Jump to content

header() redirect with POST


tinker

Recommended Posts

Hi, i'm trying to do a redirect whilst adding some form variables. In my test example it's to a local page, but eventually it'll be an external page and therefore can't use session variables or the like.

 

For my test I have 3 pages, 'start.html', 'redirect.html' and 'end.html'. 'start.html' is just a link to 'redirect.html', here is some php and will be shown next. 'end.html' has a simple form handler that outputs success or failure upon whether it finds form values or not.

 

redirect.html

<?php
$req="submit=true&cmd=test";

$msg = "POST /php_tuts/redirect/end.html HTTP/1.1\r\n".
	"Host: localhost\r\n".
	"Content-Type: application/x-www-form-urlencoded\r\n".
	"Content-Length: ".strlen($req)."\r\n".
	$req."\r\n\r\n";
header("Location: http://127.0.0.1\r\n".$msg);
?>
<html><head></head><body>
<h2>REDIRECT</h2>
You shouldn't see this bit!<br>
</body></html>

 

I've a few variations on this, even trying to construct the whole header as if I were using a socket. Some redirect without the POST variables, others offer to download the rest of 'redirect.html'.

 

Any suggestions to solving how to redirect whilst adding POST variables would be great...

;)

Link to comment
Share on other sites

This should provide you with a working testbed (See previous post for another method to try in redirect.html):

 

start.html

<html><head></head><body>
<a href="redirect.html">the redirect page</a><br>
</body></html>

 

redirect.html

<?php
function gen_redirect_and_form($addr, $page, $msg, $host="")
{
$sret = "";
$sret .= "POST ".$page." HTTP/1.1\r\n";
$sret .= "Host: ".$host."\r\n";
$sret .= "Content-Type: application/x-www-form-urlencoded\r\n";
//$sret .= "Content-Type: text/html; charset=utf-8\r\n";
$sret .= "Content-Length: ".strlen($msg)."\r\n\r\n";
$sret .= $msg."\r\n";
//$sret .= "Connection: Close\r\n\r\n";
return $sret;
}
$msg = gen_redirect_and_form("submit=true&cmd=test", "/end.html");
header($msg);
?>
<html><head></head><body>
<h2>REDIRECT</h2>
You shouldn't see this bit!<br>
</body></html>

 

end.html

<html><head></head><body>
<?php
if(isset($_POST['submit']))
{
$cmd = $_POST['cmd'];
print "SUCCESS: ".$cmd;
}
else
{
print "FAIL";
}
?>
</body></html>

Link to comment
Share on other sites

So say I'm in start.php and I submitted something. Now you want to redirect me to redirect.php, try this:

 

<?php
if ($_POST['submit']) header("Location: redirect.php?cmd={$_POST['cmd']}");
?>

 

Then in redirect.php, you can use $_GET['cmd'] to get the value.

 

Is this what you're talking about? If not, please elaborate your situation. :)

 

Link to comment
Share on other sites

Reading the documentation on header I cam across this in the changelog:

"This function now prevents more than one header to be sent at once as a protection against header injection attacks."

 

I'm not sure if that's the cause of your problem. I don't know if you can but you might try putting each header in a separate function call with Location: last.

Link to comment
Share on other sites

Ken2k7 , no, as stated in first post I can't use GET vars because eventually it'll be external and I don't control the site. The process is a link is clicked (not form) in start.html, this calls redirect.html which redirects whilst adding POST elements. Then end.html parses the POST elements and results accordingly.

 

Fyorl, one version i've tried (with error reporting on) states I couldn't send multiple in one go, therefore i've been trying with multiple headers, just as you would with standard redirect or download, etc... *** Now that I look both examples shown are like this, erm...

 


$req="submit=true&cmd=test";
header("Cache-Control: must-revalidate");
header("Method: POST\r\n");
header("Content-Type: application/x-www-form-urlencoded\r\n");
header("Content-Length: ".strlen($req)."\r\n");
header($req."\r\n");
header("Connection: close\r\n\r\n" );
header("Location: http://127.0.0.1/php_tuts/redirect/end.html\r\n");

 

$req="submit=true&cmd=test";
header("POST /php_tuts/redirect/end.html HTTP/1.1\r\n");
header("Host: localhost\r\n");
header("Content-Type: application/x-www-form-urlencoded\r\n");
header("Content-Length: ".strlen($req)."\r\n");
header($req."\r\n\r\n");
header("Connection: close\r\n\r\n");

 

$req="submit=true&cmd=test";
header('http://127.0.0.1');
header('');
header('POST /php_tuts/redirect/end.html HTTP/1.1');
header('Host: localhost');
header('User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4');
header('Accept-Language: en-us,en;q=0.5');
header('Accept-Encoding: gzip,deflate');
header('Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7');
header('Keep-Alive: 300');
header('Connection: keep-alive');
header('Referer: http://localhost/index.html');
header('Content-Type: application/x-www-form-urlencoded');
header('Content-Length: '.strlen($req));
header('');
header($req);
header("Connection: close\r\n\r\n");

 

It's been a fun day...

 

P.S. I can do it without the redirect with both socket or cURL, but I need to do the redirect...

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.