So I need a Buffer (Tampon) page between two pages. The first page contains an form that redirects you to a second page that sends out an email then redirects you back to the first page. I do have a Buffer page between them but it does not do what is supposed to do. I need to redirect to the buffer page as soon as I hit the POST button from the first page in order to disable it's functionality. So when I hit the button I want to be redirected to the buffer page witch will say Processing Request and then redirect to the second page. At the moment it does that but the buffer page is not displayed.
First page
<form method="POST" action="buffer.php">
<input text id='met' />
<input text id='myval' />
</form>
Buffer page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
</head>
<body>
Wait for redirect
</body>
<?php
$method=$_POST['met'];
$value=$_POST['myval'];
header('location:2ndpage.php?met='.$method.'&myval='.$value.'');
exit;
?>
</html>
Second Page
<?php
$method=$_GET['met'];
$value=$_GET['myval'];
mail('Send mail based on method and value');
header('location:2ndpage.php');
?>
Related
Here are the two pages, the 1st has a checkbox and submit button, the 2nd is php code to examine whether the checkbox was checked. But instead of getting a yes or a no answer I get absolutely nothing, just a blank page.
1st page:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<body>
<form name="input" action="submit.html" method="GET">
cb1<input type="checkbox" name="cb1" value="cb1">
<input type="submit" value="Submit">
</form>
</body>
</html>
2nd page:
<?php
if isset($_GET['cb1']) {
echo 'Checkbox set';
}
else
{
echo 'Checkbox is not set';
}
?>
There is a mistake in your PHP-Code - you should enable "error_reporting" and "display_errors"!
The if Statement should be like this:
if(isset($_GET['cb1'])) {
Edit: Also the Submit-Page should be an PHP-File
You seem to be submitting to an html page ("submit.html"). Unless you do some url rewritting, that should be a php page.
Take a look at this <form name="input" action="submit.html" method="GET">. When you click submit button, then all the data will be send to submit.html. It's impossible to run php script with html extension.
Create the second file as a php file, instead of creating it as .html, create it as submit.php. Then it will work
Consider the following situation. User submits a form which contains a file input field. Then, after processing the upload, server redirects browser to the address containing #hash-part. If the browser is IE7/8, it will discard the part after hash mark (including the # itself). Moreover, it will do this irrespective of whether actual file upload took place or user just left the file field empty. The following code illustrates it.
<? if (isset($_POST['sent'])) {
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
die();
}
?><!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test</title>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="sent" value="1" />
<input type="file" name="test" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
After form is submitted, IE 7/8 shows the same address in the address bar as before while other browsers (and IE 9/10) get properly redirected to the index.php#test. When the file input is replaced with text input, the problem is gone.
Is it a bug or some kind of security measure? Is there a workaround?
I ended up using double redirect on IE 7/8. I replaced
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
with
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match('/(^|[^a-zA-Z])(MSIE|msie) [678]($|[^\d])/', $_SERVER['HTTP_USER_AGENT'])) // If IE 6, 7 or 8
header("Location: redirect.php?to=" . urlencode(basename($_SERVER['PHP_SELF']) . "#test"));
else // For sane browsers
header("Location: " . basename($_SERVER['PHP_SELF']) . "#test");
and created a simple redirection script redirect.php:
<? if (isset($_GET['to']))
header('Location: ' . $_GET['to']);
Thats an odditiy of internet explroer I had to deal with when implementing an oauth flow with javascript.
It appears that it is possible to work around the problem by placing a trailing slash directly in front of the hashtag. so instead of file.php#werewwer make file.php/#werwer
However I do not know why... I think its a bug.
The hashtag is intendeed to never be trasmitted to the server. It is client side only. I think IE just removes it early...
Another possibility is to use a meta redirect instead of a header redirect. That seems to work. You can also append to the url using javascript... Dont know whether this is suitable in your use case.
I'm currently working on a site that has a log-in (username and password) - The password protection is done by the operating system within the web server at folder level called a Realm within the OS. For now this will have to do, until we figure out a proper PHP log in system.
