POST with http/s protocol... how do I do it?

[EliteRides]

I have a new project involving something I’m not too familiar with (http/s protocol). The project is below in the quote. My questions is, how do I accomplish this? I am guessing this is through form fields, right? Any insight would be greatly appreciated!

We can provide a URL to which your interface can communicate to request that a particular installment set be queued for review and disablement. This communication will occur over a direct HTTPS request from your server to our server. The request will be a standard POST request, with URI-encoded variable names and values according to the standard HTTP/S protocol.

We will require the following data in this POST:
credit_card, email, sku, merchant, user, password

Example: credit_card=40055500000000019&email=test %40example.com&sku=LLPMTRIALC&mercha
nt=0591&user=testuser&password=testpass


We will return a result in the HTTPS response. The result will be a comma-separated list of fields. (or if preferred , URI-encoded variables can be used instead - but please let me know before I begin work.) The fields will be:

result_code,debugging_text

Example:
0,Request for cancellation logged

A result_code of 0 indicates success. Any other value indicates an exception.

Possible result_code and debugging_text values:
0,Request for cancellation logged
1,Request not understood or missing data
2,Incorrect username or password
3,Record not found
4,Multiple records found
5,Request already logged
6,Already cancelled

[jason]

I assume that you are collecting some kind of information from a user, validating that information, and then passing it on to a remote server for processing. Am I correct?

In order to do this, you need to make your script act like a web browser. In other words, you need to make script open a connection to the remote server and pass the required info on to it. The remote server will then return some data and you'll need to capture that and process it. There are a number of ways to do this, the on I have experience using is cURL.

cURL is a program that can handle connections to virtually any kind of server. It is also available as a module to PHP, if that is what you'll be using to do the scripting. Check out the cURL homepage and PHP Docs on cURLfor details on using it.

Below is come code I developed for a system where I had to validate users from a remote web server. With it I post a username and password to a script on a remote server. That server tries to validate the user and returns the user data that is stored for that data on success or an error code on failure.

PHP Code:

$curl = curl_init();
                curl_setopt($curl, CURLOPT_URL, 'https://wwwremotesite/somescript.php');
                curl_setopt($curl, CURLOPT_HEADER, 0);
                curl_setopt($curl, CURLOPT_POST, 1);
                curl_setopt($curl, CURLOPT_POSTFIELDS, 'username=' . urlencode($username) . '&password=' .
                  urlencode($password));
                curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                $result = curl_exec($curl);
                curl_close($curl); 


The servers response will be available to you in $result, which you'll need to parse and process according to the instructions you've posted.

Hope this helps.

--Jason

[EliteRides]

Thank you for replying.

I assume that you are collecting some kind of information from a user, validating that information, and then passing it on to a remote server for processing. Am I correct?

Yes and no. I am collecting info, but that's all I need to do on my end. I need to embed this in an html page or have it as a pop-up off of an html page. A customer will enter in their info from the fields above and submit it. From there the info needs to be passed from our site to another company.

In order to do this, you need to make your script act like a web browser. In other words, you need to make script open a connection to the remote server and pass the required info on to it.

How do I accomplish this? I really have no experience when it comes to this particular task. Do I create form fields in an html page? If not, how do users put in their info that I need to pass on? If I do need to create form fields, how do I have it submitted to their server?

Thank you again... very much.

[jason]

How do I accomplish this?

Refer to teh cURL code that I posted in my last post. That will handle the entire process. cURL basically creates an HTTP request the same way that the browser does, it just doesn't parse and display the resulting data.

If you were to put everything in an HTML form for the user to fill out and tehy were to submit that to the remote server, all that they would get back is the status code and debugging text that the remote server returns. Therefore you have to use a method, like the one using cURL, that sits between the user and the remote server and filters the data between the two. Basically, this is what's happening:

Code:

USER                    YOUR SITE           REMOTE SITE
===========             ==========          ============
Submits form            Check input         Processes
                 =>                   =>    request
                        Submit to          
                        Remote Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sees result      <=     Parses status  <=   Returns status
                        code                code

                        Returns result
                        message to user

The cURL code I gave you will do everything you need it to do. All you'll need to do is modify the CURLOPT_POSTFIELDS line to reference the data that goes to the remote site. This is a just a long list of data in fieldname=value format, with each field-value pair separated with an "&" character. You should use the urlencode() function to encode any values so that the illegal characters are converted into their respective hex codes.

