I realise that this might be a VERY obscure question but it's driving me mad, I have 5 extra characters being inserted into the URL while navigating between the pages on my site. (eg. http://track.chhs.nsw.edu.au/UXTWP/userAccount.php?) The UXTWP is being added and I'm not sure where from but it is breaking the navigation randomly.
The site is hosted on goDaddy.
It contains HTML CSS PHP JavaScript and mySQL.
Everything was working well until I added a "fix" in PHP to stop a potential 'hack' that would use an id being passed in the URL to switch the viewed content.
I'm not sure this was the problem but that was the most recent change before the errors started occurring.
this is the site I also looked to place the code up on phpfiddle but I'm not sure what to add?
if(isset($_GET['a'])){
if(strpos($userRow['sID'], $_GET['a']) !== false) {
$_SESSION['student']=$_GET['a'];
$tempArray = db_select("SELECT * FROM student WHERE sID ='".$_SESSION['student']."'");
$studentRow = array_shift($tempArray);
$_SESSION['impactTool'] =$studentRow['impactAssToolID'];
$SName = $studentRow['sName'];
$SDOB = $studentRow['dob'];
$SFormDate = $studentRow['formDate'];
$prevInf = $studentRow['prevInfo'];
$famInf = $studentRow['famInfo'];
$contInf = $studentRow['contextInfo'];
$impactIDMsg = "?z=".$_SESSION['impactTool'];
$btnFlag = true;
}else{
header("Location:logout.php");
}
The intention is to dump the user back to the login screen via logout if they attempt to access a student's detail that doesn't belong to them.
Thanks in advance for any help provided.
Ok this time I think it is fixed!! Thank you so much #Progrock for your persistent testing and ideas.
The fix:
I have included a blank .htaccess file into the root of the site.
Now I can navigate through the different pages using the onsite navigation and the browser navigation and I can't create the error anymore.
I'm hoping that this is a permanent fix and my best guess is that it was the browser/server looking for the .htaccess file on particular triggers when not finding it looking to the server generic .htaccess file.
Hope this post helps someone in the future experiencing a similar problem.
Not an answer, but an observation:
I finally experienced the bug when using curl to view headers:
curl -I http://track.chhs.nsw.edu.au
Output:
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /TSXbZ/
Then shortly after, the same curl call resulted in the desired page without the redirect. So the bug is inconsistent, as you have said.
If I do a header location redirect in Php code. Or I use a .htaccess rule to do something similar: A return header reads something like this:
Server: Apache/2.2.22 (Foo)
The absence of an apache server header (for some of your responses) makes me suspicious that a proxy or caching layer may sit in front of your webserver and Php code.
Reading your code, I can't see any obvious reasons for the character insertions.
Notice subsequent differences with the following responses (return headers):
3:21% curl -I http://track.chhs.nsw.edu.au
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /XRjRZ/
3:23% curl -I http://track.chhs.nsw.edu.au
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /
3:24% curl -I http://track.chhs.nsw.edu.au
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /
3:24% curl -I http://track.chhs.nsw.edu.au/index.php
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /index.php
3:24% curl -I http://track.chhs.nsw.edu.au/index.php
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2016 15:24:56 GMT
Server: Apache/2.4.23
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=60d307bdc288bf1371dc5e0c8c397cdf; path=/
Vary: User-Agent
Content-Type: text/html
Have you got an esoteric .htaccess, or server config?
Related
I'm currently using Zapier to send some POST data from a TypeForm to a WordPress website to create a new user.
The POST works, I get all the variables in my script I need and a user is created.
For some reason though the POST on the zapier account or Hurl.it returns a 404 not found error. Both the domain and script are accessible and currently the only issue is that the client receives an email saying that his Zap may have an issue (because it's returning a 404). The zap test on the URL actually returns a success though.
It just seems strange that everything works but both zapier and hurl.it are returning a 404 not found error?
The request from hurl.it is:
Accept: */*
Accept-Encoding: gzip, deflate
Content-Length: 117
Content-Type: application/x-www-form-urlencoded
User-Agent: runscope/0.1
The response from hurl.it is:
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Length: 7
Content-Type: text/html; charset=UTF-8
Date: Fri, 10 Jun 2016 10:57:04 GMT
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Pragma: no-cache
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.16
Anyone any ideas how I can resolve this?
Many thanks
I resolved this a few weeks ago but thought i'd just put it here in case anyone else comes across this.
The issue seemed to be with me requiring wp-blog-header.php in the file which was watching for the $_POST data. Now i'm pretty sure this was working fine at the start but i resolved this by changing the require to just be wp-load.php instead (i only needed access to a few functions).
Like i said above everything was still working with wp-blog-header.php being included it just 404ed on the zapier side and emailed the client. Something must of gone a miss in the wp() function or the template-loader.php file to cause it.
I am having difficulty with the header function in PHP.
The call to the function is initiated on a secure HTTPS page. Every time I call the header function with http://, something somewhere is changing the protocol to HTTPS.
In my program, this example:
header("Location: http://www.google.com");
takes me to https://www.google.com instead.
My environment is IIS 7.5 Windows 2008 64-Bit
PHP 5.5.12 with Fast CGI
Is there something that I have accidentally enabled either in IIS or php.ini that would automatically force http to https?
This does not happen when launching the code from an http page, http to http works, http to https works and https to https work. However, https to http is failing.
