I'm developing a website and in my attempt to make friendly URLs without recurring to mod_rewrite (because chances are my client's server doesent allow it), I came up with this system:
index.php expects a variable called $seccion, which should contain a relative path to a second file with a particular section. That way I keep the static stuff (header, footer, sidebars) all in index.php, and the only thing that changes is what's in the middle.
Then, if you go to /signup there is only an index.php which has:
<? $seccion = 'signup.php'; #include '../index.php'; ?>
The URL will be www.root.com/signup but it will actually be including www.root.com/index.php and loading www.root.com/signup.php in the center area.
This arrangement also means that everytime I need to link to a file, I have to use an absolute URL.
The problem is that now for some reason POST doesen't seem to be working. Suppose I've got a form in www.root.com/signup and the action is www.root.com/welcome, and it's supposed to send input through POST. Well, the information never gets through. PHP returns $_POST = Array( )
Any ideas?
edit: I forgot to mention that I had already come across the same problem previously in the development, and my solution back then was using ajax, and sending a POST request via jQuery. It's an elegant solution, but not what I always want.
It sounds like something else is going on like a redirect somewhere - do you have any mod_rewrite rules in play that might be redirecting "path/" to "path" or anything like that? Firebug for Firefox will show any redirects in the NET tab.
Anyway, I would recommend that you drop this method and instead use a router to handle your requests. If you look at MicroMVC, CodeIgniter, or most other MVC frameworks you will find that they use a single index.php file which is passed a URL (/blog/read/45) and from there uses a routing file to know to load the "blog.php" file and call "read(45)" or (blog->read(45)).
Try this. This will allow you to have one page as your template. Setup all your other pages including your template to them. Then allow you to do POST within the pages.
File: _design.php
<html>
<head>
<title>Site</title>
</head>
<body>
<?php include $file; ?>
</body>
</html>
File: index.php
<?php
$file = 'pg/index.php'; // this gets content
include $file;
?>
File: pg/index.php
<?php
if(isset($_POST)){
echo '<pre>';
print_r($_POST);
echo '</pre>';
}
?>
<form action="?" method="post">
Name: <input type="text" name="name" />
<input type="submit" value="Send" />
</form>
I ran into a similar problem the other night with a friend who had setup PHP on his windows machine.
For some reason his simple form wasn't passing either post or get data through to his PHP script. There was nothing wrong with his code it was something to do with the PHP or Apache setup. After he installed Aptana and used it's internal server the form worked correctly.
Try testing a simple form first and make sure the _POST data is actually being picked up by PHP.
Related
I have a page named "booking.inc.php" inside a folder marked "Private". Here is the PHP code I wrote to prevent someone accessing the page by typing in the URL unless they click a button with the attribute "submit" and the name "book"...
<?php
if (isset($_POST['book'])) {
echo "It works!";
}
else {
header("location: ../index.php");
}
The HTML page is named "booking.php" and is not in the Private folder.
<!DOCTYPE html>
<html>
<head>
<?php require "header.php" ?>
<title>My Website</title>
</head>
<body>
<form action="private/booking.inc.php" method="post">
<input type="text">
<input type="text">
<button type="submit" name="book">Submit</button>
</form>
</body>
</html>
When I enter in some text into the form and click "submit", I just get a white page and nothing else. No echo statement that says, "It works!" Also, when I type in the path into the browser to get to booking.inc.php, I also just get a blank white page instead of being directed to index.php.
What am I doing wrong?
is this what you're looking for ? if someone try to access "booking.inc.php" directly the code will redirect them to another location.Use the code on the top of "booking.inc.php".
if(!isset($_SERVER['HTTP_REFERER'])){
// redirect them to another uri
header('location:../somefile.php');
exit;
}
"private" directory
The private directory you created is not private in any way. It is just a sub-directory. Therefor I recommend not choosing this name.
single template
You have all the options but you might consider not creating a new file at all. If you choose so you could just send the action to the same file and handle the request accordingly depending on if it's a GET of POST request. This would semantically handle the booking template. It could even allow you to render the page again, if some information was wrong and refill the form with the previously set values handling the error with grace.
redirect
I'm not 100% on this matter, but the redirect might be fine; just that it does not work on your setup. As far as I know you might not receive any headers when using localhost.
