CF request / PHP response Web services

Forum|Forum|19 years ago
December 13, 2006
3 replies
644 views

Sorry, but I'm starting to get frustrated.

I need to pass a user_id from a CF script (main site) to a PHP script (forum) securely for log in. I'm not looking from too much help on the PHP side, I'll concern myself with that later. But I do need help at broadcasting the information via web services, and then waiting on the PHP script's response so that the CF script can then conclude.

Just found out my hosting doesn't support PHP Webservices, such as PEAR::SOAP, NuSOAP, or PHP-SOAP.
So with that, what the next best way, or a better way of getting this done?

Thanks in advance for any help... Mike, Dan, hint, hint. ;-)

Advanced techniques

This topic has been closed for replies.

R

romeogqAuthor

Inspiring

When viewing cookies being set on the PHP page I am cfhttp GET-ing, one of the keys value does not read accurately. These are not the exact values... I was unable to pull both accurate and inaccurate values at the same time, but you should be able to tell by the format of the values, something is wrong.

PHP sets exchange_data (cookie) to a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;}.
CFHTTP reports this same value as a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D.

Why is cfhttp incorrectly reading the cookie-set data?

A

Anonymous

Actually, PHP is messing up. It SHOULD encode a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;} as
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A%2D1%3B%7D
(minus symbol not encoded properly).

Other than that, everything is as it should be. Data values sent via http are required to be url encoded.

Since you are not using CF's form and URL processing, you need to use the URLDecode() function.

R

romeogqAuthor

Inspiring

Hell yeah!
Ian, that helped a lot. Thanks.

Now let me see if I can get the rest of this to work.

R

romeogqAuthor

Inspiring

How does this sound?

1) Log In CF.
2) Add temp database entry w/ user_id.
3) redirect to PHP w/ user_id in url -- via cflocation --
4) Search temp database entries for user_id match. If exist, log-on, else don't.
5) Redirect to CF -- via header (location) --
6) Delete temp database entry to complete process

If you have any thought's on how this may not be a good idea, please tell.

A

Anonymous

That could work but don't just send user id. You should send a date, or hash too (also stored in that temp table).

This makes it harder for the bad guys to spoof a user.

(Or better yet, just send browser session information (matched to a database entry).

If you are creating a login system, don't delete the table row until after its expiration time (stored as a column) or unless the user logs out.

Finally, see http://coldfusion.sys-con.com/read/138965.htm for another take on this.

R

romeogqAuthor

Inspiring

Thanks for the reply Mike.

Current status:
I tried to get the process described at http://coldfusion.sys-con.com/read/138965.htm to work, but I keep getting a connection failed while either attempting a cfhttp GET or POST.

Nothing amazing, this is all there is to the code, both turning up 'Connection Failed' for FileContent:
1) <cfhttp method="get" url="exchange/index.php"></cfhttp>
2) <cfhttp method="post" url="exchange/login.php">
<cfhttpparam type="formfield" name="username" value="prentiss77">
<cfhttpparam type="formfield" name="password" value="alvinapa1">
</cfhttp>

I've event tried cfdump-ing the cfhttp, but nothing.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded