I'm trying to figure out if I can do the following:
User submits form to script via jquery post
Depending on what was processed, script may or may not return errors
If the script did not process any errors (i.e. SUCCESS), I want to redirect to a SUCCESS page
I know it's possible to redirect the browser via javascript, but I'm worried if some users have javascript disabled the entire flow might get messed up.
Thanks in advance.
As you want to evaluate the form (currently) with jQuery, you can safely assume that, when the form is evaluated, JavaScript is available.
For those without JavaScript, you should add some server side routine, that does the job. And then you can use a redirect via HTTP header, or a <meta> redirect.
To keep both ways working, hard code the server side routine into the code, and replace it via jQuery when the page is loaded. JavaScript users will execute the jQuery replacement and get the jQuery evaluation; other's will just stay with the normal version.
Related
I have previously used PHP CURL to submit web forms by using the post URL.
I'm trying to automate the process of logging into a website, I can't change server side code.
The submit button on the HTML form uses the action of javaScript:submitForm() how can I submit information to this form using PHP.
Is CURL still an option?
Thanks!
You'll need to find the function declaration for submitForm and see where it is posting to. Then you can use php and curl to submit.
Edit:
Since the submitForm function doesn't change the form action, you can still use the action in the form tag.
Regardless of how client-side code is crafting the form submit, it still needs to send an HTTP request to the server. If you can do this manually by interacting with the site in question, then capture that request using browser debugging tools (FireBug, Chrome dev tools, etc.). That should have all of the information needed to craft a custom request of your own.
Note, however, that the website in question might have measures in place to prevent something like this. Especially if they're using a framework that handles the form posts for them (such as ASP.NET WebForms or anything like that). They may be emitting a form field to the page which contains a one-time-use token to be validated in the subsequent form submit request. If that's the case, any time you want to craft an automated form submit you'll first need to craft an automated request to parse out that token so you can use it in your submit.
If they take even more involved measures to prevent what you're doing, then you're going to have more of an uphill battle automating it.
I'm preparing my paypal system and have a separate page that forwards the user to paypal. This page currently creates a form with all the needed hidden fields and then submits itself using
<body onload="form1.submit()">
However, when Javascript is not activated, the user gets stuck at this page.
What other method could I possibly use directly in PHP to solve this problem?
Just do the relevant request in PHP, for example using the curl binding.
PHP uses the header() directive, in which you can forward someone to another url. Not sure about your other information. If PayPal allows that to be sent in the GET string, this could work for you. If it has to be POST, then you're probably out of luck.
Or, you can use the cURL library if PayPal returns a url for you to forward the user to.
Another option may be to allow the user to physically click the submit button for the form, and use JS to hide the form itself or something.
PHP runs on your server, so without an intermediate language (like JavaScript), you are out of luck.
When you view a PHP page, the PHP engine runs the code, gets the output, and serves a plain ol' HTML page to the user. The user never interacts directly with the PHP code, only with the output.
As indicated before, you can fall back on a header() redirect with GET parameters.
header('Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=youremail#example.com&amount=1¤cy_code=USD');
Just append the URL with any parameters you need in name=value pair format, a list of which you can find here: https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_Appx_websitestandard_htmlvariables
Why not just provide a more manual solution for users with Javascript disabled?
E.g. if the user has Javascript disabled, just show a submit button where they can manually move themselves along to PayPal?
Presumably, users with Javascript disabled are somewhat accustomed to a lower quality of service across the web.
So I am very new to this concept.
So why not go headfirst :) Some things I don't understand;
What happens if js is disabled?
If using mysql databases (ie; checking forms and such) why not just use php?
To confirm what others have said, disabling Javascript will also disable the AJAX call. After all, AJAX stands for "Asynchronous Javascript and XML".
To address why you can't just use PHP, there are some things that just can't be done without it. PHP is great to load the page with the initial information, but after the page is loaded, it actually requires the page to be reloaded to load something else. AJAX allows you to get around this hassle.
For your example of form validation, AJAX can be used to validate the information while the person is filling it out. Otherwise, you are required to reload the page each time someone fills out another field in the form.
Another example is from a project that I have worked on. The form required a zip code and would load the appropriate city and county based on the inputted zip. Using strict PHP, I would need the client to download the entire zip table embedded in the HTML/JS (which would add another 100k at least to the download).