If you put a echo "You got blocked"; in there instead of the header it should work. There are other ways of redirection, but you should be fine on a dedicated web server.
security
If you think this check will somehow secure your form submission, you're wrong. This check is not sufficient if the form is supposed to be secure.
As the name of the file is booking.inc.php I assume it might handle some users actions leading to a sale and should therefor be secured! If that is what you're actually asking the techniques you should have a look for are listed in the prevention section of the CSRF Wikipedia article.
Within a Joomla template, I'm trying to use a form (within a Joomla article to keep the template's layout) and pass the data to a processing php-file (for example to enter this data in a mysql db). No Java.
When I hit submit, I'm losing all POST information before it reaches this processing PHP file. I believe this is because Joomla has index.php entered within any URLs.
I understood that any redirects (eg. htaccess changes), clears my needed POST variables.
How can I click on submit-button, keep the POST variables and send these to the processing PHP-file?
Thanks for any help..!
I tried changing the Joomla based URL Rewriting option, but this messes up all my other URLS.
I tried the webhost redirecting tool - this works but kills all data
I tried htaccess changes, but this doesn't seem to have any effect..plus this would also kill the POST variables
I tried relative pathing, doesn't work because of the index.php mixing in anyway.
In my form-file (the actual Joomla article in the template)
´´´´
<form action="process.php" method="POST" />
<input type="submit" value="Submit" />
</ form>
´´´´
The form.php file is located in the same folder as the process.php folder.
The form-php contents' URL has also the index.php, but is functional.
In the processing code I have this:
´´´´´´´´´´
$table = $_POST['formID'];
echo ($table);
$keys = implode(", ", (array_keys($_POST)));
$values = implode("', '", (array_values($_POST)));
´´´´´´´´´´
but the $table is simply empty, due to this index.php part I can't get rid of, I believe.
All this code is in a remote folder following the classical joomla folder structure for modules, so /modules/mod_xyz/tmpl/process.php
Is there a way to properly target the form action so that the index.php is not getting mixed in in any files in the above-mentioned folder? I'd like to keep the index.php in all other links, as they work, and also, I'd like to understand why this isn't working?
Thanks a lot again
Idea is just to be able to click on the submit on the form, so that it POST data can be used in the process.php file (=entering data in the mysql database).
This question can be considered closed.
Let us consider the following html :
<!doctype html>
<html>
<body>
<form method="POST" action="submit.php">
<input name="name" placeholder="Enter your name">
<button type="submit">Submit</button>
</form>
</body>
Now to my understanding this code passes a list of arguments to a the php file which is mentioned in the action attribute of the method .
I understand that the code file is in the server system .
Now let us consider the code for submit.php as follow :
<?php
$name = $_REQUEST['name'];
?>
<!doctype html>
<html>
<body>
Hello <?php echo $name;?>
</body>
</html>
These codes are taken from an answer to my last question .
Now after the submit button is clicked . The client requests for a new page from the server .
I wanted to know what exactly is happening here . Does the server sends this code file to the browser and the php code is executed in the browser or submit.php , generates an html file according to the php code in it and that html file is sent to the client ?
Where is the code getting executed in the browser or in the server . With what I have read till now gives a feel that the code is being executed in the server but to be just sure .
Further , if the case is like the latter , i.e., the inputs are sent to server and the server based on the php code generates an html file that is sent back to the browser , then isn't it a bit inefficient in sending requests the server even for smaller changes ?
So what exactly is happening and where is the code getting executed ?
The PHP source is on the server and remains there. It is executed there, and the result (which is typically HTML, but can be anything else too), is sent as a response to the browser, so you got that right.
