Post PHP form to non-existing page

[Tazz]

The company that I work for host their PHP code on IIS on a Windows server, no Apache, so no mod_rewrite.  I recently wrote a custom framewok that is loosely based on Codeigniter.  To get SEF URL's 'n used a custom 404 page to redirect my URL's to where they should be.  An example URL would be www.example.com/search.  'Search' would not be found and the script would go to the 404 page which would then redirect to my controller named search.php which in turn would load the necessary models and finally the views.  This all works perfectly.

 

My problem however is when I use a simple html form that posts to a php file.  The action is set as follows action="<php echo $BASEPATH ?>search" this path resolves to the search controller.  But the big problem is this file does not exist.  So I do get directed to the page, but the $_POST is empty.

 

Does anyone have any ideas on how to get around this?  The other option is to just avoid forms alltogether and use AJAX for everything, but there has to be something that I am missing or can do different.

[simshaun]

The problem is that you are redirecting from the 404 page to the search page, in turn losing any POST data that may have existed.

 

There are a couple things I can think of off the top of my head.

· You could let the 404 page forward all POST data through headers.

· You could point the form to the search page using CodeIgniter's query string method of acessing controllers. (index.php?c=search)

[Tazz]

Thanks for the reply simshaun.  Your first option sounds interesting. Forwarding the post data through headers.  Can you perhaps give me a link to a website explaining it a bit more in-depth?

 

[simshaun]

Here is an example in the manual: http://www.php.net/manual/en/function.header.php#89447

 

I just had another idea too.  On the 404 page you could check for $_POST data, serialize it and store it in a session, then grab it out of the session and unserialize on the search controller.

[Tazz]

I have thought of grabbing the POST in the 404 page and passing it on to the controller, problem is that the POST is already null by time I get to the 404 page.

 

On my dev PC I run XAMPP to host my PHP projects in.  So I have my code structure in a folder with the 404 page in the root directory with a .htaccess file which contains : ErrorDocument 404 /404.php.  This redirects the Not Found page to my 404 page.  So I wonder if my POST doesn't get lost inside the .htaccess file?  On our live server you set the 404 page in IIS settings which means the 404 page will be the first point of entry for any pages not found.  Do you think the POST would be available in the 404 page on our live server? I suppose the only real way to found out would be to test it.

[trq]

I had the same issue when I first started my new job (all IIS servers). I too originally went down the same path which led to a dead end.

 

Good news is, if your using IIS7 it has a url re-writer built in. If < IIS7 you'll need a third party isapi filter. We use ISAPI Rewrite now and its been pretty good. Real cheap too.

[Tazz]

Hi thorpe, thanks for your reply.  That is really awesome, I didnt know you can do url rewriting with IIS7.  I tried checking our IIS version but it doesnt display it. We're running Win Server 2003 R2 with service pack2 on our server. All I know is that its definately not IIS7 that we're running and like I know this company by now, they wont bother listening to my cries for upgrading.

 

What I am thinking of doing now, which is probably the easiest way out of this dilemma, is to build a post.php file.  Esentially a file that is used just to post forms to, it will loop through the $_POST and put the values in a Session and I will post an additional variable with the name of the controller to which it must redirect the page after the post has been saved in a session.

[Tazz]

Workaround found:

 

login page view :

<form action="<?php echo BASEPATH; ?>post.php" method="post">
     ID number <input type="text" name="id"><br/>
     Password : <input type="password" name="password"><br/>
     <input type="hidden" value="login" name="returnPage">
     <input type="submit" value="Login" />
</form>

 

 

post.php page :

<?php
session_start();
if(isset($_SESSION[$_POST['returnPage']]))
{
    unset ($_SESSION[$_POST['returnPage']]);
}
else
{
    foreach($_POST as $key => $value)
    {
        //sanitizing post!
        $post_array[$key] = strip_tags($value);
    }
    $_SESSION[$_POST['returnPage']] = serialize($post_array);
}
header("location:".$_POST['returnPage']);
?>

 

and inside my login controller :

session_start();
if(isset($_SESSION['login']))
{
    $login_details = unserialize($_SESSION['login']);
}

 

Not the best way to do it, getting some sort of url rewriting going on the server would be best. But under the circumstances this is the best way I think.

[trq]

But under the circumstances this is the best way I think.

 

There is no way I could handle all that overhead simply to tidy up urls. Hit your work up for the what $69? isapi rewrite tool. It really has been a godsend here.

 

Edit: It's $99US. I simply explained the benefits to my boss and had no problems.