I need to slightly modify the source Referrer and I'm doing it like this:
In my .HTACCESS file:
RewriteEngine On
RewriteRule ^/?[\w]{10}$ https://audiobookscloud.com/bayg45xx2ds/?target=https://whatsmyreferer.com/ [L,NC]
On my post page I have this code:
<?php if($_GET['target']) { ?>
<meta name="referrer" content="unsafe-url">
<meta http-equiv="REFRESH"
content="0;URL=<?php echo $_GET['target'];?>">
<?php } ?>
But the Referrer appears like this: https://audiobookscloud.com/bayg45xx2ds/?target=https://whatsmyreferer.com/
But I need it to be exactly like this:: https://audiobookscloud.com/bayg45xx2ds/
Would it be possible to hide the URL parameter? How can I get
The browser is not going to drop parts of the referring URL, just because you wish that to happen. You will need to make it so that the browser is actually "on" the URL that you want to see sent as referrer, when the refresh happens.
Since the GET parameter can't be eliminated from URL, because you need the target parameter value, you could take a "detour" via a POST request.
<?php if($_GET['target']) { ?>
<form action="https://audiobookscloud.com/bayg45xx2ds/" method="post">
<input type="hidden" name="target" value="<?php echo $_GET['target'];?>">
</form>
<script>document.forms[0].submit();</script>
<?php } ?>
<?php if($_POST['target']) { ?>
<meta name="referrer" content="unsafe-url">
<meta http-equiv="REFRESH"
content="0;URL=<?php echo $_POST['target'];?>">
<?php } ?>
When the target GET parameter is passed, create a form, that targets the URL without that parameter, and passes the value on via a hidden field. Tiny bit of script, to automatically submit that form.
Then, when the script receives the POST request, output your original code that does the meta refresh, only this time the value is taken from the POST parameters.
P.s., to make this not be open to XSS, you should apply htmlspecialchars when your output the parameter value.
To hide the URL parameter, you could modify the RewriteRule in your .htaccess file to remove it from the final URL. Try this.
RewriteEngine On
RewriteRule ^/?[\w]{10}$ https://audiobookscloud.com/bayg45xx2ds/ [L,NC]
This will remove the "?target=https://whatsmyreferer.com/" from the final URL.
Additionally, you can also remove the parameter from the PHP code on your post page:
<?php if($_GET['target']) { ?>
<meta name="referrer" content="unsafe-url">
<meta http-equiv="REFRESH"
content="0;URL=https://audiobookscloud.com/bayg45xx2ds/">
<?php } ?>
Related
I am trying to update some placeholder text (not the placeholder attribute) with values that come from a form-input, that are all on the same HTML page.
So I have one index.html file and one test.php file.
I am very new to PHP. I barely understand what it is and how it works.
I couldn't find anything online specific to my issue.
I am using an Apache2 Server and PHP 7.2 installed on Linux Mint 19.1.
<!DOCTYPE html>
<html>
<head>
<meta charset = "utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel = "stylesheet" type = "text/css" href = "master.css">
<title>Home Page</title>
</head>
<body>
<div id = "center_text_box">
<p>URL:</p> <p><span>%PLACEHOLDER_URL%</span></p>
<p>URL Refresh Rate:</p><p><span>%PLACEHOLDER_URR%</span>(s)</p>
<p>Brightness:</p> <p><span><?php echo 'Brightness: '.$Brightness;?></span>(%)</p>
</div>
<form method="post" action="">
<input id="text-input" type="url" inputmode="url" placeholder="Enter URL" name="getURL" value="" title = "URL">
<input class="URR" id="text-input" inputmode="numeric"
title="Enter a Refresh Time(s) between 1 and 10"
type="text"
pattern="([0-9]{1,2})"
oninvalid="this.setCustomValidity('Please enter a number between 1 and 10')"
onchange="try{setCustomValidity('')}catch(e){}"
oninput="setCustomValidity(' ')"
maxlength="2"
placeholder="*Enter URL Refresh Time (s)" name="getRefreshRate" value="">
<input class="Brightness" id="text-input" inputmode="numeric" type="text" maxlength="2" pattern="([0-9]{1,2})"
oninvalid="this.setCustomValidity('Please enter a number between 2 and 99')"
onchange="try{setCustomValidity('')}catch(e){}"
oninput="setCustomValidity(' ')"
placeholder="*Enter Brightness (2-99)" name="getBrightness" value="" title="Enter a Brightness value between 2 and 99">
<input id="button" type="submit" name="save_values" value="Save Values">
</form>
</body>
</html>
<?php
// Check if the form is submitted
if ( isset( $_POST['save_values'] ) ) { // retrieve the form data by using the element's name attributes value as key
$Brightness = $_POST['getBrightness'];
$RefreshRate = $_POST['getRefreshRate'];
$message = "Success ! You have entered Brightness: ".$Brightness." and RefreshRate: ".$RefreshRate;
exit;
}
?>
I would like for %PLACEHOLDER_URR% to update whenever I input a value using <input class="URR" name="getRefreshRate" value="">.
