POST Method not working in form submission? - php

I've set up a product enquiry page so that people can submit questions straight from the product details page.
I'd like to post some variables from the product details page to the enquiry page, but when I use the POST method it does not work (I'm re-directed to a search page). I assume this is a security measure and is being controlled by auth.php (or a file referenced from there).It works fine when I use GET, but i want to avoid the variables in URL.
My page looks like this
Code:
require "./auth.php";
require $xcart_dir."/include/categories.php";
require "products.php";
$smarty->assign("main","productenquiry");
func_display("customer/home.tpl", $smarty);

afaics, it's a restriction posed from your web server administrator..imho, it has nothing to do with auth.php
A friend of mine had a similar issue and after much exercise we came to know upon contacting that the web administrators had done something which was causing the issue and on our request the same was resolved and we were able to use POST method..
So, you may try to contact your web server administrator to resolve the same..

The very first thing you should do is make sure that $_POST actually works.
To do that, create a basic form, then submit it to a php file that contains just <?php var_dump($_POST);. This will show you exactly what is being passed through.
Break the problem into small steps.

Related

How to disable browser back history for a specific route in php? [duplicate]

I am working on a my site to allow users to take test so they can see how much they know of a particular subject. I am running into a little problem though. Once a user submits the test for grading, how do I prevent them from going back to the test page? I am on a Mac with Safari running and when I click the back button in my web browser after I submit the test it leaves all of the answers I answered filled out. I want it do this: When a user submits a test and they click the back button in their web browser it redirects them to the main test page.
I am using PHP and MYSQL. I even have the test pages setup so that the user must come from a certain url (I am using HTTP_REFERER) and I have tried other stuff such as sessions but I cannot seem to figure this out. Any help is greatly appreciated.
You don't stop them.
Instead change your application so that it still works even if they go back. You can embed a unique number in a hidden field on the page and if they resubmit the same test twice you can detect it and display an appropriate error message. You should also think about what should happen if they modify the unique number.
If you don't want people to post different answers once they have already answered, all you have to do is check, in the script that accepts the test for grading, that the user has never submitted the test before. If you don't, a clever student will always be able to to circumvent your protection by sending an appropriate request directly to that script.
If you don't want people to see previous answers (for instance, if you have two people grade their tests on the same computer), consider using AJAX on the test page to submit the answers and then erase them from the fields. This way, most browsers will not remember the answers and the back button will not un-erase data that was erased by JavaScript.
At the top of the grade page, put the following:
session_start();
$_SESSION['testcomplete'] = 'yes';
Then at the top of each page of the test, put this:
session_start()
if ($_SESSION['testcomplete'] == 'yes') {
header("Location:cheater.php");
}
You could simulate there being no page to go back to. From one page, generate each test page using jQuery, and provide no way to go back, only forward. The back button would take them to the page before they ever launched the test, and you could allow them to launch the test again and generate the right part where they should be. This would be pretty easy, if you haven't gone too far in development the current way.
You could run javascript that clears out all the answers. You might also just allow one submission so that subsequent submissions don't get processed. HTTP_REFERER is usually sent, but can be spoofed and forged by an altered browser.
On the top of the script POST-ing the answers, do a check whether you have the test results in the database for the current user for this test. If you do, redirect to results.
if(get_test_results($user)){
$test_url = get_test_url($user);
header( "Location: $test_url" ) ;
}
Disabling the back button is not a good idea.
I was facing a similar problem making an online examination myself
what I did is
I provided a session variable such that if the user pastes the previous page's URL in the address bar then on loading the page the page is automatically forwards to the next desired page. Whether the page whose URL was mentioned is the being visited the first time or being revisited is determined by the value of the session variable
If the user instead of loading the page does a go back via the browser button the it automatically redirects to the next page in history as :
javascript:window.history.forward(1);
Hope this helps :)
http://www.htmlgoodies.com/tutorials/buttons/article.php/3478911/Disabling-the-Back-Button.htm you should be able to do it in javascript.

PHP Form POST automated. Your ideas?

This isn't a real code problem but more a where and how to start problem.
So I hope you can give me some creative ideas, examples or share your thoughts !
After login in to a website, I can change my product details, this is done by HTTP POST forms.
Because we have over 1000 products I somehow want to customise / easyify.
My idea was, make a PHP form on my own server which submits to the supplier url(s).
However when doing this, it forwards us to the customer login.
If I temper my submitted data in firefox, I see this is because after login a cookie is been set and obvious our system does not have this.
Anyone an idea how to automate this process ? In other words, how can I set this cookie in my php form in order to submit it succesfully.
Or Im I thinking about the wrong solution ?!
You cannot post to another server unless you use cURL or something like that. Maybe I am not understanding your question.

Get the form details after being redirected to paypal page

I want to get the details form the paypal form. I redirect my clients to this form after they select a certain amount. Can i get the details of the form below?
I am not sure. Since paypal is asking for the creditcard number and all that, for security purposes it should not allow to get this form data. But again, just wondering, is it possible?
Short answer: no.
Certainly not using PHP (going by your tags here), which is server side, and this would be a javascript hack. The way that immediately leapt to mind would be to invoke Javascript in a child iframe that contained the Paypal form, but there are two immediately apparent problems with that:
I doubt Paypal would allow that page to be opened in an iframe
You can't invoke javascript in an iframe if the page in that frame is not on the same domain as the calling page.
The best way I can think of to achieve this would be to make a Greasemonkey/Chrome/whatever extension using javascript to fish the data and send it off, but then there's this: No-one will willingly install something that they know to steal credit card information on their computer. Why on earth do you want to do this?
On a related, though unhelpful note, if you are interested in trying this for a purpose that is less illegal and immoral, one thing you might want to look at is this. It shows how to do cross-domain communication using frames if you have permission to write javascript on both pages (or have found an unsanitised field to inject it with)...

Display form confirmation message in the same page: best practice

I've seen this behaviour in many websites and web applications but I'm not able to find a "clean and standard" way to reproduce it: the user fills in the form, submits it and then, after a successful validation, the form is reloaded with a message on top saying something like "The item has been saved". No problems so far, what I can't understand is how they keep displaying the confirmation message if that specific page is reloaded, but when the user goes to another page and then returns to the original one (the one containing the form) the message is not there anymore. There seems to be no get or post data, so I'm assuming session variables or cookies are used instead, but how do they know when to keep and when to unset them? Or maybe I'm wrong and there is some other way... help me, please!
My guess would be that they used a session variable which unsets itself the moment that page is accessed. So if they try to access it again, they are simply redirected.
Maybe the page with the form doesn't have any "unset" session variable but the others do ?

How to stop someone from going back to previous page?

I am working on a my site to allow users to take test so they can see how much they know of a particular subject. I am running into a little problem though. Once a user submits the test for grading, how do I prevent them from going back to the test page? I am on a Mac with Safari running and when I click the back button in my web browser after I submit the test it leaves all of the answers I answered filled out. I want it do this: When a user submits a test and they click the back button in their web browser it redirects them to the main test page.
I am using PHP and MYSQL. I even have the test pages setup so that the user must come from a certain url (I am using HTTP_REFERER) and I have tried other stuff such as sessions but I cannot seem to figure this out. Any help is greatly appreciated.
You don't stop them.
Instead change your application so that it still works even if they go back. You can embed a unique number in a hidden field on the page and if they resubmit the same test twice you can detect it and display an appropriate error message. You should also think about what should happen if they modify the unique number.
If you don't want people to post different answers once they have already answered, all you have to do is check, in the script that accepts the test for grading, that the user has never submitted the test before. If you don't, a clever student will always be able to to circumvent your protection by sending an appropriate request directly to that script.
If you don't want people to see previous answers (for instance, if you have two people grade their tests on the same computer), consider using AJAX on the test page to submit the answers and then erase them from the fields. This way, most browsers will not remember the answers and the back button will not un-erase data that was erased by JavaScript.
At the top of the grade page, put the following:
session_start();
$_SESSION['testcomplete'] = 'yes';
Then at the top of each page of the test, put this:
session_start()
if ($_SESSION['testcomplete'] == 'yes') {
header("Location:cheater.php");
}
You could simulate there being no page to go back to. From one page, generate each test page using jQuery, and provide no way to go back, only forward. The back button would take them to the page before they ever launched the test, and you could allow them to launch the test again and generate the right part where they should be. This would be pretty easy, if you haven't gone too far in development the current way.
You could run javascript that clears out all the answers. You might also just allow one submission so that subsequent submissions don't get processed. HTTP_REFERER is usually sent, but can be spoofed and forged by an altered browser.
On the top of the script POST-ing the answers, do a check whether you have the test results in the database for the current user for this test. If you do, redirect to results.
if(get_test_results($user)){
$test_url = get_test_url($user);
header( "Location: $test_url" ) ;
}
Disabling the back button is not a good idea.
I was facing a similar problem making an online examination myself
what I did is
I provided a session variable such that if the user pastes the previous page's URL in the address bar then on loading the page the page is automatically forwards to the next desired page. Whether the page whose URL was mentioned is the being visited the first time or being revisited is determined by the value of the session variable
If the user instead of loading the page does a go back via the browser button the it automatically redirects to the next page in history as :
javascript:window.history.forward(1);
Hope this helps :)
http://www.htmlgoodies.com/tutorials/buttons/article.php/3478911/Disabling-the-Back-Button.htm you should be able to do it in javascript.

Categories