The advantage is that the PHP code itself is hidden to to user, and it can do advanced stuff like accessing files and databases which are hidden, and usually unaccessible directly for your website visitor.
The PHP code may be accidentally exposed when PHP is not set up properly. In that case, the code won't run but may be returned as plain text by accident. If you ever see PHP code in your browser, it's almost certainly due to an incorrect server set-up.
Even a small change should usually be done by the server. Theoretically it's inefficient to do those requests all the time, but in reality a request is not a big deal. If you only want to update the page itself, without doing anything special to the server, you could use JavaScript which can run in the browser as part of your page, and which can manipulate the loaded HTML document.
The whole process or execution life cycle can be explained in the following two steps:
Step-1:
Server-side PHP blocks enclosed in <?php ?> tags are executed and removed from the code base on the server on every request.
Step-2:
Client-side script and HTML tags left in step-1 are send for execution and display in the browser.
I hope the explanation is easily understandable now.
I have created an HTML form which calls a php page (function) when submitted:
<form name="business" action="create-account-and-profile.php" method="POST">
<table>
<tbody>
....
I have made sure that create-account-and-profile.php is in the same directory. The php file is a form data processor which starts as follows:
require_once (ABSPATH . "wp-admin/includes/user.php");
if (isset($_POST['personal_email_id'])) {
$email_id = $_POST['personal_email_id'];
.......
For some reason unknown to me, when the form is submitted, a “404 not found” error was generated.
This is on a WORDPRESS platform, hosted in the Openshift environment.
I searched and reviewed relevant posts on this and WORDPRESS forums.
Any advice will be greatly appreciated.
JZ
You must check that create-account-and-profile.php is in the same relative path of HTML page containing the form. e.g.:
if you form is in
example.com/subdir/form.html
the php file must be in
example.com/subdir/create-account-and-profile.php
Have you tried opening the create-account-and-profile.php page simply by typing the URL into your browser? If you can't reach the page that way the problem is probably not connected to the POST request.
I think that not possible with wordpress since wordpress will route all http request to wp-content using internal functions of via httacess.
I'm having a problem with sending back header(location:) as a response from an HTML form POST to PHP_SELF.
The essential parts of the use case:
I'm including inside the main page, a
page which contains all of the form
UI echoed out. This form POSTs to
itself ($_SERVER['PHP_SELF']).
This form contains a "file" field and
passes some text (login, password,
etc) to itself to do an FTP upload.
If the upload is successful, I output
header() where location is the main
page (along with some parameters
which tells the containing page to
print a successful upload message).
The main page (upon receiving the
header) should display the include
with the form echoed out again for
the next upload.
Everything works just as expected in
Dev, but in Prod, I never get my form
back - it's like the header isn't
getting sent.
The three things that have made this so mysterious:
I have two environments, dev is
windows/apache 1.3.37/php 5.2.11 fast
cgi, prod is linux/apache
(2.2.16)/php 5.2.14 fast cgi, and
I've configured as much of the
relevant looking PHP params the same
across both dev and prod. In Dev,
the aforementioned use case works
great. In Prod, the file does
upload, but it's as though the header
is not getting sent back. The block
where the included content should be
is completely empty.
If I separate the include so that the
form content (the UI stuff) is the
only thing in the include, and the
form POSTs to a separate file which
contains the FTP upload logic, the
header sent back at the completion of
a successful upload does work in both
dev and prod...the file uploads, the
header gets sent back, the main page
refreshes, and the contents of the
include are displayed.
In Dev, through Fiddler, I can see
the POST to PHP_SELF with all the
form content, and I clearly see the
header returned back. In Prod, I can
see the POST to PHP_SELF, everything
looks good, but there is never a
header returned returned back.
However, in debugging, headers_sent
told me the header was being sent to
the right location. Echo'ing headers_sent shows up in my main page.