--Jason

[EliteRides]

Cool. Two things then.

1) Do I just paste that code in an html page?

2) I do not need the user to have anything returned back to them. This will be to cancel a subscription. All I need is for them to put in the info in the first quote, they submit it and it's sent to a third party url. Their database will process the info in the database and we will see it when we log on. That's the only point where anything processed needs to be seen. So, their database will take care of that. Our site just needs to send the users' input info to their specified url.

[jason]

That is PHP code, so you'd need to need to put it in a PHP script and direct your form to that script. You should return something to the user saying that thier request was either successful or that it failed for whatever reason. Otherwise you'll leave the user wonding.

--Jason

[Connie]

You should return something to the user saying that thier request was either successful or that it failed for whatever reason. Otherwise you'll leave the user wonding.

I think Jason is right about that.

[the_ancient]

yes, ALWAYS, ALWAYS return some kind of reponse code to the user filling out the form.

All it has to be is a simple "Thanks" but something to let the person filling out the form know that is was processed properly

[EliteRides]

Ok. Did I add the creditcard, email, merchant_id and sku correctly? The user won't see the merchant_id or sku will they?

Code:

$curl = curl_init();
                curl_setopt($curl, CURLOPT_URL, 'https://wwwremotesite/somescript.php');
                curl_setopt($curl, CURLOPT_HEADER, 0);
                curl_setopt($curl, CURLOPT_POST, 1);
                curl_setopt($curl, CURLOPT_POSTFIELDS, 'username=' . urlencode($username) . '&password=' .
                  urlencode($password) . '&creditcard=' . '&email=' . '&merchant_id=139' . '&sku='LLPMTRIALC'));
                curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
                $result = curl_exec($curl);
                curl_close($curl);

Now, how does the user actually input their credit card and e-mail? Do I still create a form like so:

Code:

<form action="http://url_to_script_Jason_provided" method="post" name="Cancel" id="Cancel">
  <input name="creditcard" type="text" id="creditcard" value="Credit Card #" size="16" maxlength="16">
  <input name="email" type="text" id="email" value="E-mail Address" size="16" maxlength="50">
  <input type="hidden" name="merchant_id" value="139">
  <input type="hidden" name="sku" value="LLPMTRIALC">
  <input type="hidden" name="user" value="">
  <input type="hidden" name="password" value="">
</form>

Where you put:

Code:

'username=' . urlencode($username) . '&password=' .
                  urlencode($password)

Do I change this to:

Code:

'username=' . urlencode(MY_REAL_USERNAME) . '&password=' .
                  urlencode(MY_REAL_PASSWORD)

Or does your php script read from the form where I put name="user" value="" and name="password" value="" ??

Thanks again, so much. I'm more a designer than coder. This is helping me a lot.

[Spathiphyllum]

Do I change this to:

Code:

'username=' . urlencode(MY_REAL_USERNAME) . '&password=' .
                  urlencode(MY_REAL_PASSWORD)

Or does your php script read from the form where I put name="user" value="" and name="password" value="" ??

I'll let jason handle the specifics so as not to confuse things too much; but, the $username and $password strings are variable expressions and you will not enter a particular value for them. The values for these variables should be derived dynamically from the form submission input page. The php script should parse the form's return key:value combination and extract the "username" and "password" strings from the entire returned string (among the others). jason has not provided you with that portion of input string parsing. I don't work with php to tell you what subroutine is preferred. Just know that the form's input string will need to be accepted by the php script, disassembled into key:value pairs, the values checked for sanity and security, and those "cleaned" values inserted into the proper place in the $curl object.

Simply, the HTML form (which you seem to have constructed properly) accepts values and it passes that long string of user data (../script.php?(key=value&)n); that string is accepted by the php script after form submission and broken down again into component parts, and those component parts are assigned to specific spots in the $curl object which will, subsequently, pass that information on to the other server.

Just to be clear, I believe the username/password values are from the customer and NOT some confirmation data from you - the merchant. If the data that needs to be sent to the third party server is actually unique information from the merchant, then you would need to get that information elsewhere and, perhaps, hardcoding the values as you did in your other example would be appropriate.

I hope this helps but I'd suggest you wait for jason to clarify this a bit more. This might nudge you along until he gets here.

[Connie]

Can't help you with the code, but I am wondering. Is this form on your site going to be a secure page? If not I don't think most people won't fill in their CC number.

[EliteRides]

poo... no delete capability in this board. Disregard this reply.