Reconstructing a POST request and redirecting?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Robert Oschler
    #1

    Reconstructing a POST request and redirecting?

    I am working on a PHP 4 app that interacts with an external authorization
    server. The external server does "third-party" authorization of users.
    So I do the following:

    1) Each of my PHP scripts has an include file (require_once) that checks to
    see if the current user has recently been authorized.

    2) If not, the user is "handed off" to the external server. I do this by
    building the necessary URL for authorization and using refresh to perform
    the redirection.

    3) The external server authorizes the user by asking them to login.

    4) The external server then redirects the user's browser back to a
    predefined URL on my server.

    I have created a MySQL database, indexed by user ID, that stores the current
    URL request (to my server), the request type (GET/POST), and the GET & POST
    arguments.

    Before I hand the user off to the external server, I store all that
    information in the database. This all works fine so far.

    What I need to do now, in item 4 above, is look up the URL request info from
    the database, reconstruct the GET/POST request, and redirect the user's
    browser to that reconstructed destination.

    All I need is some helpful code snippets to show me a clean way to
    reconstruct POST requests; getting the headers right and such, and telling
    the user's browser to execute/fetch that POST request. If it matters, I am
    using the PEAR libraries for HTTP requests and I have no problem using
    Javascript based solutions.

    Does anybody have a code snippet that could save me some time here? Any
    caveats or warnings?

    Thanks.




    Tags: None
    • Andy Hassall
      #2
      Re: Reconstructing a POST request and redirecting?

      On Sun, 24 Jul 2005 17:16:15 -0400, "Robert Oschler"
      <no-mail-please@nospam.c om> wrote:
      [color=blue]
      >I am working on a PHP 4 app that interacts with an external authorization
      >server. The external server does "third-party" authorization of users.
      >So I do the following:
      >
      >1) Each of my PHP scripts has an include file (require_once) that checks to
      >see if the current user has recently been authorized.
      >
      >2) If not, the user is "handed off" to the external server. I do this by
      >building the necessary URL for authorization and using refresh to perform
      >the redirection.
      >
      >3) The external server authorizes the user by asking them to login.
      >
      >4) The external server then redirects the user's browser back to a
      >predefined URL on my server.
      >
      >I have created a MySQL database, indexed by user ID, that stores the current
      >URL request (to my server), the request type (GET/POST), and the GET & POST
      >arguments.
      >
      >Before I hand the user off to the external server, I store all that
      >information in the database. This all works fine so far.
      >
      >What I need to do now, in item 4 above, is look up the URL request info from
      >the database, reconstruct the GET/POST request, and redirect the user's
      >browser to that reconstructed destination.
      >
      >All I need is some helpful code snippets to show me a clean way to
      >reconstruct POST requests; getting the headers right and such, and telling
      >the user's browser to execute/fetch that POST request. If it matters, I am
      >using the PEAR libraries for HTTP requests and I have no problem using
      >Javascript based solutions.
      >
      >Does anybody have a code snippet that could save me some time here? Any
      >caveats or warnings?[/color]

      I do a similar thing for GET requests on an intranet at work, except I pass
      the "return URL" to the authentication page - I've chickened out of POST
      requests as it's reasonably safe to assume that nobody will be POSTing in from
      an unauthenticated area into the authenticated area (at the moment anyway), and
      the POST data may be too long to encode in a GET request.

      You don't have that problem as you say you're storing it in a database -
      that's a decent idea. Could also presumably do that in a session variable
      reasonably safely as well.

      If it's a GET request, then you can just reconstruct the URL and
      header("Locatio n: $absolute_url") to it. Main thing to watch out for is array
      parameters (i.e. value[]=x;value[]=y or value[1]=x;value[3]=y) etc.

      What sort of format are you using to store the data in the DB? Do you
      basically end up with a copy of the full (possibly multi-dimensional) $_GET
      array as it was before you went into the authentication section?

      If it's POST then you can't redirect into it, but you can reproduce all the
      form data using input type="hidden", fields and present a submit button to post
      back to the correct location.

      --
      Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
      <http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool

        Comment

        • Robert Oschler
          #3
          Re: Reconstructing a POST request and redirecting?


          "Andy Hassall" <andy@andyh.co. uk> wrote in message
          news:p5hae1lg7o jb2l43n03orj2ua cmcgfghav@4ax.c om...[color=blue]
          > On Sun, 24 Jul 2005 17:16:15 -0400, "Robert Oschler"
          > <no-mail-please@nospam.c om> wrote:
          >
          > I do a similar thing for GET requests on an intranet at work, except I[/color]
          pass[color=blue]
          > the "return URL" to the authentication page - I've chickened out of POST
          > requests as it's reasonably safe to assume that nobody will be POSTing in[/color]
          from[color=blue]
          > an unauthenticated area into the authenticated area (at the moment[/color]
          anyway), and[color=blue]
          > the POST data may be too long to encode in a GET request.
          >
          > You don't have that problem as you say you're storing it in a database -
          > that's a decent idea. Could also presumably do that in a session variable
          > reasonably safely as well.
          >
          > If it's a GET request, then you can just reconstruct the URL and
          > header("Locatio n: $absolute_url") to it. Main thing to watch out for is[/color]
          array[color=blue]
          > parameters (i.e. value[]=x;value[]=y or value[1]=x;value[3]=y) etc.
          >
          > What sort of format are you using to store the data in the DB? Do you
          > basically end up with a copy of the full (possibly multi-dimensional)[/color]
          $_GET[color=blue]
          > array as it was before you went into the authentication section?
          >
          > If it's POST then you can't redirect into it, but you can reproduce all[/color]
          the[color=blue]
          > form data using input type="hidden", fields and present a submit button to[/color]
          post[color=blue]
          > back to the correct location.
          >
          > --
          > Andy Hassall / <andy@andyh.co. uk> / <http://www.andyh.co.uk >
          > <http://www.andyhsoftwa re.co.uk/space> Space: disk usage analysis tool[/color]

          Andy,

          You basically answered my question when you told me that you can't redirect
          a POST. I'll have to modify my POST target scripts to look for a URL
          argument that tells them to pull the POST data from the database instead of
          the $_POST array. Not too hard.

          Thanks.


            Comment

            Previous template Next
            Working...