The code below, is based on a previous question on the stack overflow.
I'm using 3 files (See code snippets at the bottom).
The process is:
- Click Log In button on index.php
- Enter username and password to access authenticate index file.
- Click log out button, which references the logout.php file - it SHOULD clear the cache and return the user to the top level index.
It doesn't 'destroy the session' in the sense that you're not asked to re-enter the password when prompted to, which is essentially what I want to happen.
My minimal knowledge of php leaves me a little bit stumped here.
index.php (top level file with log in button)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Test</title>
</head>
<body>
Log In Btn
</body>
</html>
authenticate/index.php (This folder is password protected - contains the index file with the log out button which links to the logout.php file)
<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Log out</title>
</head>
<body>
Log Out Btn
</body>
</html>
authenticate/logout.php
<?php
session_start(); //to ensure you are using same session
session_destroy(); //destroy the session
header("location:/index.php"); //to redirect back to "index.php" after logging out
exit();
?>
The folder being password protected has nothing to do with PHP!
The method being used is called "Basic Authentication". There are no cross-browser ways to "logout" from it, except to ask the user to close and then open their browser...
Here's how you you could do it in PHP instead (fully remove your Apache basic auth in .htaccess or wherever it is first):
login.php:
<?php
session_start();
//change 'valid_username' and 'valid_password' to your desired "correct" username and password
if (! empty($_POST) && $_POST['user'] === 'valid_username' && $_POST['pass'] === 'valid_password')
{
$_SESSION['logged_in'] = true;
header('Location: /index.php');
}
else
{
?>
<form method="POST">
Username: <input name="user" type="text"><br>
Password: <input name="pass" type="text"><br><br>
<input type="submit" value="submit">
</form>
<?php
}
index.php
<?php
session_start();
if (! empty($_SESSION['logged_in']))
{
?>
<p>here is my super-secret content</p>
<a href='logout.php'>Click here to log out</a>
<?php
}
else
{
echo 'You are not logged in. Click here to log in.';
}
logout.php:
<?php
session_start();
session_destroy();
echo 'You have been logged out. Go back';
Obviously this is a very basic implementation. You'd expect the usernames and passwords to be in a database, not as a hardcoded comparison. I'm just trying to give you an idea of how to do the session thing.
Hope this helps you understand what's going on.
First give the link of logout.php page in that logout button.In that page make the code which is given below:
Here is the code:
<?php
session_start();
session_destroy();
?>
When the session has started, the session for the last/current user has been started, so don't need to declare the username. It will be deleted automatically by the session_destroy method.
if(isset($_GET['logout'])) {
session_destroy();
unset($_SESSION['username']);
header('location:login.php');
}
The if block of the Global array $_GET check if the logout var is set in the url
Then, the session destroy function is called
And then, the global session array value username is removed/deleted the header function will redirect you back to login page
if(isset($_POST['logoutButtonName'])) {
session_destroy();
unset($_SESSION['nameOfSessionToBeDestroyed']);
header('location:login.php');
}
Header should then redirect you to your desired page
If you can get this simple SESSION VARIABLES example to work, I'll hug you!
I can't get Session Variables to work at all on my site. I'm running php5, on Windows 7, using Chrome browser.
Here's the send page:
<?php
session_start();
$red='red';
$blue='blue';
$green='green';
$SESSVARS=array($red,$blue,$green);
$_SESSION['USERVARS']= $SESSVARS;
?>
<p>Set Sessionvars</p>
<form action="SessVarCheck.php" method="post">
<input name="Submit" type="submit">
</form>
Here's the result page:
<?php
session_start();
echo "val 1:".$_SESSION['USERVARS'][0];
echo "val 2:". $_SESSION['USERVARS'][1];
echo "val 3:". $_SESSION['USERVARS'][2];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SessVarCheck.php</title>
</head>
<body>
The Result page
</body>
</html>
I get empty on all three echos.
Any ideas would be welcome!
