I've created this php script a while ago that is working well.
UPDATE
(Removed a lot of text that turns out not relevant for this problem.)
Only thing: I don't know why it is working. (returns $result and I don't know how)
UPDATE
Due to request here the original (sensible info replaced) script in question:
<?php
$http_origin = $_SERVER['HTTP_ORIGIN'];
if ($http_origin == "https://some.domains.tld" ||
$http_origin == "https://some.domains.tld" ||
$http_origin == "https://some.domains.tld" ||
$http_origin == "https://some.domains.tld" ||
$http_origin == "https://some.domains.tld")
{
header("Access-Control-Allow-Origin: ".$http_origin);
}
### global variables
$curl; $mode = $_POST['mode'];
### init logging
$file = fopen('error.txt', 'w');
### log request source
#fwrite($file, "request from: ".$http_origin."
");
### create variable parameters
$api_key='mysecretkey';
###Init curl
#fwrite($file, "Ok, try to include curl..."."
");
try{
$curl = curl_init();
}catch(Exception $e){
fwrite($file, "curl init failed. Look: "."
".$e."
");
return null;
}
switch ($mode) {
case 'alldatas':
alldatas();
break;
case 'adata':
adata();
break;
case 'register':
register();
break;
default:
return;
}
###Get list of all datas
function alldatas()
{
global $curl;
global $api_key;
global $file;
$result;
$params = ['api_key' => $api_key];
try{
curl_setopt($curl, CURLOPT_URL, "https://some.third-party.service/api/v2/ever/webinars");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
$result = curl_exec($curl);
}catch(Exception $e){
fwrite($file, "data list failed. Look: "."
".$e."
");
return null;
}
return $result;
}
###Get a data
function adata()
{
global $curl;
global $api_key;
global $file;
$result;
$data_id = $_POST['data_id'];
if($data_id){
$params = [
'api_key' => $api_key,
'data_id' => $data_id
];
try{
curl_setopt($curl, CURLOPT_URL, "https://some.third-party.service/api/v2/ever/webinar");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
$result = curl_exec($curl);
}catch(Exception $e){
fwrite($file, "webinar fetch failed, man. Look: "."
".$e."
");
return null;
}
return $result;
}
}
###Register user to a datas
function register(){
global $curl;
global $api_key;
global $file;
$result;
$data_id = $_POST['data_id'];
$name = $_POST['name'];
$email = $_POST['email'];
$schedule = $_POST['schedule'];
$timezone = $_POST['timezone'];
if($data_id && $name && $email && $schedule && $timezone){
$params = [
'api_key'=>$api_key,
'data_id'=>$data_id,
'name'=>$name,
'email'=>$email,
'schedule'=>$schedule,
'timezone'=>$timezone
];
try{
curl_setopt($curl, CURLOPT_URL, "https://some.third-party.service/api/v2/ever/register");
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
$result = curl_exec($curl);
}catch(Exception $e){
fwrite($file, "data list failed. Look: "."
".$e."
");
return null;
}
}
return $result;
}
?>
You are not setting CURLOPT_RETURNTRANSFER in your curl_setopt(). What that means is that when curl_exec() is called, the result of the cURL transfer is echoed out! That's where your returned data is coming from.
When CURLOPT_RETURNTRANSFER is TRUE, then curl_exec() returns the data and echos nothing. But, when CURLOPT_RETURNTRANSFER is FALSE (or unset), then curl_exec() echos the data and returns TRUE.
curl_exec echoes if you don't use
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
The old script uses curl_exec() to output data.
By default curl_exec() sends to output the content of the response it receives and returns the success of the operation. If you want it to not send the data to the output but return it, you must call curl_setopt($curl, CURLOPT_RETURNTRANSFER) before curl_exec().