Page 1 of 1

Help! - IP Address Validation

Posted: Sat Jun 02, 2007 4:52 am
by ziltech
Hello everyone,

I have a problem which I hope somebody will be able to help me with. Here goes.

I am setting up a website for a car dealership and one of the functions of the application is to be able to perform a car registration plate search. The search will return every detail about that particular car, make - model - engine size etc.

I have opened an account with CarWebUK who run a database containing this data but am having some trouble integrating it with my site.

On my website I will have a form which contains one field for sending the registration number, along with various hidden fields which contain my account username - password etc. The result is an XML file containing details about the car.

The problem is that the service is restricted only to respond from my SERVER IP address. So when a client submits the form request from their PC obviously the system is not going to allow the information because it's going to appear to have come from their CLIENT IP not the SERVER.

If you visit the following URL you will see the resultant XML file produced from their system however you won't see car information but you will see that the 'ErrorDescription' tag says 'No more available user accounts', this is because the website wasn't requested from 217.64.112.76 (my SERVER IP).

really long link

The registration number variable in the above URL is 'strVRM', I have put in my registration number - y313ldk (this must contain no spaces).

Is there a way that this can be fixed, IE. by changing client headers to 217.64.112.76 or is it possible to create the following chain?

Client Loads Website - Submits Form To My Server - Server Sends Request To CarWebUK - CarWebUK Sends XML File - XML File is display on Client.

I appreciate this is going to either be really easy or something that is just not possible. All help would be greatly appreciated as I've been scratching my head over this one.

(by the way, CarWebUK won't change the IP address allowed, nor will they just allow any IP to use the service - that's whats making this so hard).

Best Regards,

Rob Foster.

Posted: Sat Jun 02, 2007 5:16 am
by timvw
Basically: Anyone that looks at the source of your webpages gets to see your credentials.. Highly unwanted i presume...


A possible solution:
- have a form that accepts required data from your visitor...
- Combine that input with your credentials etc and write code that posts this request to the service,
- parses the results
- and generates a nice html page for the visitor.

Voila, a couple of steps that should allow you to solve this problem (are ask targetted questions about issues during one of these steps)

Posted: Sat Jun 02, 2007 5:23 am
by ziltech
Thanks for the quick reply,

You're right, that's the process I've been trying to create but am having no joy. Would you be able to shed any light on it at all.

Thanks,

Rob.

Posted: Sat Jun 02, 2007 5:24 am
by timvw
Which part exactly? And what have you tried in order to realise it?

Posted: Sat Jun 02, 2007 5:32 am
by ziltech
Sending the data to the server.

The user form just contains the registration number 'strVRM', this form gets submitted to a PHP file on my server - lets say 'getdata.php'.

getdata.php will take the user submitted information and combine it with other preset variables (containing my account information), and the request the XML file.

The trouble is that the referring IP is still the Clients and not the Server??

Posted: Sat Jun 02, 2007 7:45 am
by ziltech
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


How would you recommed that 'getdata.php' requests the XML file, would it be a function?

Sorry if thats an obvious question, im not a professional PHP developer.

Other people have suggested cURL or SOAP?

CarwebUK have given me an example SOAP request, how would this be called from PHP.

[syntax="xml"]POST /CarweBVRRB2Bproxy/carwebvrrwebservice.asmx HTTP/1.1
Host: http://www.carwebuk.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://ws.carwebuk.com/strB2BGetVehicleByVRM"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <strB2BGetVehicleByVRM xmlns="http://ws.carwebuk.com">
      <strUserName>string</strUserName>
      <strPassword>string</strPassword>
      <strClientRef>string</strClientRef>
      <strClientDescription>string</strClientDescription>
      <strKey1>string</strKey1>
      <strVRM>string</strVRM>
      <strVersion>string</strVersion>
    </strB2BGetVehicleByVRM>
  </soap:Body>
</soap:Envelope>

Code: Select all

HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <strB2BGetVehicleByVRMResponse xmlns="http://ws.carwebuk.com">
      <strB2BGetVehicleByVRMResult>xml</strB2BGetVehicleByVRMResult>
    </strB2BGetVehicleByVRMResponse>
  </soap:Body>
</soap:Envelope>

feyd | Please use[/syntax]

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Jun 02, 2007 12:51 pm
by timvw
The easiest way is to do a websearch for 'php soap' (eg: the php soap extension or nusoap).. (Perhaps in this situation even this is overkill, simply building the xml string and posting data would be a quick hack)