As you can see with Brightness I've tried replacing
<span>%PLACEHOLDER_Brightness%</span>
with
<span><?php echo 'Brightness: '.$Brightness;?></span>
but it did not work.
What can I do ?
Many things to cover here...
You say that your html and php files are separate, but you didn't say what they are called. So, I am going to call them index.html and index.php. You will have to replace every instance of "index" with whatever file name you used.
In the index.html file, you submit to index.html because the action of your form is set to nothing. If you don't set it, it will submit to itself. Therefore, it will never ever access the index.php file. If you want it to access the index.php file, you must set the action of your form to index.php.
Because your index.html file submits to itself, ignore the index.php file. It won't be touched in any way. It doesn't matter if they are sitting on the same server. No magic happens. Files don't mysteriously intermingle. So, in your index.html file, you tried to print $Brightness, but nowhere in that file do you set a value for $Brightness.
You could include index.php in your index.html file. At the top of the index.html file, add:
<?php include('index.php'); ?>
That will load the index.php file and process it before continuing through the index.html file. So, it will set $Brightness if you've received a submission. If you don't get a submission, $Brightness won't be set. That is caused by your if statement. You state that you want to set $Brightness if and only if save_values is set in Post.
Warning: View the source code when you load the index.html page. If you see <?php include('index.php'); ?> in your web browser, your server is not parsing html files for PHP. You must rename your index.html file to index.php - which may conflict with your existing .php file. This is a server setting. I set my personal server to process PHP in html files. Some people don't do that.
Warning: You have "exit" in your index.php. Remove that. It will kill your whole thing. You want it to do some work and then keep working.
Now, in your index.html file, you can't just print $Brightness. It might not have a value. You can use an if statement like you already did in the index.php file:
if(isset($Brightness)) print "Brightness: ".$Brightness;
Now, you can follow the flow. You load the page the first time. Nothing is posted, so when you include index.php, it doesn't set anything. The index.html file processes. $Brightness wasn't set, so it isn't printed. You type stuff in the form and submit it. The page loads again. This time, index.php sets $Brightness and index.html prints $Brightness.
Kind of confused.Let me explain an example situation.
I have a form at delete.php (plain PHP, no framework) that receives a parameter through http get
When I send the form I've always thought that GET values are going to be lost therefore, If I want to keep those values I must use input type="hidden" , sessions or any other mechanism.
But using PHP 7.0.8, Apache 2.4(for sure it's not a version issue just wanted to let you know) I've realized the following:
a) If the action of the form is set to delete.php (the same url) GET values are lost once the form is submitted. As expected
b) If the action of the form is NOT set then data are sent to delete.php (as expected) but GET values are kept.
I don't know why and I can't find an explanation in any docs or http espec.
Does anybody know where is this situation explained?
Here's the code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>GET / POST TEST</title>
<link rel="stylesheet" type="text/css" href=" ">
</head>
<body>
<form method="post" action="get_post_test.php">
Name<input type="text" name="name" required><br>
LastName<input type="text" name="lastname" required><br>
<p>
<input type="submit">
</p>
</form>
<?php
if(isset($_GET['id'])) {
echo "TENGO GET";
var_dump($_GET);
}
if (isset($_POST['name'])) {
echo "TENGO POST";
var_dump($_POST);
}
?>
</body>
</html>
I'm getting $_GET['id'] through a link and if:
a) action="get_post_test.php" then $_GET['id'] is lost when form submitting (as I expected because get_post_test.php is the name of the current file)
b) If I don't set any action $_GET['id'] still is available when submitting ????????
Kind regards.
Lets take an example
Case 1: When action is defined
When an action is defined then the form is submitted to that page.