Extra trivia:
I thought at first, .htaccess was
getting in the way, but again,
everything works if I split out the
UI and FTP upload stuff, and
.htaccess in this environment is very
basic.
I also thought, maybe output
buffering would change the behavior -
I tried ob_start in a variety of
logical places, behavior never
changed.
Lastly, I tried a number options in
header location - in some cases, just
pointing to http://www.google.com -
still it's as though no header is
being sent at all.
I'm out of ideas - can someone offer some direction on this??
Here is a simplified test case - which, interestingly enough, behaves the same in dev as prod, so at least it's consistent now.
Test.php is included in a page called "upload.php" with a couple of buttons rendered.
"Try" POSTs to PHP_SELF and the
rendered contents of test.php never
come back when header('Location:
./upload.php') is
called...the space in the including
page is blank.
However, "Try2" POSTs to test2.php
which calls header('Location:
./upload.php') and re-renders the
buttons of the included test.php page
no problem.
Here is a test.php:
<?php
if($_POST['submit']) {
Header('Location: ./upload.php');
} else {
echo
'<form name="test" action="'.htmlentities($_SERVER['PHP_SELF']).'" method="POST">
<input type=submit value=try name=submit>
</form>
<form name="test2" action="test2.php" method="POST">
<input type=submit value=try2 name=submit>
</form>';
}
?>
and here is test.php...pretty simple.
<?php
Header('Location: ./upload.php');
?>
and here is a snippet from upload.php:
<!-- <div id="flashcontent"></div> -->
</fieldset><?php require_once('test.php'); ?></div></div>
</body>
</html>
Today's update - in fact, the behavior of the simple test case was not as I originally thought. I was already including the real-life file above the simple test case include which I think was resulting in the classic headers-already-sent problem. Once I commented out the real-life file, the behavior of the simple test case now matches the original case outlined at the start of this post. So, the simple test case loads the header if called from within the include on form submit, and loads the header if called from another page posted-to from the included file...no problem. However, in production, the results of the header call are only realized if called from a page posted-to, and not if called when posting to php_self.
<div class="panel_wrapper">
<div id="general_panel" class="panel currentmod">
<fieldset>
<legend><?php echo TB_UPLOADFILES; ?></legend>
<?php
//define('upload_opt',TRUE);
//require_once('upload_opt.php');
?>
<!-- <div id="flashcontent"></div> -->
</fieldset><?php require_once('test.php'); ?></div></div>
</body>
</html>
It could be that the header is being sent after an error. Try turning errors off on the production server.
Also check that no white space is being output before the header.
File names in Linux are case sensitive, so make sure your cases are correct too. If it can't find the new location, that could do the trick (although I doubt this, because google.com didn't work.)
Try adding "exit()" after the header declaration.
Make sure your header has the correct syntax and is absolute if the resource is external.
header("Location: http://www.google.com");
exit();
Try doing a dumbed down example on your production server to test. Remove the post altogether and make sure header redirects are working. It could be a restricted function if you are using a shared host and aren't in control of the PHP.ini file.
If none of those work, a snippet of your header code would be interesting to look at.
Somehow, this all has to do with output order, buffering and headers, and is ultimately solved using output buffering (ob_start / ob_end_flush). Despite the fact that output buffering is set the same in both environments (output_buffering: 4096), for some reason, I seem to be enjoying the buffering in Dev that I'm not in Prod. By wrapping the including page in ob_start() and ob_end_flush(), the behavior is now consistent and as-desired in both environments.
I'm not thrilled about this as it seems a workaround, and I still don't have a clue as to why the behavior is different across the two environments. It seems the more sure solution would be not to POST to PHP_SELF to call header(Location), but to POST to another file which calls header(Location). Somewhere, it's probably written that this is best practice, don't try to call header(Location) from within, and avoid the use of output buffering.
Should anyone want to really dig into this mystery, feel free to contact me offline because I've managed to fix the symptoms, but I still don't know what the problem is.