Jump to content

Recommended Posts

I have a problem with umlauts in the URL, I know that it probably has something to do with the htacces, but I'm not sure about that; Generally I have a problem with the umlauts. most of it is handled by "str_replace" and under control. As also for the formatting that takes place in normal declarations and outputs, but when i hand over a value by the $_GET handler after forwarding via header location; the problem emerges on a scale that exceeds my knowlege towards this issue;

 

Text before forwarding via header location:Ihre Email wurde erfolgreich verifiziert. Sie können nun fortfahren. #ENG: Your email has been verified, you can now proceed....

(https://www.vii7.eu/Register?rmsg=Ihre Email wurde erfolgreich verifiziert. Sie können nun fortfahren.)

Text after forwarding via header location: Ihre%252520Email%252520wurde%252520erfolgreich%252520verifiziert.%252520Sie%252520k%2525C3%2525B6nnen%252520nun%252520fortfahren.

(https://www.vii7.eu/Register?rmsg=Ihre%252520Email%252520wurde%252520erfolgreich%252520verifiziert.%252520Sie%252520k%2525C3%2525B6nnen%252520nun%252520fortfahren.)

Processing rmsg:
public function word($INPT, $ENCODE) { return htmlspecialchars(str_replace(chr(0), "" , str_replace("%2520", " ", trim(strip_tags($INPT)))), ENT_QUOTES | ENT_SUBSTITUTE, $ENCODE); }

Final Output text:

Ihre Email wurde erfolgreich verifiziert. Sie k%25C3%25B6nnen nun fortfahren.



Regards AzeS
Link to comment
Share on other sites

All those %25s means you're URL-encoding the text multiple times. In your case it's three: space becomes %20 (#1) which then becomes %2520 (#2) and then %252520 (#3).

 

Make sure the message is in UTF-8, then URL-encode it once. Your task is to figure out where and why the other two are happening.

Link to comment
Share on other sites

Thanks for your fast response requinix,

Can this be caused by meta Handlers ?

 <meta http-equiv="content-type" content="text/html; charset=utf-8">

Cause the message is sent to three sites; first to the clients mail server then via the word function to the activate.php and afterwards to the register page.

Link to comment
Share on other sites

Nope. Somewhere you're calling urlencode or rawurlencode three times when it should be just once. It's also possible the data is messed up that like to start with and you actually need to be decoding it, but that's not my guess.

 

So I guess it comes down to posting the rest of your code? At least where the messages are coming from.

Link to comment
Share on other sites

Yup, here we go...

Execute:

if (isset($_POST['exe_ema_val'])) {
              if ($crud->e_proof(trim(strip_tags($_POST['usr_dat_ema_for_val']))) != "Diese E-Mail wurde bereits verifiziert.") {
                if (!empty($_POST['usr_dat_ema_for_val'])) {
              $_SESSION['xxx'] = array('usr_usr' => trim(strip_tags($_POST['usr_dat_nam'])),
                                             'usr_ema' => trim(strip_tags($_POST['usr_dat_ema'])),
                                             'usr_pas' => trim(strip_tags($_POST['usr_dat_pas_pt1'])),
                                             'usr_bil_vor' => trim(strip_tags($_POST['usr_dat_adr_bil_fir'])),
                                             'usr_bil_nac' => trim(strip_tags($_POST['usr_dat_adr_bil_las'])),
                                             'usr_bil_str' => trim(strip_tags($_POST['usr_dat_adr_bil_str'])),
                                             'usr_bil_zip' => trim(strip_tags($_POST['usr_dat_adr_bil_zip'])),
                                             'usr_bil_cit' => trim(strip_tags($_POST['usr_dat_adr_bil_cit'])),
                                             'usr_bil_ema' => trim(strip_tags($_POST['usr_dat_adr_bil_ema'])),
                                             'usr_bil_pho' => trim(strip_tags($_POST['usr_dat_adr_bil_pho'])),
                                             'usr_bil_con' => trim(strip_tags($_POST['usr_dat_adr_bil_con'])),
                                             'usr_adr_vor' => trim(strip_tags($_POST['usr_dat_adr_fir'])),
                                             'usr_adr_nac' => trim(strip_tags($_POST['usr_dat_adr_las'])),
                                             'usr_adr_str' => trim(strip_tags($_POST['usr_dat_adr_str'])),
                                             'usr_adr_zip' => trim(strip_tags($_POST['usr_dat_adr_zip'])),
                                             'usr_adr_cit' => trim(strip_tags($_POST['usr_dat_adr_cit'])),
                                             'usr_adr_con' => trim(strip_tags($_POST['usr_dat_adr_con'])),
                                             'usr_bew' => trim(strip_tags($_POST['usr_dat_sel_bew'])));
              $res = $crud->e_check(trim(strip_tags($_POST['usr_dat_ema_for_val'])),5);
              $msg = $res;
           /*   if ($res == 1) {
                    $msg = "Eine email mit einem aktivierungslink wurde ihnen zugestellt.";
                  } else {
                    $msg = "Beim sende vorgang der email ist ein fehler unterlaufen, bitte versuchen sie es erneut oder wenden sie sich an den support.";
                  } */ 
              } else{
                $msg = "Bitte geben Sie eine gültige Em-Mail-Adresse an!";
              }
              } else {
                $msg = "Diese E-Mail wurde bereits verifiziert.";
              }
              