Ex: If your action is delete.php and the URL is delete.php then
form will send data as expected and the URL will become like this
delete.php?KEY=VALYE&... but the action of the form will be same
delete.php because you have defined it. Thats why previous data will be lost on resubmit
Case 2: When action is left blank.
When an action is left blank that means the action will be the same as
the url.
Ex: When your URL is delete.php then the action will be the same as URL
delete.php thats why form will send data as expected. After that the URL
will become like this delete.php?KEY=VALYE&.... When you resubmit
the form then the action will be the same as url which already has the same
get values.
Hope this will help you to understand
I want to make an HTML (or php maybe?) page that constructs a new HTML page based on input parameters the user gives to a drop-down box. I just don't know how you handle the input.
Here's my HTML:
<html>
<body>
<input type="number" min="1">
</body>
</html>
Yes I know it's not the full HTML page, but I just want to focus on the <input> tag. I know you probably have to set it equal to a PHP variable maybe?
I want it to generate a different HTML page that looks like this:
<html>
<body>
<p>You have chosen: $input </p>
</body>
</html>
I might be asking this all wrong, but I hope it makes sense what I'm looking for. I need to know how to handle the user input. I couldn't find a thread that discusses this. Do I need to generate a new HTML file? Or just override the current one and maybe have a reset button? I'm so confused.
In the simple case, you'll have two pages: your form and your result page. You can send data from the form page to the results page with one of two methods: GET or POST.
GET means that the data you're sending gets put in the page URL. This is useful because then you can link to a specific version of the results page, but potentially dangerous because you don't want to put sensitive data in the URL bar.
POST means that the data is sent with the HTTP request in the background. This is preferable for something like a password.
The GET and POST data can be read by nearly any server-side language and used to generate HTML on-the-fly. The example below uses PHP.
The form page doesn't necessarily need any server-side code, just basic HTML. Here's a simple example:
<!DOCTYPE html>
<html>
<form method="GET" action="my_result.php">
<input type="text" name="my_value">
<input type="submit">
</form>
</html>
Your second page (the results page) should bear the name that you specified in the form's action attribute. This is the page which will need server-side code. So here is an example my_result.php:
<!DOCTYPE html>
<html>
<p><?php echo $_GET['my_value']; ?></p>
</html>
Obviously, my_value can and should be replaced by whatever you want to call your data, as long as the name attribute of the input element matches the key in the PHP.
This example uses the GET method. You can use POST by changing the method attribute of the form and using $_POST instead of $_GET (if you are using PHP).
If you use $_REQUEST rather than $_GET or $_POST, it finds a value that was passed via either GET or POST. This is usually less safe than explicitly stating how your value was passed.
Addendum: Some servers are configured to disallow you from directly using the values of php superglobals such as $_GET, $_POST, and $_REQUEST for security purposes. That is because you really should always sanitize user input before using it in an application. The type of sanitization required depends on the type of input and how it is being used, and is well outside of the scope of this question. For this purpose, php provides the filter_input function.
The sanitization filter is an optional parameter for the filter_input function, so if you really want to use the data unfiltered, you can simply omit it (but know that this is dangerous). In this case, you can replace all instances of $_GET['my_value'] in the above code with filter_input(INPUT_GET, 'my_value').
This is not a tutorial, but I guide you to some important points:
You can get user input with html by using form element. read more about form and methods of form (GET and POST).
Then, how can you print user input when submitted by user? php supports both (GET and POST) using $_GET and $_POST with input name as key.
Dealing with user-input needs extra care because of security. user might submit malicious content that later attacks you or another user.
Try like below
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<?php
if ($_POST) {
echo "<h3>You have selected ".$_POST['number']."</h3>";
} else {
echo '
<form method="post" action="">
<select name="number" id="number">
<option value="1" >1</option>
<option value="2" >2</option>
<option value="3" >3</option>
</select>
<input type="submit" value="submit">
</form>
';
}
?>
</body>
</html>
To handle a user input you have to use forms
<form action="action_page.php">
<input type="number" min="1 name="my-number">
<input type="submit" value="Submit">
</form>
After user set number and press submit button, you will get the value in action_page.php in $_REQUEST['my-number']
Why does firefox(haven't tested in another browser) has problems loading form values when a #; is in the addressbar?
If i have an <input type='radio' checked="checked">, the presence of this element in the addressbar may lead to the input not actually getting checked(as expected)
How can i avoid this behavior?
