has anonymous access permissions. I can retrieve the form values when I redirect to this page from another page which has also has...
4
by: Jerry Krinock | last post by:
I've written the following demo to help me understand a problem I'm having in a larger program. The "main" function constructs a Foo object, and then later "reconstructs" it by calling the...
7
by: Eric | last post by:
I am certain the answer will be 'NO', but I wanted to ask anyway just incase I have missed something. Everyone knows that one pass data to a page in an anchor tag by using the GET Method: <a...
2
by: DJ | last post by:
Hi, I've got following problem - after clicking button on my page I have to redirect user to another website using the post method. While redirecting I have to send some values to that website...
1
by: pmasclark | last post by:
Hello, I created a web site, site A, that redirects to another web site, site B, where a simple web service is hosted. The code to call the web service is simple. oWS.AllowAutoRedirect = True...
1
by: joshtichauer | last post by:
Hey, Is there a way to make a javascript post request to MyPage.aspx, set a variable on MyPage.aspx, then do a javascript redirect to MyPage.aspx and still sustain the value of the variable posted...
5
by: Gav | last post by:
I'm wanting to send POST data to a script, but without it being sent via the action of a form being posted - in other words I want to re-direct to a page but have the POST data filled in for the...
0
by: embeddedbob | last post by:
Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic. (CS4, ActionScript 3.0, Flash 10) I have a SWF embedded within a page that is protected by...
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
2
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
4
NeoPa
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
0
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
0
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
4
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
3
SueHopson
by: SueHopson | last post by:
Hi All, I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.