Using AJAX, I can get around this. The user can input the zip code, which triggers an AJAX call that downloads the few rows that I need (this will be less than a few hundred bytes, for comparison).
[Edit:] Also, a tip because you said that you were new to AJAX. If your dealing with some form of authentication (logging in, etc.), remember to validate the user on the AJAX pages themselves. Otherwise, tricky users will be able to access sensitive information for your database.
Ajax just adds to the user experience and allows a web application to feel more like a desktop application to users. So they can delete a record and stay on the same page without reloading, you just let the record disappear.
And remember to validate on the server-side, even if you validate on client-side. Your weakest at your client-side as someone can easily just submit the values straight to your script so ALWAYS check on the server-side and do client-side if you would like to add some nice effects etc.
But you will always need to keep in mind that there are people out there who have javascript disable be it a security policy or just because their paranoid. So when you don't have JS enabled you javascript and AJAX requests won't work. So while developing you will need to make sure that if javascript is not their to do the operation that the form is submitted just like a normal HTTP form, this will allow all those paranoid people to also use your application :D.
OR you could always just deny access to those who don't have Javascript enabled but that's not very nice ... So if you want to check if they have javascript enabled checkout - http://www.w3schools.com/TAGS/tag_noscript.asp - for a example.
AJAX is a Javascript client based technology. If js is disable it simply doesn't work.
Php is a server based technology.
In Php you write pages that are dinamically built by the server. Once built they are sent as html to the client.
Using javascript (and Ajax) you can call the server just to request some datas (hint: look at JSON) or just a little html snippet which is plugged in the current page directly by the browser without requesting a full refresh from the server.
With js and AJAX you can achieve a very rich client experience without reloading a full page every time.
I believe nothing will happen if js is disabled. You need js to grab the data.
If you want to use mysql databases, you can use js to access a php script, which can then return any data gathered from a database, rather than doing it in the page.
AJAX is a way for Javascript (client side) to access PHP/ASP/Whatever serverside language you are using. This means, that if you have an PHP script for getting some data from your MySQL database, and want to run that script when the user clicks some random button, AJAX can do that (async)m and you wont have to reload you page to execute the PHP script.
If Javascript is diabled, AJAX won't work.
Which way of redirecting from one page to other is more reliable? I need to to have a link that bring the user to blank page where some php code is executed first(in the background) and then it redirects to the target page. I would like to make this seamless, so the user is not aware that he was redirected. I used javascript for that and it worked fine, but with Javascript disabled it simply won't work. Will php redirection work in this case? Can the header() function be used after some other php code has been executed? All advice appreciated.
Redirecting from PHP with header('Location: '.$URL); die; is the most dependable redirect you can do (since it works at the HTTP level).
The only catch is that you cannot redirect this way if you have produced any output already. This is something that you can avoid by simply thinking through your code flow and designing appropriately, but if push comes to shove you can shoehorn it into an existing code base by utilizing PHP's output buffering capabilities (basic example here).
Yes, header can be called after you run php code, just be sure you don't output any text. Then send a location header.
PHP redirection will work if you didnt send any output before the header. But yes, its easy to notice that you are redirected.
yes you can execute code with PHP before a redirect. Just be certain to use the right HTTP status code for the job. (I assume the default 302 will be appropriate, but you never know.)
This method will alert the client's machine of the redirect, but tends to be seamless enough that the average user wont notice.
Why not use AJAX to call a script that processes data, and then when that AJAX is complete you can redirect to the external page?
If all your first script does is calculate data and redirect, without returning any real content, then there's not a lot of point in forcing the page to be synchronously loaded and displayed with a normal HTTP request. I assume you are allowed to use JavaScript since that's in your question.
I need to cause a user's browser to post data using PHP to another site.
Example: You go to start.com/auto-login-hack (via GET)... then PHP sets the right headers etc. and causes the browser to, via POST, go to 3rdparty.com/login.php with login credentials.
I have done this is the past by having an HTML form and an onload script that submits the form to the destination.
I don't know enough about headers and etc. Is this possible? Can anyone link an example? My search skills just turned up how to use $_POST.
Thanks.
Yes, you can submit POST requests from PHP.
One of your choices is to use curl as shown in this SO question.
However, you cannot do redirects.
You cannot redirect to a POST; this is a limitation of HTTP. You'd have to use JavaScript to cause the browser to post a form.