CF request / PHP response Web services

Report · Dec 13, 2006

Sorry, but I'm starting to get frustrated.

I need to pass a user_id from a CF script (main site) to a PHP script (forum) securely for log in. I'm not looking from too much help on the PHP side, I'll concern myself with that later. But I do need help at broadcasting the information via web services, and then waiting on the PHP script's response so that the CF script can then conclude.

Just found out my hosting doesn't support PHP Webservices, such as PEAR::SOAP, NuSOAP, or PHP-SOAP.
So with that, what the next best way, or a better way of getting this done?

Thanks in advance for any help... Mike, Dan, hint, hint. ;-)

Report · Dec 13, 2006

How does this sound?

1) Log In CF.
2) Add temp database entry w/ user_id.
3) redirect to PHP w/ user_id in url -- via cflocation --
4) Search temp database entries for user_id match. If exist, log-on, else don't.
5) Redirect to CF -- via header (location) --
6) Delete temp database entry to complete process

If you have any thought's on how this may not be a good idea, please tell.

Report · Dec 13, 2006

That could work but don't just send user id. You should send a date, or hash too (also stored in that temp table).

This makes it harder for the bad guys to spoof a user.

(Or better yet, just send browser session information (matched to a database entry).

If you are creating a login system, don't delete the table row until after its expiration time (stored as a column) or unless the user logs out.

Finally, see http://coldfusion.sys-con.com/read/138965.htm for another take on this.

Report · Dec 14, 2006

Thanks for the reply Mike.

Current status:
I tried to get the process described at http://coldfusion.sys-con.com/read/138965.htm to work, but I keep getting a connection failed while either attempting a cfhttp GET or POST.

Nothing amazing, this is all there is to the code, both turning up 'Connection Failed' for FileContent:
1) <cfhttp method="get" url="exchange/index.php"></cfhttp>
2) <cfhttp method="post" url="exchange/login.php">
<cfhttpparam type="formfield" name="username" value="prentiss77">
<cfhttpparam type="formfield" name="password" value="alvinapa1">
</cfhttp>

I've event tried cfdump-ing the cfhttp, but nothing.

Report · Dec 14, 2006

<cfhttp method="get" url="exchange/index.php"></cfhttp>

Have tried these with a fully qualified URL? I.E.
http://localhost/exchange/index.php OR
http://www.testingStuff.com/exchange/index.php.

IIRC, <cfhttp...> does not understand relative links well. How could
it, it is basically telling CF to open up an internal browser, go to a
resource and return what it finds there.

Report · Dec 14, 2006

Hell yeah!
Ian, that helped a lot. Thanks.

Now let me see if I can get the rest of this to work.

Report · Dec 14, 2006

When viewing cookies being set on the PHP page I am cfhttp GET-ing, one of the keys value does not read accurately. These are not the exact values... I was unable to pull both accurate and inaccurate values at the same time, but you should be able to tell by the format of the values, something is wrong.

PHP sets exchange_data (cookie) to a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;}.
CFHTTP reports this same value as a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D.

Why is cfhttp incorrectly reading the cookie-set data?

Report · Dec 14, 2006

Actually, PHP is messing up. It SHOULD encode a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;} as
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A%2D1%3B%7D
(minus symbol not encoded properly).

Other than that, everything is as it should be. Data values sent via http are required to be url encoded.

Since you are not using CF's form and URL processing, you need to use the URLDecode() function.

Adobe Community

CF request / PHP response Web services