Example code:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" style="min-height:100%;">
<head>
<title>stuff2test</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body class="popup" >
<form action="" id="frm">
add #; to addressbar, and refresh
<?php $rnd = mt_rand(1, 4); ?>
<label for="r_v1"> <input id="r_v1" type="radio" value="v1" <?php if($rnd==1){ echo 'checked="checked"';}?> name="r"></input> checked?</label>
<label for="r_v2"> <input id="r_v2" type="radio" value="v2" <?php if($rnd==2){ echo 'checked="checked"';}?> name="r"></input> checked?</label>
<label for="r_v3"> <input id="r_v3" type="radio" value="v3" <?php if($rnd==3){ echo 'checked="checked"';}?> name="r"></input> checked?</label>
</form>
<button onClick="getElementById('frm').submit();" type="button">submit</button>
<br/>
RND: <?php echo $rnd;?>
<?php
if($rnd>0 && $rnd<=3){
echo "Checkbox {$rnd} should be checked";
}
?>
<br/>
<?php
var_dump($_GET);
?>
</body>
</html>
Edit2: cleaned the code a little, added an echo
You have links like this, right?
link
And you do something with them using JavaScript (here: jQuery too), right?
$('a').click(function() {
alert(1);
});
You need to add return false at the end of the function.
$('a').click(function() {
alert(1);
return false;
});
Edit:
After looking at your code... Do NOT use inline JavaScript!
You need some element that will do something on click? Just add class, ID - you name it... so you can distinguish between elements and then...
$('a.my_class').click(function() { // $('a#my_id')
// All you need to do.
return false; // For preventing browser to add '#' after current link (if you have 'href="#"').
});
From reading the comments on the question, the answer seems clear.
The problem is that Firefox tries to remember the state of the form when you reload the page, which includes which checkboxes are checked and which aren't. So even though you vary the default values in the HTML on reload, Firefox sees it as the same form and ignores the defaults set in the HTML in favor of what it has saved from before the reload.
I've heard you can disable this behavior by supplying the HTTP header Cache-Control: no-store, or by specifying autocomplete="off" on the form elements. But I have not tested either solution personally. Or you could use Javascript to reset the form on page load (either with the form object's reset() or by explicitly setting each field's value).
The hash (#) is a special character in a URL. Anything that comes after it is not sent to the server, so if you're using hashed URLs you really need to use POST (or an AJAX request to a non hashed URL if GET is essential) to send your form data.
An alternative is to implement something similar to Google's _escaped_fragment_ to ensure that the contents of your URL after the hash will be sent to the server.
I use that "trick" massively, and don't have problems, because I use the input type="submit" control.
If you replace the line:
<button onClick="getElementById('frm').submit();" type="button">submit</button>
with
<input type="submit" value="submit" />
solve the problem without changing the anchors and without touching the javascript code.
Good Luck!
I am using php, js, flash and mysql on 1 website.
I want to do a URL masking using frameset(or maybe iframe). Scenario:
An user click on a link, which direct him/her to my page with this url:
www.domain.com/index.php?var1=string1&var2=string2
How to mask the url so that visitor can only see www.domain.com/index.php, but actually there are some variables over there. I need the variables, but i dont want the visitors to see. How to do URL masking on this? (I dont expect to get any code, I just want to know the logic of the url masking method)
PS. I probably would not use mod_rewrite, because I dont know how to use/write the code. So please, answer with iframe/frameset methods :)
EDIT: I think I misunderstood your question, so here is another attempt:
In www.yourdomain.com/index.php:
<?php
session_start();
if (isset($_REQUEST['flashvar']) && ! isset($_SESSION['flashvar'])) {
// Store any parameters received
$_SESSION['flashvar'] = $_REQUEST['flashvar'];
// Redirecting without query parameters
header('Location: /index.php');
exit;
}
?>
<HTML>
<HEAD></HEAD>
<BODY>
<?php
echo '<embed src="player.swf?flashvar=',
urlencode($_SESSION['flashvar']), '"/>';
?>
</BODY>
</HTML>
This example will start a session and redirect the user to itself without needing to store any parameters in the query string. Naturally, it will only work if the user has cookies enabled.
Can you submit that parameters as POST data?
For example:
<form name="form1" action="index.php" method="POST">
<input type="hidden" name="var1" value="value1" />
<input type="hidden" name="var2" value="value2" />
</form>
Click me
When user clicks on the link, the form will be submitted to index.php with POST parameters var1 and var2. User will never see this parameters in their URL (still possible to see with various tools though).