I've got to make friendly URLS work (settings + .htaccess). So, rather than getting /member.html I want to get /member.
When I try to use my PHP forms (that have worked elsewhere) they don't work here.
The form method is POST
I've tried various URLS like /, /index.php, /?id=1 and the long URL.
I've tried all sorts of POST checks like:
if($_SERVER["REQUEST_METHOD"] == "POST"){
echo "2 server request<br/>";
}
if (isset($_POST['submitButton'])){
echo "3 post submitButton is set<br/>";
}
if ($_POST['submitButton']){
echo "4 post submitButton<br/>";
}
... none of these return. So the page doesn't recognize the POST header.
This leads me to suspect that the friendly URLs is the culprit. Either that or some security setting that prevents POST traffic.
This one for you can using if and else if statement. Otherwise use the all if statements you must create a else statement.
If user request to outer query request, PHP go to the else statement.
So you need a new layout.
I seem to have fixed the problem.
I installed FormIt add on.
I don't think i'm using the FormIt functionality as such but by simply adding [[FormIt]] to the page - it is operating as expected now.
It seems that POST doesn't work unless you add the addon
Related
I have a site with a normal admin and a super admin, both share some functions. A new function I am introducing is a admin serial activation. This is already implemented in normal admin and now I am trying to add same code to super-admin. If you are in normal admin or super admin you would click the serial to activate and move on to activate2.php to activate. All works well and good unless you change your mind about activating serial, in which case you would click 'back' or a 'cancel' button to return to previous screen. I currently check what the previous page was using php:
$ref = $_SERVER['HTTP_REFERER'];
The idea is to show a different return url on 'back' link and the 'cancel' button depending on if the previous page was 'super-admin-serials.php' or just 'admin-serials.php'. I tried to match 'super-admin-serials.php' in $_SERVER['HTTP_REFERER'] to deduce what the previous page was and allow the user to go back to his previous page. But the code I have put together does not work, so if anyone out there can help with this simple function it would be much appreciated. Here is the code I have so far on the independent 'activate2.php' page to cancel and return to previous:
$superpage=array('super-admin-serials.php');
$ref = $_SERVER['HTTP_REFERER'];
if (in_array($ref, $superpage)) {
echo "back (super admin)";
} else {
echo "back (normal admin)" ;
}
The HTTP referer may not just contain the name of the script it comes to, it usually includes a fully qualified URL such as http://example.com/foo/your-script.php.
Instead of observing the HTTP referer (which will be lost if they refresh the page), I suggest that you pass an argument from the first page to the second to determine where they came from, and send them back where you need.
Transparently the user will be accessing either of:
activate2.php?super=1
activate2.php
Then the following code will do what you want:
$isSuper = !empty($_GET['super']);
if ($isSuper) {
echo "back (super admin)";
} else {
echo "back (normal admin)" ;
}
I understand you have some kind of sign in feature and you cannot be logged in simultaneously with two different users (if that's not the case, just make sure you aren't running an insecure site that can be easily hacked). In that case you should already have that information on the server so it's both unnecessary and unreliable to gather it from client-side. So code would look like this:
if ($_SESSION['is_super']) {
echo 'back (super admin)';
} else {
echo 'back (normal admin)';
}
(Please note I've also removed double quotes, which served no other purpose than making code harder to write and read.)
In any case, you must be aware that HTTP_REFERER:
Will get lost if you add extra steps (e.g. show form errors to get them corrected)
May not be there at all (some proxies and security programs strip it)
Will often include extra stuff that make a simple string comparison fail, like GET parameters (and it's of course a full URL)
If you opt for it anyway you may want to have a look at parse_url() as starting point.
I do not care about people viewing my source code, however, I want Bots to avoid coming on to my site and getting through my security. I was hoping to disable page source viewing. To do this, I am using this code:
$url= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$needle = "view-source:";
if (strpos($url,$needle)) { echo "You can not see me";}
else {
//The rest of my index page
}
The objective here is that if someone tries to view my page source or if a bot tries to, that rather than being able to see it, the code will detect that the page URL is view-source:www.yoururl.com and will display a "Nice try" message in the source instead of the page source. The code above in theory should have worked, but didn't. Any other idea's to try and make this work?
This cannot be done, the HTML source code is passed to whoever requests it. You should probably redesign your captcha, as it is not secure from how you described it. Use session variables to store the data and to check against the submitted value on the form processor script.
you could use mod_rewrite and a permanent 301 redirect in your .htaccess to hide the ?captcha=xxxx part of your url, if it is your sole concern.
I'm not sure what the issue is, but my guess is that the $_GET variable won't read my ajax URL correctly, because of my deep linking plugin.
