Spoofing a Post Request

July 7, 2008 | Time Savers | 0 comments

Ever needed to test what a form does on your site without having to go through and fill the thing in over and over? Alternatively have you ever needed to emulate a post request to a callback script or similar, something which is usually done by a secure server? Well I have!

If this happens then you can emulate the request to yours (or someone elses) server from anywhere using the following code.

<?php

$params = array('http'=>array('method'=>'POST','content'=>$string));
$context = stream_context_create($params);

$fp = @fopen($url, 'rb', false, $context);

if (!$fp) {
	echo 'Failed to open file pointer.';
} else {
	$response = @stream_get_contents($fp);
	if ($response === false) {
		echo 'POST Failed!';
	} else {
		echo $response;
	}
}

?>

Usage

Basically just pass the code above a URL in the variable $url and a formatted string in the format:

key1=var1&key2=var2&…

You should really stick it in a function and wrap in an HTML form but I’m not going to do it all for you! If all goes well then you should see the response from the post request, otherwise the appropriate error message will be shown.

Security Issues

Ever considered where else you could use this script? Ever though about how some people could use this script against your site? It could potentially be used for a DOS attack against anywhere but this is NOT what I recommend it be used for,  It’s just a handy tool for sending POST requests but if you are worried by this then there are a number of things you can do to prevent it.

The best I can think of is sending a DB stored random number with each POST. When your script receives it it should check the DB and delete that record if it exists then run the form, otherwise if it doesn’t exist then display the appropriate error message.

A Donate Button!

0 Comments

Leave a Reply

Divi United

About this site and Sean Barton

Picture of Sean
Sean Barton is a Freelance PHP Website Developer in Crewe, Cheshire. He is a Wordpress and CMS/Framework specialist.
This site was set up in 2008 as a tutorial and scripting resource for the PHP language and Wordpress.
Find out more about Sean on the About Me page or use the Hire Me page to get in touch. For more information about Sean's work take a look at the Portfolio

Our Services

  • Wordpress plugin/theme development
  • Divi specialist
  • Ecommerce (Woocommerce, WPSC, Shopify, Magento)
  • PSD to Wordpress theme conversion (Responsive)
  • Website design work (Banners, Logos, Full Site, etc)
  • Website analysis (security, usability, SEO)
  • API Integrations (InfusionSoft, SalesForce, Ontraport, Customer Thermometer, etc..)
  • Wordpress consultancy & expert advice
  • Crisis support
  • Website hosting

The main services offered are Wordpress based although we do a great deal of technical programming for bespoke systems. From troubleshooting, extending frameworks, finding bugs to writing them from scratch.

Find out more by looking through our past projects or get a quote.

Be the first to hear about new products/updates!

This is a mailing list for those people interested in being told when we release a new product (Divi plugin or Theme).

We shall also use this list to let you know about product updates and releases.

You have Successfully Subscribed!