hokie5449 Posted November 23, 2010 Share Posted November 23, 2010 I have a website that a user fills out there login information which we then post to another website outside of our system. The website where the information is being posted is doing an IP check. They are trying to check for our server IPs instead of the users IPs. Since the POST is coming from the user, there is no way to get the server IP (that I know of...right?). As a work around for this, I'm trying to initially post to another script on our server which will then repost the information using PHP. This way the IP will be from our server instead of the user. I've tried using curl, and while that allows me to pull the content of the webpage, it does not redirect the user to the page after the login. I've also tried using header() but I'm pretty sure that solution will not work either. So does anyone know how I can send post information to a website on my server using php and have it send the user to the resulting page? Thanks Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted November 23, 2010 Share Posted November 23, 2010 post to the other site using curl, then header() the user to the other page. Quote Link to comment Share on other sites More sharing options...
hokie5449 Posted November 23, 2010 Author Share Posted November 23, 2010 I try something like below however, it only redirects me to the new page with no post data: $x = curl_init("http://externalsite.com"); curl_setopt($x, CURLOPT_POST, 1); curl_setopt($x, CURLOPT_POSTFIELDS, $data); curl_setopt($x, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($x, CURLOPT_REFERER, "site"); curl_setopt($x, CURLOPT_RETURNTRANSFER, 1); $content = curl_exec($x); curl_close($x); header("Location: http://externalsite.com"); exit; Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted November 23, 2010 Share Posted November 23, 2010 oh, now i understand. hmmm. i hope they aren't silly enough to just check IP on login and then ignore it afterward. but assuming they are... if this is even possible, I guess you'd need to transfer the login session cookies to the user's browser before sending them to the site. i'm very skeptical if it's even possible, or if a web server could be so easily fooled. Quote Link to comment Share on other sites More sharing options...
hokie5449 Posted November 23, 2010 Author Share Posted November 23, 2010 I also have a feeling this is not possible. I'll try transferring the session cookies to the user before redirecting them. Any idea how to do that? Thanks. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted November 23, 2010 Share Posted November 23, 2010 oh, just thought of something that will probably make this 'impossible': the target website will set a cookie in it's own domain. you will not be able to set a browser cookie using that domain. or at least you should not be able to, as far as I understand. therefore, though you may copy the cookie to the user's browser, the target site will not see it where it is expected and the user will not be logged in. Quote Link to comment Share on other sites More sharing options...
hokie5449 Posted November 23, 2010 Author Share Posted November 23, 2010 Ah, yes that makes sense. I'll start looking for another solution to this problem. Thanks. Quote Link to comment Share on other sites More sharing options...
hokie5449 Posted November 30, 2010 Author Share Posted November 30, 2010 If I use header(Location: www.url.com) in a script to redirect the user. Will the receiving server see the user IP or the server IP (using $_SERVER[REMOTE_ADDR]....or something similar)? Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.