Sending secure post variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Parody
Forum Contributor
Posts: 252
Joined: Fri May 06, 2005 7:06 pm
Location: Great Britain

Sending secure post variables

Post by Parody »

I am building an api for my website so it can be utilized from other servers. The communication between the servers needs to be completely secure.

For testing I am using GET variables in a file_get_contents, but this will not be suitable if the variables become very large. So my question is:

How do I send post variables securely from a script on a server to another server and then recieve the output of the page the variables were sent to.

Thanks to all who respond! :D
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Sending secure post variables

Post by onion2k »

Use cURL ( http://uk2.php.net/curl ) to POST the variables over an SSL connection.
User avatar
it2051229
Forum Contributor
Posts: 312
Joined: Tue Dec 25, 2007 8:34 pm

Re: Sending secure post variables

Post by it2051229 »

$_POST variable is a secured variable. If you want, you can do encrypting on the contents of that variable then send it to another computer. Then from that another computer, will decrypt the contents of the variable.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Sending secure post variables

Post by onion2k »

it2051229 wrote:$_POST variable is a secured variable.
Woah! No. POST is not secure. It's as easy to hack as GET.
Parody
Forum Contributor
Posts: 252
Joined: Fri May 06, 2005 7:06 pm
Location: Great Britain

Re: Sending secure post variables

Post by Parody »

Thanks for the replies. I have a few questions though.

If I buy an SSL certificate from uk2 (my hosting company) will all connections to my server be secure, even if it's from another server and not a browser? Also. Would someone please be kind enough to post a basic CURL example which sends some variables and gets the resulting page?

Thanks
Parody
Forum Contributor
Posts: 252
Joined: Fri May 06, 2005 7:06 pm
Location: Great Britain

Re: Sending secure post variables

Post by Parody »

I have absolutely no experience with CURL and all the examples I find seem to be more complex than I require.

I will be extremely grateful if someone could provide an example that does only what is needed which I could work from.

Thanks to everyone so far :D
Parody
Forum Contributor
Posts: 252
Joined: Fri May 06, 2005 7:06 pm
Location: Great Britain

Re: Sending secure post variables

Post by Parody »

I managed to work it out. More simple than I thought it would be. If anyone wants to know:

Code: Select all

$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.example.com/page.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"postvar1=value1&postvar2=value2&postvar3=value3");
$response=curl_exec($ch);
curl_close ($ch);
 
Thanks for pointing me in the right direction though guys!
Parody
Forum Contributor
Posts: 252
Joined: Fri May 06, 2005 7:06 pm
Location: Great Britain

Re: Sending secure post variables

Post by Parody »

I'm using CURL with the code in my previous post, but I'm not sure about security. If the API server has SSL enabled what curl options would I need to define on the clientside of the API code? Is it as easy as just specifying that I want SSL enabled and letting it sort itself out or do I have to specify certificate information? I don't have a certificate yet so I'm essentially just checking how complex it could be to implement it when I do have one.

Thanks to anyone who helps!
Post Reply