Page 1 of 1

Build and send POST data

Posted: Fri Jul 02, 2010 5:23 pm
by superpwnage
First off, hello PHPDN, nice to meet you :).

I am working with authorize.net (SIM implementation) to process e-commerce orders. During this process, customer information on our site is collected via a checkout form and then sent by POST (submitting a form) directly to authorize.net where they will collect and process the customer's credit card information. What I need to do is have a step in-between where I can server-side validate and sanitize user input (amongst other things). I do currently have Javascript validation, which works great but can't be relied upon if a customer has disabled Javascript in his or her browser. Also, I know that I could send an ajax script to accomplish this, but again I do not want to rely on Javascript.

What I'd like to do is have the form POST it's data to another page on our site to be processed, which silently builds the sanitized data and (if validated) POSTS that data visibly (as if the browser submitted the form) to the external authorize.net server. Is this possible? Would you implement this differently? I'm open to ideas.

Cheers,
Ben

Re: Build and send POST data

Posted: Fri Jul 02, 2010 5:40 pm
by AbraCadaver
You're not going to be able to post data from a form to a PHP script and then automatically post that to somewhere else and have the user's browser direct to the somewhere else without javascript. If you want to post to that somewhere else, but the user stays on the original page that received the form post then that is doable without javascript.

You could however have a form that posts to a script that validates and then displays another form that says "please confirm your info and click submit" that then posts to the other site.

Re: Build and send POST data

Posted: Fri Jul 02, 2010 6:16 pm
by Jonah Bron
This is a tough one. The trouble is, even if you do this, a malicious user could still spoof the post fields. You may have to opt for the submit-info-via-cURL implementation (don't remember what it's called).