The final URL looks something like:
/dashboard.php#/projectSetup.php?mode=edit&getJobNumber=2012-30
HERE is my PHP:
$getJobNumber = $_GET['getJobNumber'];
$mode = $_GET["mode"];
When I echo $mode or $getJobNumber I am not getting a result. I believe the issue has to do with the format of the URL. Notice the 2 .php files and the # in the middle.
Please let me know if anyone knows of a work around.
You're exactly right. Anything following the # in a url is considered the "document fragment", and is not sent to the server.
Do a "find" for "fragment" in The URL RFC and you'll quickly see how using # in your urls for anything else is not compatible with the internet, in general.
I've developed an application, using LAMP, and everything works fine, after migrating over to IIS, some pages don't work correctly.
I have a service_edit.php, which carries over URL parameters from the previous page, e.g.:
service_edit.php?id=5&serv=22
After updating the record, the following variable should redirect the browser to:
$updateGoTo = "freelancer_details.php?id=" . $row_rsFreeLancer['freeid'] . "";
But the browser produces a HTTP 500 error with service_edit.php?id=5&serv=22 in the address bar.
If I use:
$updateGoTo = "freelancer_list.php;
Everything works fine.
Does anyone know what I'm doing wrong, or if there is a setting in IIS to get this to work?
EDIT
OK, getting a bit closer to the problem now...
I've found that on my LAMP server, after the record has been updated, the page goes back to the freelancer_details.php page, with the correct details displayed, however, the parameters from the previous page are carried over too.
The URL, instead of displaying:
freelancer_details.php?id=5
displays:
freelancer_details.php?id=&id=5&serv=22
How do I remove the URL parameters from the previous page, so the URL displays correctly, and therefore work on the IIS server?
I can't say specifically what the problem is from what you have here (it's hard to understand what you're saying without seeing the rest of the script), but I can almost guarantee that IIS isn't the problem. Most likely there is some confusion with the page you are trying to forward to - either it's not there, or not being forwarded properly.
Try doing this:
$updateGoTo = "freelancer_details.php?id=" . $row_rsFreeLancer['freeid'] . "";
echo("<a href='".$updateGoTo."'>Click Me</a>");
and try clicking. That will tell you if there is truly a page at that URL, or if it's off.
Also, how are you forwarding to the next page? Are you using header() or something else?
Edit
Hi,
What this means ?id=&id=5 is that instead of having $_GET['id'] available as 5, it will be an array with two values, one of which will be blank, and the other will be 5.
You need to figure out why the id is being added twice and fix that. Without code, I can't tell you much else.
If it is a DEV box, go in the IIS and/or IE and remove the "Friendly http error" that way, you should get a more verbose error message.
I have a quick question i hope you guys can answer, i've got a search system that uses POST to do searches, now i want to track queries using Google Analytics but it requires using GET url parameters to pull parameters out the URL, what i don't want to do is rewrite the entire search system to use GET instead of POST. Is there any way around this? I was thinking maybe i can make a GET call to a new page from the page that recieves the search POSTs, but i don't want it to redirect, i merely want it to "hit" the url without actually redirecting?
Is this possible?
Any other solutions would also be appreciated.
Thanks for the help
You can specify an abritrary URL when you add your GA code. For example, all our different checkout pages go through validate.php, so this is the URL that the person would see, however, we put in some extra code to give a specific tracking URL to google.
For example:-
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-XXXXX-1");
pageTracker._setDomainName("example.com");
pageTracker._trackPageview("/checkout/login/");
} catch(err) {}
</script>
Would make google track this as being /checkout/login/ even though the page in the browser actually shows /validate.php
You can output (as we do) this page variable from different PHP variables
$searchterm = $_POST['search'];
echo 'pageTracker._trackPageview("/search/' . urlencode($searchterm) . '");';
Sure, use the apache mod_rewrite module to create a fancy, seo friendly url and pass the user keywords in the url.
Something like "www.yoursite.com/search/what+a+user+searches+for/"
In a .htaccess file you create a rule
RewriteRule ^search/(.*)/$ /search.php?keywords=$1
You're orignal script keeps working with your postvalues and you provide an URL with GET variables. With explode("+", $_GET["keywords"]) you can extract the searchvalues.
With the array $_REQUEST you can access all request parameters GET and POST.
The only way you will be able to do this, is re-set the forms method to GET and just changed the $_POST requests to $_GET
Thats not such a huge change?
You should be able to do that with HTTPRequest:
http://php.net/manual/en/class.httprequest.php
You can just alter your Google Analytics code - see Tracking Custom Variables