I've been searching and most results keep reversing my question by showing me ways to force http to https. I need the opposite.
Thanks in advance for any assistance!
EDIT: Google was an example URL. Sorry.
header("Location: http://www.systronicsinc.com/");
is my actual URL that is failing. This keeps redirecting to https://www.systronicsinc.com/.
This is a raw header from Fiddler.
HTTP/1.1 303 See Other
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://www.systronicsinc.com/
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.5.12
Set-Cookie: PHPSESSID=va1hh3ff8h0buus689kf86eoc1; path=/
Date: Fri, 24 Oct 2014 17:39:34 GMT
Content-Length: 156
<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found here</body>
I find it interesting that the link in the body retained the original http protocol as initially set, but the Location field in the header is modifying it to https. I've been hunting through IIS and my php.ini file. I cannot see anything that would dictate this behavior. Maybe this additional information will spark a thought with someone. Thanks!
Google uses SSL, so https://, for it's websites.
See: https://support.google.com/websearch/answer/173733?hl=en
and: https://www.seroundtable.com/google-ssl-drops-query-data-14188.html
No, Google redirects you to a secure page.
They probably use a function that does something like my https function. Feel free to use.
function https(){
$sv = $_SERVER;
if(!isset($sv['HTTPS'])){
header("LOCATION:https://{$sv['SERVER_NAME']}{$sv['PHP_SELF']}"); die;
}
}
function http(){
$sv = $_SERVER;
if(isset($sv['HTTPS'])){
unset($_SERVER['HTTPS']);
header("LOCATION:http://{$sv['SERVER_NAME']}{$sv['PHP_SELF']}"); die;
}
}
I am creating a soap server in codeigniter using php native soap server class.
The soap server is working great but I have a problem with the codeiginter session cookie. The session cookie is being sent with every response from the soap server. I need the session cookie for other parts of the application excluding the soap server.
Is there a way I can disable the session cookie just for the soap server which is a controller in the application?
I have searched stackoverflow and other website for information but have not found anything useful.
It may be I am missing something obvious.
Please point me in the right direction.
Edit:
this is the http response for the soap request:
HTTP/1.1 200 OK
Date: Fri, 10 Jan 2014 07:05:56 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.3.3
X-Powered-By: PHP/5.3.3
Set-Cookie: fgdstagecookie=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22076ceb992c6dff61e46d04d0c3d73d03%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22116.90.236.34%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A34%3A%22Apache-HttpClient%2F4.1.1+%28java+1.5%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1389337556%3B%7D7e8bb59c2753934d5a6265ab7964064c; path=/
Content-Length: 382
Cache-Control: no-store, no-cache, must-revalidate, private, max-age=0
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Connection: close
Content-Type: text/xml; charset=utf-8
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><ns2:responseType xmlns:ns2="http://tempuri.org/response"><code>4</code><message>transaction does not exist or is not available</message><responseBody><responseStr>4</responseStr></responseBody></ns2:responseType></SOAP-ENV:Body></SOAP-ENV:Envelope>
The part I want to remove is the Set-Cookie part.
Before returning the response or request use the header_remove(); function
Reference
http://www.php.net/manual/en/function.header-remove.php
<?php
header("X-Foo: Bar");
header("X-Bar: Baz");
//remove specific header
header_remove("X-Foo");
//remove all headers
header_remove();
?>
I've noticed my sites are not ranking as well as they did before and when I checked Webmaster tools I see that gooblebot cannot crawl pages that I can perfectly crawl with my browser and I'm getting an 500 error.
The websites are not WordPress and use PHP.
What can be causing this problem?
This is the actual error in WMT
HTTP/1.1 500 Internal Server Error
Date: Tue, 06 Nov 2012 21:04:38 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=blkss9toirna36p2mjl44htv01; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3840
Connection: close
Content-Type: text/html
You may be blocking Googlebot with .htaccess, robots.txt or by some other means (maybe firewall settings?)
a. this is not good
b. you should use WMT to get Crawl stats/Crawl Error reports and use these to get better understanding of this issue (at what URLs / How Often does this occur...)
Also, try to look at your last Google Cache date (direct search the domain and click on the Cache link in the preview window)
This may be temporary, downtime related issue that will solve itself or a site wide blocking rule that you'll need to change.
GL
If you're still having a problem with googlebot receiving a 500 error code, I suggest you register with Google Webmaster Tools not Analytics. If you choose Health then Fetch As Google. You should get what the googlebot receives and see what the error is.
I had the same problem and discovered that it was one of the plugins that was causing this. Basically I disabled every plugin and then re-enabled one, tested, re-enabled the next .......
Took about 1 hour to find the culprit but now all is good
The script I used fetched a file from
https://www.dropbox.com/browse_plain/$REMOTEDIR?no_js=true
which now returns:
HTTP/1.1 302 FOUND
Server: nginx/0.7.63
Date: Mon, 24 May 2010 17:02:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
location: /home
pragma: no-cache
cache-control: no-cache
Found
<h1>Found</h1>
<p>The resource was found at /home;
you should be redirected
automatically.
<hr noshade>
<div align="right">WSGI Server</div>
Whereas the script has a method to parse a div from the source.
Can anyone confirm whether or not they have this issue with file fetching scripts? If not what method(s) are you using since there's no official API?
The script you are using is not respecting redirects. Generally browsers will see the location: /home header and make another request to that URL.