   
}

Process/send:

public function e_check($EMAIL,$TYPE) {
	$code = substr(str_shuffle(str_repeat("0123456789abcdefghijklmnopqrstuvwxyz", 5)), 0, 5);
	$header  = "MIME-Version: 1.0\r\n";
	$header .= "Content-type: text/html; charset=iso-8859-1\r\n";
	$header .= "From: no-reply@VII7.eu";
	$header .= "Reply-To: no-reply@VII7.eu\r\n";
	$header .= "X-Mailer: PHP ". phpversion();
	$mailtext = "<html>
		<head>
    		<title>Ihr Code ist: " . $code . "</title>
    		<meta http-equiv='content-type' content='text/html; charset=utf-8'>
		</head>
		<body>
 			<h1>Zur Bestätigung klicken Sie den folgenden Link:</h1>
 			<a href='www.VII7.eu/activate.php?type=" . $TYPE . "&email=" . $EMAIL . "&code=" . $code . "'>www.VII7.eu/activate.php</a>
		</body>
		<footer>
		Vollmer Impex imports:
		+49 (0) 8732 / 37 99 985
		Frontenhausenerstr. 9
		Marklkofen 84163
		DE
		</footer>
		</html>
		";
	if ($this->send_mail($EMAIL,'Ihre E-Mail Bestätigung bei VII7.',$mailtext,$header) == 1) {
	$sql = $this->Db->prepare("INSERT INTO e_sys(email,code) VALUES (:e,:f)");
	try {
	$sql->execute(array(':e' => $EMAIL, ':f' => md5($code)));
	} catch (PDOException $ex) {
 				$this->report($ex->getMessage());
 				return "Es ist ein Fehler unterlaufen. Versuchen Sie es später noch einmal oder wenden Sie sich an den Support.";	
 	}	
	return "Eine E-Mail mit bestätigungslink wurde Ihnen gesendet, bitte überprüfen sie auch Ihren Spam-Ordner.";
	} else {
		$this->report("e_check" . " type sending error");
		return "Es ist ein Fehler unterlaufen. Versuchen Sie es später noch einmal oder wenden Sie sich an den Support.";	
	}

}

Recieve:

<?php  
require_once 'CORE/dbconnect.php';
 ini_set('display_errors', 'Off');  
 ob_start();
 session_start();
if (isset($_GET['type'])) {
	#var_dump(trim(strip_tags($_GET['type'])));
	switch (trim(strip_tags($_GET['type']))) {
				case 5: 
					$res = $crud->e_proof(trim(strip_tags($_GET['email'])),trim(strip_tags($_GET['code'])));
					#var_dump($res);
					header("Location: Register.php?rmsg=" . $crud->word($res, 'UTF-8'));
					exit();
					break;
				default:
					# code...
					break;
			}		
}
?>

