7 Replies Latest reply on Dec 14, 2006 4:41 PM by MikerRoo

    CF request / PHP response Web services

    romeogq Level 1
      Sorry, but I'm starting to get frustrated.

      I need to pass a user_id from a CF script (main site) to a PHP script (forum) securely for log in. I'm not looking from too much help on the PHP side, I'll concern myself with that later. But I do need help at broadcasting the information via web services, and then waiting on the PHP script's response so that the CF script can then conclude.

      Just found out my hosting doesn't support PHP Webservices, such as PEAR::SOAP, NuSOAP, or PHP-SOAP.
      So with that, what the next best way, or a better way of getting this done?

      Thanks in advance for any help... Mike, Dan, hint, hint. ;-)
        • 1. CF request / PHP response Web services
          romeogq Level 1
          How does this sound?

          1) Log In CF.
          2) Add temp database entry w/ user_id.
          3) redirect to PHP w/ user_id in url -- via cflocation --
          4) Search temp database entries for user_id match. If exist, log-on, else don't.
          5) Redirect to CF -- via header (location) --
          6) Delete temp database entry to complete process

          If you have any thought's on how this may not be a good idea, please tell.
          • 2. Re: CF request / PHP response Web services
            MikerRoo Level 1
            That could work but don't just send user id. You should send a date, or hash too (also stored in that temp table).

            This makes it harder for the bad guys to spoof a user.

            (Or better yet, just send browser session information (matched to a database entry).

            If you are creating a login system, don't delete the table row until after its expiration time (stored as a column) or unless the user logs out.

            Finally, see http://coldfusion.sys-con.com/read/138965.htm for another take on this.
            • 3. Re: CF request / PHP response Web services
              romeogq Level 1
              Thanks for the reply Mike.

              Current status:
              I tried to get the process described at http://coldfusion.sys-con.com/read/138965.htm to work, but I keep getting a connection failed while either attempting a cfhttp GET or POST.

              Nothing amazing, this is all there is to the code, both turning up 'Connection Failed' for FileContent:
              1) <cfhttp method="get" url="exchange/index.php"></cfhttp>
              2) <cfhttp method="post" url="exchange/login.php">
              <cfhttpparam type="formfield" name="username" value="prentiss77">
              <cfhttpparam type="formfield" name="password" value="alvinapa1">

              I've event tried cfdump-ing the cfhttp, but nothing.
              • 4. Re: CF request / PHP response Web services
                Level 7
                <cfhttp method="get" url="exchange/index.php"></cfhttp>

                Have tried these with a fully qualified URL? I.E.
                http://localhost/exchange/index.php OR

                IIRC, <cfhttp...> does not understand relative links well. How could
                it, it is basically telling CF to open up an internal browser, go to a
                resource and return what it finds there.
                • 5. Re: CF request / PHP response Web services
                  romeogq Level 1
                  Hell yeah!
                  Ian, that helped a lot. Thanks.

                  Now let me see if I can get the rest of this to work.
                  • 6. Re: CF request / PHP response Web services
                    romeogq Level 1
                    When viewing cookies being set on the PHP page I am cfhttp GET-ing, one of the keys value does not read accurately. These are not the exact values... I was unable to pull both accurate and inaccurate values at the same time, but you should be able to tell by the format of the values, something is wrong.

                    PHP sets exchange_data (cookie) to a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;}.
                    CFHTTP reports this same value as a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B %7D.

                    Why is cfhttp incorrectly reading the cookie-set data?
                    • 7. Re: CF request / PHP response Web services
                      MikerRoo Level 1
                      Actually, PHP is messing up. It SHOULD encode a:2:{s:11:"autologinid";s:0:"";s:6:"userid";i:-1;} as
                      a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A%2D1%3 B%7D
                      (minus symbol not encoded properly).

                      Other than that, everything is as it should be. Data values sent via http are required to be url encoded.

                      Since you are not using CF's form and URL processing, you need to use the URLDecode() function.