www.webdeveloper.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: How to do a server-to-server post?

  1. #1
    Join Date
    Jun 2010
    Posts
    64

    How to do a server-to-server post?

    I need to post some data from one server to another just like what a form does client side. Data (a few strings totalling ~500 charactors) is received on one server (and can only be received on this server) and has to be sent to another server so that it can be added to a database. However...

    On the server which adds the info to the database:
    allow_url_fopen = off (and can't be turned on!!)
    which means fsock isn't an option

    I thought this would be a really simple thing to do (because it is client side!) but I have no idea how I can solve this so many thanks for any help!

  2. #2
    Join Date
    Nov 2008
    Posts
    2,477
    cURL would be the best way if you have it available on the server.

  3. #3
    Join Date
    Jun 2010
    Posts
    64
    Quote Originally Posted by Mindzai View Post
    cURL would be the best way if you have it available on the server.
    Thanks for the reply!
    Yup cURL is available on the server. Does this library just use fsock to post data though? If so it's not an option.

  4. #4
    Join Date
    Oct 2007
    Posts
    371
    You'll use cURL to send it as a POST. This post on my page might help:
    cURL
    It was written to allow file uploads, but it will help with other requests as well.

  5. #5
    Join Date
    Nov 2008
    Posts
    2,477
    Quote Originally Posted by acestuff View Post
    Thanks for the reply!
    Yup cURL is available on the server. Does this library just use fsock to post data though? If so it's not an option.
    Nope it will work

  6. #6
    Join Date
    Jun 2010
    Posts
    64
    Quote Originally Posted by TecBrat View Post
    You'll use cURL to send it as a POST. This post on my page might help:
    cURL
    It was written to allow file uploads, but it will help with other requests as well.
    Cheers for the link TecBrat.

    Quote Originally Posted by Mindzai View Post
    Nope it will work
    I'll give cURL a go then!

    Do either of you guys know how curl sends the posts though? Does it just emulate the way a client would send a post using a form?

  7. #7
    Join Date
    Jun 2010
    Posts
    64
    Right guys I tried cURL however, it's not working!

    I've used curl_getinfo to find that when the post is made it is just forbidden by the server:
    http_code = 403

    Is it possible that the database surver knows that the post is been made by a server opposed to a browser (and has a problem with this) as when I post this using a HTML form, everything works fine!

    If so, is there any way of making the post appear as if it has originated from a browser?

    Here's my code:
    Code:
            $url = "http://my_database_server.com/test.php";
    
    	$ch = curl_init();
    	curl_setopt($ch, CURLOPT_URL, $url);
    	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    	curl_setopt($ch, CURLOPT_POST, true);
    	
    	$data = array	(
    		"test_value"   =>   "true"
    	);
    	
    	curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    	$output = curl_exec($ch);
    	$info = curl_getinfo($ch);
    	curl_close($ch);

  8. #8
    Join Date
    Nov 2008
    Posts
    2,477
    Quote Originally Posted by acestuff View Post
    Do either of you guys know how curl sends the posts though? Does it just emulate the way a client would send a post using a form?
    All POST requests end up being sent the same way regardless of how you make them, ie by opening a socket to the webserver and transmitting the data. This is the same if it's your browser, php's fopen or fsockopen, telnet from a unix terminal etc. They all provide varying levels of abstraction for the same thing. The reason cURL will work here, is because it uses an external library (libcurl) rather than PHP itself. The PHP cURL extension is basically a wrapper around this library's functionality.

  9. #9
    Join Date
    Nov 2008
    Posts
    2,477
    Quote Originally Posted by acestuff View Post
    Is it possible that the database surver knows that the post is been made by a server opposed to a browser (and has a problem with this) as when I post this using a HTML form, everything works fine!
    It's possible the server is doing something like checking the user agent string but that's easy to work around if so.

    PHP Code:
    curl_setopt($curlCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); 
    Have you tried sending the data as a querystring as using an array alters the headers slightly:

    PHP Code:
    curl_setopt($chCURLOPT_POSTFIELDS'test_value=data'); 
    Last edited by Mindzai; 08-05-2010 at 10:28 AM.

  10. #10
    Join Date
    Jan 2009
    Posts
    3,346
    Another possibility is that the form hosted on the server generates a session variable that should exist during processing so it thinks you are hijacking a form processor.

  11. #11
    Join Date
    Nov 2008
    Posts
    2,477
    I wondered that, but I go the impression the form that posted to server2 was hosted on server1 - can you clarify acestuff? If that's not the case you may be SOL here.

  12. #12
    Join Date
    Jun 2010
    Posts
    64
    Thanks very much for your previous explanations. I'll try your suggestions shortly.

    As for clarification:
    Server 1 has the data and posts to Server 2.
    Server 2 then puts the info into the database which is on the same server.

    I'm afraid I'm new to server side languages so I don't know what a session variable is but it's not something I've coded in. All my code is as simple as $_POST['data'] and then SQL.

    What I'm trying to do is all a bit odd due to the different functionality abilities of the servers (they're free servers)...

  13. #13
    Join Date
    Jun 2010
    Posts
    64

    Thumbs up

    Quote Originally Posted by Mindzai View Post
    It's possible the server is doing something like checking the user agent string but that's easy to work around if so.

    PHP Code:
    curl_setopt($curlCURLOPT_USERAGENT"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); 
    Yes!! That was obviously the problem because it's working now! Thank you very much for your help

  14. #14
    Join Date
    Nov 2008
    Posts
    2,477
    Glad you got it sorted! It just goes to show what a pointless "security" technique user agent checks are!

    Quote Originally Posted by acestuff View Post
    I'm new to server side languages
    Quote Originally Posted by acestuff View Post
    $_POST['data'] and then SQL.
    Those two phrases together fill me with dread! Make sure you are validating and escaping all external data (ie anything POSTed in this case) otherwise you may find youself the victim of SQL injection attacks (amongst other nastiness).
    Last edited by Mindzai; 08-05-2010 at 01:57 PM.

  15. #15
    Join Date
    Jun 2010
    Posts
    64
    Quote Originally Posted by Mindzai View Post
    Glad you got it sorted! It just goes to show what a pointless "security" technique user agent checks are!
    Yea, what a waste of time!


    Quote Originally Posted by Mindzai View Post
    Those two phrases together fill me with dread! Make sure you are validating and escaping all external data (ie anything POSTed in this case) otherwise you may find youself the victim of SQL injection attacks (amongst other nastiness).
    Hehe I know :P I've got everything going through mysql_real_escape_string() and all requests are mostly hard coded so I hope it'll be okey...

    My biggest concern is with sending data unsecurely - I don't know what the risks are. One of the things Server 2 is doing is a Paypal IPN so a client's Paypal ID, email address and delivary address are been sent from server-to-server without encryption. There is no read functionality to the database they are going into though so I don't think there is scope for SQL injection attacks thankfully. However, I probably I need to look into some kind of encryption thinking about it...

    The other thing I haven't considered is if someone just sent loads of requests to create entries in the databases causing them to fill up with loads of rubbish. God only knows why someone would want to do this but it would be a real pain!

    Security is not something I've had to think about before as I've only really written client side content.
    Thanks for the tips.
    Last edited by acestuff; 08-05-2010 at 02:27 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles