Jump to content

Archived

This topic is now archived and is closed to further replies.

tinker

header() redirect with POST

Recommended Posts

Hi, i'm trying to do a redirect whilst adding some form variables. In my test example it's to a local page, but eventually it'll be an external page and therefore can't use session variables or the like.

 

For my test I have 3 pages, 'start.html', 'redirect.html' and 'end.html'. 'start.html' is just a link to 'redirect.html', here is some php and will be shown next. 'end.html' has a simple form handler that outputs success or failure upon whether it finds form values or not.

 

redirect.html

<?php
$req="submit=true&cmd=test";

$msg = "POST /php_tuts/redirect/end.html HTTP/1.1\r\n".
	"Host: localhost\r\n".
	"Content-Type: application/x-www-form-urlencoded\r\n".
	"Content-Length: ".strlen($req)."\r\n".
	$req."\r\n\r\n";
header("Location: http://127.0.0.1\r\n".$msg);
?>
<html><head></head><body>
<h2>REDIRECT</h2>
You shouldn't see this bit!<br>
</body></html>

 

I've a few variations on this, even trying to construct the whole header as if I were using a socket. Some redirect without the POST variables, others offer to download the rest of 'redirect.html'.

 

Any suggestions to solving how to redirect whilst adding POST variables would be great...

;)

Share this post


Link to post
Share on other sites

do you have a live sample of what your tempting? or what your currently working on?

Share this post


Link to post
Share on other sites

This should provide you with a working testbed (See previous post for another method to try in redirect.html):

 

start.html

<html><head></head><body>
<a href="redirect.html">the redirect page</a><br>
</body></html>

 

redirect.html

<?php
function gen_redirect_and_form($addr, $page, $msg, $host="")
{
$sret = "";
$sret .= "POST ".$page." HTTP/1.1\r\n";
$sret .= "Host: ".$host."\r\n";
$sret .= "Content-Type: application/x-www-form-urlencoded\r\n";
//$sret .= "Content-Type: text/html; charset=utf-8\r\n";
$sret .= "Content-Length: ".strlen($msg)."\r\n\r\n";
$sret .= $msg."\r\n";
//$sret .= "Connection: Close\r\n\r\n";
return $sret;
}
$msg = gen_redirect_and_form("submit=true&cmd=test", "/end.html");
header($msg);
?>
<html><head></head><body>
<h2>REDIRECT</h2>
You shouldn't see this bit!<br>
</body></html>

 

end.html

<html><head></head><body>
<?php
if(isset($_POST['submit']))
{
$cmd = $_POST['cmd'];
print "SUCCESS: ".$cmd;
}
else
{
print "FAIL";
}
?>
</body></html>

Share this post


Link to post
Share on other sites

Does anybody know if this is possible using cURL, i.e. redirect not fetch!

Share this post


Link to post
Share on other sites

OK, one way I know that works is to generate a new page with a form and submit with javascript, but hey what if they've got javascript turned off...

 

Anybody got a solution to any of the 3 methods described in this thread?  ::)

Share this post


Link to post
Share on other sites

So say I'm in start.php and I submitted something. Now you want to redirect me to redirect.php, try this:

 

<?php
if ($_POST['submit']) header("Location: redirect.php?cmd={$_POST['cmd']}");
?>

 

Then in redirect.php, you can use $_GET['cmd'] to get the value.

 

Is this what you're talking about? If not, please elaborate your situation. :)

 

Share this post


Link to post
Share on other sites

Reading the documentation on header I cam across this in the changelog:

"This function now prevents more than one header to be sent at once as a protection against header injection attacks."

 

I'm not sure if that's the cause of your problem. I don't know if you can but you might try putting each header in a separate function call with Location: last.

Share this post


Link to post
Share on other sites

Ken2k7 , no, as stated in first post I can't use GET vars because eventually it'll be external and I don't control the site. The process is a link is clicked (not form) in start.html, this calls redirect.html which redirects whilst adding POST elements. Then end.html parses the POST elements and results accordingly.

 

Fyorl, one version i've tried (with error reporting on) states I couldn't send multiple in one go, therefore i've been trying with multiple headers, just as you would with standard redirect or download, etc... *** Now that I look both examples shown are like this, erm...

 


$req="submit=true&cmd=test";
header("Cache-Control: must-revalidate");
header("Method: POST\r\n");
header("Content-Type: application/x-www-form-urlencoded\r\n");
header("Content-Length: ".strlen($req)."\r\n");
header($req."\r\n");
header("Connection: close\r\n\r\n" );
header("Location: http://127.0.0.1/php_tuts/redirect/end.html\r\n");

 

$req="submit=true&cmd=test";
header("POST /php_tuts/redirect/end.html HTTP/1.1\r\n");
header("Host: localhost\r\n");
header("Content-Type: application/x-www-form-urlencoded\r\n");
header("Content-Length: ".strlen($req)."\r\n");
header($req."\r\n\r\n");
header("Connection: close\r\n\r\n");

 

$req="submit=true&cmd=test";
header('http://127.0.0.1');
header('');
header('POST /php_tuts/redirect/end.html HTTP/1.1');
header('Host: localhost');
header('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4');
header('Accept-Language: en-us,en;q=0.5');
header('Accept-Encoding: gzip,deflate');
header('Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7');
header('Keep-Alive: 300');
header('Connection: keep-alive');
header('Referer: http://localhost/index.html');
header('Content-Type: application/x-www-form-urlencoded');
header('Content-Length: '.strlen($req));
header('');
header($req);
header("Connection: close\r\n\r\n");

 

It's been a fun day...

 

P.S. I can do it without the redirect with both socket or cURL, but I need to do the redirect...

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.