Make sure that the call to session_start() happens before any page contents are output, on both pages. (See "Note" section here)
(I assume you may already know about this, but given that I don't see a "<html>" on the send page I thought there might be more to that script. Also, I don't know how sensitive this requirement is - just the spaces before the php tag might be enough to be a problem.)
Try a few things:
1) do a var_dump($_SESSION) on your results page, to see what the raw contents of the session are
2) Verify that the sessions are working correctly. Add echo "SessionID: " . session_id(); to both scripts, somewhere AFTER the session_start() calls. If you don't get the same session ID on each page, you're getting a new session each time and it's most likely a cookie problem.
I know this in old issue but I can't figure out the best practices for dealing with the back button.
I'm writing a web application with lots of data movement between the browser and the backend server. I currently use post and of course when the user bypasses the application navigation and uses the back button both IE and Firefox popup messages asking the user if they want to resend the data.
I tried "get" and aside from all the data being displayed within the URL, IE8 still generates a message.
Additionally I can't really identify when the post causes a message and when it doesn't, since I have test cases posting data where the back button does not cause a message.
My environment is JavaScript, PHP and MySQL.
Any help or pointer to a research location is greatly appreciated.
Edited:
I wrote 3 little pages to test posting a->b->c->a and they don't cause any postdata messages. I don't know why:
A
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>test post A</title>
</head>
<body>
<h1>testPostA.php</h1>
<h3>Came from <?php print (isset($_POST['data'])?$_POST['data']:"NoWhere"); ?></h3>
<form action="testPostB.php" method="post">
<input name="data" type="text" value="from testPostA.php" />
<input type="Submit" value="Submit To: testPostB.php" />
</form>
</body>
</html>
B
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>test post B</title>
</head>
<body>
<h1>testPostB.php</h1>
<h3>Came from <?php print (isset($_POST['data'])?$_POST['data']:"No where"); ?></h3>
<form action="testPostC.php" method="post">
<input name="data" type="text" value="from testPostB.php" />
<input type="Submit" value="Submit To: testPostC.php" />
</form>
</body>
</html>
C
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>test post C</title>
</head>
<body>
<h1>testPostC.php</h1>
<h3>Came from <?php print (isset($_POST['data'])?$_POST['data']:"No where"); ?></h3>
<form action="testPostA.php" method="post">
<input name="data" type="text" value="from testPostC.php" />
<input type="Submit" value="Submit To: testPostA.php" />
</form>
</body>
</html>
The Post/Redirect/Get pattern will prevent the re-POST warning. However, you still have to take care that your application can handle/reject duplicate form submissions and the like.
Edit 1
For an application that's heavy on Javascript, I've also seen some design patterns that leverage the browser history and fragment identifiers to provide a more seamless integration with the back button, bookmarking, etc.
Edit 2
Regarding the addendum to your question, it's hard to say. It could be that the in some cases the browser has the page cached and doesn't need to resubmit the POST to render the page again. You could play around with various ways of disabling browser caching on these requests to see if you can make the behavior more predictable (i.e. always cause the resubmit warning). At any rate, I think web applications that follow the Post/Redirect/Get pattern are slightly more user-friendly, but your mileage may vary.
Another thing to keep in mind is that you can use method="get" on forms that are performing queries, generating reports, etc. Sometimes GET is a better option in those read-only scenarios because it makes your URL scheme richer and avoids these sort of POST warnings.
You could use ajax to post your data, then when the response comes back, redirect them to whatever page you'd like.
The user prompt to re-submit data is displayed when the page that they are trying to navigate to was first navigated to from a POST form submission. If you do any sort of AJAX POST'ing, the re-submit prompt will not be displayed if the user navigates back or forward to it.
To avoid ever getting this prompt, you could just use AJAX, or POST and then redirect. However, this is the behavior of a great many web applications (Amazon's cart, for example). I'm not fully aware of the context or behavior of your application, but I'm not fully convinced that this is a problem that you need to worry about, especially if you're not allowing duplicate data.