Display(MSG):

   if ( isset($_GET['rmsg']) ) {
    $msg = $crud->word(trim(strip_tags($_GET['rmsg'])), 'UTF-8');
   }
 
      if (isset($msg)) {
        echo "<p>" . $crud->word($msg, 'UTF-8') . "</p>";
      }
 

Func:word
 

public function word($INPT, $ENCODE) { return htmlspecialchars(str_replace(chr(0), "" , str_replace("%2520", " ", trim(strip_tags($INPT)))), ENT_QUOTES | ENT_SUBSTITUTE, $ENCODE); }

Thank you for going through all that code Requinix, Thats kind from you.

Link to comment
Share on other sites

Oh sorry, I thought this section was not relevant, how foolish of me, this code is there to confirm the E-Mailadress in the database. so to Say: to check the code. ^^'

 

public function e_proof($EMAIL,$CODE) {
	$sql = $this->Db->prepare("SELECT * FROM e_sys WHERE email=:e");
	$sql->execute(array(':e' => $EMAIL));
	$res = $sql->fetch(PDO::FETCH_ASSOC);
	if (count($res)) {
		if ($res['valid'] == 1) {
			return "Diese E-Mail wurde bereits verifiziert.";
		}
		if ($res['tries'] == 0) {
			return "Diese E-Mail wurde aufgrund des Verdachts von Missbrauch gesperrt. Bitte wenden Sie sich an den Support.";
		}
		if ($res['code'] == md5($CODE)) {
			$sql = $this->Db->prepare("UPDATE e_sys SET valid=:e WHERE email=:f");
			$sql->execute(array(':e' => 1, ':f' => $EMAIL));
			return "Ihre Email wurde erfolgreich verifiziert. Sie können nun fortfahren.";
		} else {
			$sql = $this->Db->prepare("UPDATE e_sys SET tries=:e WHERE email=:f");
			$newtry = $res['tries'] - 1;
			$sql->execute(array(':e' => $newtry, ':f' => $EMAIL));
			$this->report("e_proof" . " error type nomatch.");
			return "Dieser Code stimmt nicht mit dem in unserer Datenbank überein.";
			
		}
	} else {
		$this->report("e_proof" . " abuse t:notfound POS:url !:REQ:" . $EMAIL . ":CODE:" . $CODE);
		return "Es ist kein Eintrag unter dieser Email vorhanden.";	
	}

}
Link to comment
Share on other sites

In case that the error is in the htaccess i post the code below: 

 

#DirectoryIndex index.php
Options +FollowSymLinks -Multiviews
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule ^ - [F]


# Redirect non-www to www:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]


# Unless directory, remove trailing slash
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/$ http://www.vii7.eu/$1 [R=301,L]

# Redirect external .php requests to extensionless url
RewriteCond %{THE_REQUEST} ^(.+)\.php([#?][^\ ]*)?\ HTTP/
RewriteRule ^(.+)\.php$ http://www.vii7.eu/$1 [R=301,L]

# add extension if the php file exists:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

# add extension if the png file exists:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.png -f
RewriteRule ^(.*)$ $1.png [L]

# add extension if the txt file exists:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.txt -f
RewriteRule ^(.*)$ $1.txt [L]

# add extension if the html file exists:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [L]

# etc.

# finally, route to profile.php if all else fails
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^([a-zA-Z0-9-_.]*)$ /profile.php?id=$1 [L]
Link to comment
Share on other sites

I don't think so. It would have to be in one of the external redirects, and that would be easy to check with browser tools (by watching the network requests).

 

Set up a debugger like XDebug and follow the actual execution to see what's happening. If there's a lot of code then set up a breakpoint at the final line of code (the redirect), run, then look at the call stack and set up breakpoints before each of the function calls.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.