How do I spoof a form (CURL?)

Anon

I'm doin an ecommerce site. I need to spoof a browser and send form infomration as a POST as a request to a page, and get the content of the response back. How do I do this?

BTW the CURL function the gateway company used as an example don't give a warning, but they don't work. Actually, curl_init() does give a warning, but curl() does not, but it just acts like it never happened.

I really appreciate help on this. By the way, I'm making a second post after this ("the bigger issue") because I have another related question, so if you have time please check it out.

thanks,
Sam Fullman
Compass Point Media

Anon

First Question is: do you have cURL installed?

As for how you use it to make a form request, I'm sure the manual has everything you need.

$postfields[]='name='.urlencode($name);
$postfields[]='date='.urlencode($date);
$postfields[]='something='.urlencode($something);
$postfields[]='else='.urlencode($else);
$postfields=join('&',$postfields);
...
curl_setopt($curl, CURLOPT_POST,1);
curl_setopt($curl, CURLOPT_URL,'http://../whatever.php');
curl_setopt($curl, CURLOPT_POSTFIELDS, $postfields)
....
etc. for other options
...
$result = curl_exec($curl);

Anon

I don't think I have CURL installed. Anyway, that code didnt' seem to work when I tried it. Is there anything in phpinfo() that will tell me if cURL is installed, or what settings I might need to change on my particular system? (it's a Linux redhad system).

AND, ARE THERE ANY RESOURCES I CAN FORWARD THE WEB HOST IF WE NEED TO INSTALL IT?

THANK YOU.

Anon

if(function_exists('curl_exec'))
{ you have cURL installed.
}

There should be some mention somewhere in phpinfo as well (hint: ctrl-f).

To obtain it, a link to the cURL home page is in the manual.

If the sysadmin refuses to do the install, you can do the form construction and request yourself using fsockopen to open a socket and related functions to send a POST request "by hand", which looks somethine like:

POST [url of action script] HTTP/1.0
Content-type: text/x-www-form-urlencoded
Content-length: [stringlength of the body]
[one blank line]
this=one+field
&another=field+with+%27quotes%27
&yet=another+field+%2d+with+four+words%2c+an+ampersand%2c+a+hyphen,+a+couple+of+commas+or+so+%26+seventeen+words

Anon

Hey thanks,it worked!

I just have a question as to how I can besure that the socket is a secure socket.

Here is a sample of the code that worked. Is this secure, and if not how to I make it so?

$fp = fsockopen ("digitalconcept.safeserver.com", 80);
if ($fp) {

fputs ($fp, "
POST /cpm/result.php HTTP/1.1
Host: digitalconcept.safeserver.com
Content-Length: 18
Content-Type: application/x-www-form-urlencoded
Connection: Close

cc=12345&amt=50.95

");
while (!feof($fp)) echo fgets ($fp,128);
fclose ($fp);
}

I tried https://digitalconcept.safeserver.com (the way you'd type it into your browser) but that didn't work returned (0) for connection.

again with much gratitude,
Sam Fullman