Unable to follow a location (URL) using cURL when open_basedir is set - API callback failing

Existing method of posting values to API

As per the API documentation, a form has to be posted to the API URL (method="POST" and action="API_URL") with some input fields and a customer token field. The API processes and then posts response to a callback.php file on my server (fixed - can't change it). The page redirects to the API URL and then comes back to callback.php. I can access the posted vals using $_POST in that file. That's all about the existing method and it works fine.

Server side post to hide the customer token

For security reasons, I am trying to post from server side this time.

The Problem

Callback is not happening (code inside callback.php file not executing).

After sturggling hard with cURL to post to the API and receive callback, I realized that open_basedir is set in my server due to which CURLOPT_FOLLOWLOCATION. I found the following code which seems to be able to accomplish the posting even if safe_mode is On or open_basedir is set, provided that

we know generally where we'll be redirected to

Please go through the code below and tell me what is meant here by if we know generally where we'll be redirected to. Is it the URL where the API will redirect to after the processing completes? Then yes I know, it has to send callback to a callback.php file on my server, but that is not happening. :-

function curl($url, $postVars)
{
    $go = curl_init($url);
    curl_setopt ($go, CURLOPT_URL, $url);
    curl_setopt($go, CURLOPT_VERBOSE, 1);

    //follow on location problems
    if (ini_get('open_basedir') == '' && (ini_get('safe_mode')== 'Off'))
    {
        curl_setopt ($go, CURLOPT_FOLLOWLOCATION, $l);
        $syn = curl_exec($go);
        if(curl_error($go))
            return false;
    }
    else
        $syn = curl_redir_exec($go, $postVars);
    curl_close($go);
    return $syn;
}

function curl_redir_exec($ch, $postVars)
{
    static $curl_loops = 0;
    static $curl_max_loops = 20;
    if ($curl_loops++>= $curl_max_loops)
    {
        $curl_loops = 0;
        return FALSE;
    }
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $postVars);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    $data = curl_exec($ch);
    if(curl_error($ch))
        return false;
    list($header, $data) = explode("\n\r", $data, 2);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    $redirect_page = "[0-9]*.html";
    $base_redirect = "http://example.com/";

    if ($http_code == 301 || $http_code == 302)
    {
        $matches = array();
        $pregs = eregi($redirect_page, $data, $matches);
        $new_url = $base_redirect . $matches[0];
        if (!$new_url)
        {
            //couldn't process the url to redirect to
            $curl_loops = 0;
            return $data;
        }
        curl_setopt($ch, CURLOPT_URL, $new_url);

        return curl_redir_exec($ch, $post开发者_JAVA百科Vars);
    }
    else
    {
        $curl_loops=0;
        return $data;
    }
}

On running the code, it enters into the conditon where $http_code is neither 301 nor 302 (it is 200 in my case). And printing the $data gives the following:-

HTTP/1.1 200 OK Date: Wed, 01 Sep 2010 10:02:44 GMT Server: Apache/2 X-Powered-By: PHP/5.2.11 Content-Length: 0 Connection: close Content-Type: text/html

Help

Help me guys..

Any code changes to this needed?

Will cURL not work in my case? (it is an asynchronous API - it triggers the callback when it's done. The original request does not receive a return value in this kind of setup.)

Thanks Sandeepan

You should check what the URL was cURL requested (echo $new_url;)