Override CURLOPT_FOLLOWLOCATION for Credit Card

0
votes

I have an issue with a website i'm hosting on a shared server where an 'open_basedir' is set... So therefore the credit system throws an error and won't charge the buyers credit card.

Error Message

Warning: curl_setopt() [function.curl-setopt]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in

Code

function http_post($method, $server, $port, $url, $vars) {

$postdata = "";
foreach($vars as $key => $value) {
    $postdata .= urlencode($key) . "=" . urlencode($value) . "&";
}

$postdata = substr($postdata,0,-1);
$content_length = strlen($postdata);

$headers = "POST $url HTTP/1.1\r\n".
    "Accept: */*\r\n".
    "Accept-Language: en-nz\r\n".
    "Content-Type: application/x-www-form-urlencoded\r\n".
    "Host: $server\r\n".
    "Connection: Keep-Alive\r\n".
    "Cache-Control: no-cache\r\n".
    "Content-Length: $content_length\r\n\r\n";

$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $method . '://' . $server .":". $port . $url);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);

$ret = curl_exec($ch);
curl_close($ch);
return $ret;
}

Is there anyway around this without having access to the root PHP.ini and having to switch hosts? Thank you.

1
postcurlphpcredit-card
"i'm hosting on a shared server... won't charge the buyers credit card" Congratulations, you're a walking PCI violation. :-/ceejayoz
Give me a break dude i'll get it sorted it's not live yet.Matt Reid

1 Answers

0
votes

There is no way to override the value of open_basedir in php.ini as this would somewhat defeat the purpose. An alternative is to write your own function perform the same functionality as CURLOPT_FOLLOWLOCATION would with open_basedir not set. I have used a variation of this code found from http://php.benscom.com/manual/en/function.curl-setopt.php#102121 which loops your request and does a regex match for Location: in the response headers, following as needed with a new request:

function curl_exec_follow(/*resource*/ $ch, /*int*/ &$maxredirect = null) { 
    $mr = $maxredirect === null ? 5 : intval($maxredirect); 
    if (ini_get('open_basedir') == '' && ini_get('safe_mode' == 'Off')) { 
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, $mr > 0); 
        curl_setopt($ch, CURLOPT_MAXREDIRS, $mr); 
    } else { 
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false); 
        if ($mr > 0) { 
            $newurl = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); 

            $rch = curl_copy_handle($ch); 
            curl_setopt($rch, CURLOPT_HEADER, true); 
            curl_setopt($rch, CURLOPT_NOBODY, true); 
            curl_setopt($rch, CURLOPT_FORBID_REUSE, false); 
            curl_setopt($rch, CURLOPT_RETURNTRANSFER, true); 
            do { 
                curl_setopt($rch, CURLOPT_URL, $newurl); 
                $header = curl_exec($rch); 
                if (curl_errno($rch)) { 
                    $code = 0; 
                } else { 
                    $code = curl_getinfo($rch, CURLINFO_HTTP_CODE); 
                    if ($code == 301 || $code == 302) { 
                        preg_match('/Location:(.*?)\n/', $header, $matches); 
                        $newurl = trim(array_pop($matches)); 
                    } else { 
                        $code = 0; 
                    } 
                } 
            } while ($code && --$mr); 
            curl_close($rch); 
            if (!$mr) { 
                if ($maxredirect === null) { 
                    trigger_error('Too many redirects. When following redirects, libcurl hit the maximum amount.', E_USER_WARNING); 
                } else { 
                    $maxredirect = 0; 
                } 
                return false; 
            } 
            curl_setopt($ch, CURLOPT_URL, $newurl); 
        } 
    } 
    return curl_exec($ch); 
}