homepage Welcome to WebmasterWorld Guest from 54.163.89.8
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess & variables POST
mounaime



 
Msg#: 4624899 posted 8:47 pm on Nov 20, 2013 (gmt 0)

Hello,

I have a problem with a _POST variables which is empty after URL rewriting and redirection.

form:


<form name="myform" id="contactForm" action="http://example.com/sendcontact.php" method="post">

<article class="span6">
<textarea id="msg" rows="3" cols="40" name="message" placeholder="Message">Détails</textarea>
</article>

<article class="span6">
<input type="text" name="adresse" id="adresse">
<input size="100" type="text" name="name" id="name" placeholder="Nom">
<input type="text" size="30" id="email" name="email" placeholder="Adresse e-mail">
<button type="submit" name="submit" id="submit" class="btn btn-renova-alt add-top-half">Send message</button>
</article></form>


PHP :

<?php
if($adresse != "" ){

}
else{
if(isset($_POST['submit']))
{
$to = "daniel@example.com";
$subject = "Email from";
$name_field = stripslashes($_POST['name']);
$email_field = stripslashes($_POST['email']);
$message = stripslashes($_POST['message']);
$body = "<html>\n";
$body .= "<body style=\"font-family:Verdana, Verdana, Geneva, sans-serif; font-size:12px; color:#666666;\">\n";
$body .= "From: $name_field <br/> E-Mail: $email_field <br/> Message: <br/> $message";
$body .= "</body>\n";
$body .= "</html>\n";

$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=utf-8' . "\n";
$headers .= 'Reply-to: '.$name_field. '<'.$email_field.'>' . "\n" ;
$headers .= 'Return-path: '.$name_field. '<'.$email_field.'>' . "\n" ;
$headers .= 'From: MGS < contact@example.com >' . "\r\n";
$name_field = stripslashes($name_field);
$message = stripslashes($message);
mail($to, $subject, $body, $headers);
unset($name_field);
unset($email_field);
unset($message);
}
else
{
echo "Failure!";
}
}
?>


htaccess:

RewriteEngine on
#RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
#RewriteCond %{HTTP_HOST} ^www\.example\.com$
#RewriteRule ^/?$ "https\:\/\/www\.example\.com\/" [R=301,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]


The URL is rewritten correctly but I get an empty value for my POST variable.
PS: I don't get none past variables by the form

Do you have a solution to this?
thank you

 

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4624899 posted 10:52 pm on Nov 20, 2013 (gmt 0)

Last things first: Have you got two different canonicalization redirects from two different sources? In a redirect target (whether by mod_alias or mod_rewrite) you never, ever need to \ escape anything. The R default is 302 temporary, so always say R=301 unless you specifically want it to be a 302.

Any conditions involving protocol and/or hostname should be negative, for example
!^(www\.example\.com)?$
The idea is to say "If the request is anything other than the form I want..." If your site is mixed http and https, you'll need two rulesets, one each way.

Now then: The bad news is that the problem is not in the rules themselves. The problem is in the act of redirecting. The http(s) standard has special rules about redirecting POST requests

:: shuffling papers ::

If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
<snip>
When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.

The prose for 302 is even worse.

The good news is that this is a non-problem, because legitimate requests will never be redirected. The page that holds the form should point it to the correct URL. (The same, of course, applies to any internal link. But the ones involving POST can really enforce the rule.)

Incidentally, I was told by someone hereabouts that the all-encompassing form for ensuring a non-empty variable in php is
empty($variable-name)
This covers you both ways, whether the variable is undefined or its value is zero/null.

aakk9999

WebmasterWorld Administrator 5+ Year Member



 
Msg#: 4624899 posted 11:35 pm on Nov 20, 2013 (gmt 0)

I have seen this done (redirecting POST with POST variables), but not within .htaccess.

What I have seen is cases where POST request actually gets to the script. Then this script does redirection, turning POST variables to GET variables (and at that stage the script can also drop unnecessary variables) and the "Location" in headers would be GET with the URL that contains variables sent originally by POST request. In this case your script should be expecting to get variables either in the POST or GET array. This should not be used if the data sent in POST variables is sensitive.

Second way I have seen this done is again via the script being posted to, where the script upon receiving POST request, stores variables into cookie and the headers returned would be redirect headers as well as set cookie headers. In this case your script should be expecting to get variables either in the POST array or from the cookie.

Your particular example

However, in the particular case from your example above (where you are redirecting to https), then it seems to me that you are posting to the wrong URL (http). So fixing your internal POST target to make sure you specify absolute URL with https should suffice.

This is because POST is executed from within your web pages. If the URL link was somewhere else, or typed into address bar, browser would execute GET and not POST.

So (unless you use some kind of a request builder development tool to test), the only way to execute POST with variables is by posting within your script. Get it right in your script and you will never need to redirect POST with variables set.

Which is in fact what Lucy24 has told you above:
The good news is that this is a non-problem, because legitimate requests will never be redirected. The page that holds the form should point it to the correct URL.

There is one way how the POST that would need to be redirected to https could get from the outside to your site - which would be from another site that has form built and executes POST to your website. If you allow this, you should ask your partners (other sites) to post to the correct fully qualified URL - again as Lucy's quote says.

mounaime



 
Msg#: 4624899 posted 2:06 am on Nov 21, 2013 (gmt 0)

Thank you very much lucy24 & aakk9999
Thank you so much for all your help I really appreciate it , it's been two days that I look for a solution to that and thanks to you my problem is solved and my form works properly with the recuperation of _POST, Thank you so much really you saved my life .
Very good communication, helpful and quick support. I was able to find the right solution by the answer you provided. Short in words, 10 stars out of 10. Thanks & Best Regards!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved