?
Solved

Apache, PHP, and Missing POST Variables

Posted on 2007-10-15
20
Medium Priority
?
486 Views
Last Modified: 2011-10-03
The $_POST array is always empty after submitting a form.

I'm using the Zend Framework (although this problem doesn't appear to be related). I have an .htaccess in the root directory. It looks like this:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]

The URL /auth/login (path doesn't really exist. It's rewrite magic) shows a login form, which looks like this:

.. html ..
<form id="login_form" action="/auth/login/" method="post">
      <div>
            <label for="username">Username</label>
            <input type="text" id="username" name="username" value=""/>
      </div>

      <div>
            <label for="password">Password</label>
            <input type="password" id="password" name="password" value=""/>
      </div>
            <div id="formbutton">
            <input type="submit" name="login" value="Login" />
      </div>
</form>
.. html ..

Submitting the form ends up with an empty $_POST array. In the root directory's index.php (Where the rewrite rule is sending all requests), I've added to the top:

print_r($_POST)

And it's always Array().

Some interesting things that do work. If I change the form to this:

<form id="login_form" action="/test.php" method="post">

And in test.php I have print_r($_POST), I _do_ get the POST variables. If I create the physical directory /auth/login/index.php (with the same print_r), and change the form to this:

<form id="login_form" action="/auth/login/index.php" method="post">

I _do_ get the POST variables. However if I leave the form as this:

<form id="login_form" action="/auth/login/" method="post">

I _don't_ get the POST variables. In a nutshell, it seems like I only get the POST vars if I specify the name of a real file in the form action. However I can't specify a filename, because the path /auth/login doesn't really exist.
0
Comment
Question by:headzoo
  • 10
  • 7
  • 3
20 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 20076992
What happens if you use:

RewriteRule . index.php [PT,L]
0
 

Author Comment

by:headzoo
ID: 20077025
@hernst42 - Same. $_POST is still empty.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 20077049
enable the rewritelog and it's verbosity to check what excatly is going on. Seems like it's doing a external rewrite where to post-parameters get lost.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:headzoo
ID: 20077061
@hernst42 - I did try that, and I don't see anything unusual. But after hours of fooling around, and trying various rewrite things, I'm not convinced the problem lies with in mod_rewrite.

If I create that path and file /auth/login/index.php, and delete the .htaccess file altogether, I still have the issue. Using action="/auth/login/" doesn't work, while action="/auth/login/index.php" does.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 20077073
How is you DirectoryIndex defined? Does it contain index.php at first or do you have also a index.html there. Can you post the rewrite log?
0
 

Author Comment

by:headzoo
ID: 20077120
I wasn't sure if it mattered or not, but the site is using SSL with an https URL. I tried some things with a non-SSL virtualhost on my server, and everything worked fine.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 20077210
hm got it working with this. Your problem might be the missing Rewritebase:

RewriteEngine On
RewriteBase /~hernst/ee/22893159
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [PT,L]

test.html:
<form action="https://emu/~hernst/ee/22893159/auth/login/" method="post">
<input name="foo" value="bar" type="submit">
</form>

index.php
<pre>
<?php
var_dump($_POST);
var_dump($_REQUEST);
phpinfo();
0
 
LVL 17

Expert Comment

by:nplib
ID: 20079522
it's your action attribute
action="/auth/login/"

it has to point to a specific file with "POST",

point it directly to the php file receiving the form data.

your action attribute works fine with "GET".
best practice you should always put a specific file.
0
 

Author Comment

by:headzoo
ID: 20080870
@nplib - I can't point the form towards a specific file, because the path "/auth/login" doesn't really exist. So "auth/login/somefile.php" really, really doesn't exist. It only exists in rewrite-land.
0
 
LVL 17

Expert Comment

by:nplib
ID: 20080916
then change your form from post to get.

cause there isn't really a way around that.
In order for post to work it has to post to a specif file.

What about the file you are running the
print_r($_POST);
command from? can't you point your form to that?
0
 

Author Comment

by:headzoo
ID: 20080930
@hernst42 - I tried using the RewriteBase, and it doesn't work. I really don't think this is a rewrite issue. Like I said, I turned off mod_rewrite, and the issue still persists in my test scripts.

Right now what I'm looking at, is life is good on my regular http sites, but I still have this issue on my https site. So..

1) Either HTTPS has issues with transporting POST vars when a filename isn't specified. OR...
2) There is a setting in Apache -- specifically in my ssl.conf -- that is messing things up.

I'm leaning towards #2. Can anyone think of an Apache setting that would mess things up?
0
 

Author Comment

by:headzoo
ID: 20080956
@nplib - Using hacks is my second route, and I will once I've exhausted all options here. It wouldn't bother me so much, except it works just fine on my local PC, and it works just fine on my server under a non-ssl site.

And since it's a login form, using GET isn't an option. :)
0
 
LVL 48

Expert Comment

by:hernst42
ID: 20081011
My simple posted example works also with SSL. AFAIK there are no special settings we made for apache. Can't think of  an apache directive which discards posts information.

Can you post the SSL-configuration part of your apache?
0
 
LVL 17

Expert Comment

by:nplib
ID: 20081030
<form action="https://emu/~hernst/ee/22893159/auth/login/" method="post">
<input name="foo" value="bar" type="submit">
</form>

this may be worth mentioning

but usually post won't post the value of the submit button.

you could try putting some else there for testing

<form action="https://emu/~hernst/ee/22893159/auth/login/" method="post">
<input name="something" value="bob" />
<input name="foo" value="bar" type="submit">
</form>

and see what happens.
0
 

Author Comment

by:headzoo
ID: 20081067
My ssl.conf (with comments removed to keep it short) http://pastebin.com/m5b223590
0
 
LVL 48

Expert Comment

by:hernst42
ID: 20081088
@nplib:
Of course will post include the value of the submit-button if you name the button. You can also have multiple submit-buttons and distinguish by the posted value which submit-button the user pressed. As already told the posted example worked on my apache-configuration (which is just a Zend-Core installation with apache 2.2)
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 2000 total points
ID: 20081186
Hm my ssl-config look the same, except the
                SSLVerifyClient require
                SSLVerifyDepth 1

Does the rewrite work if you remove those two lines?
Also at my server the
Options Indexes
is turned on and not off.
0
 

Author Comment

by:headzoo
ID: 20081330
@hernst42 - Yes, the plot thickens! Commenting out those directives fixes everything.. sort of.

When I comment out those lines, my POST vars finally start working.  There's a problem though: I kind of need those lines. They block access to the site, unless the visitor has a public key certificate loaded up in their browser. This is an "internal admin" site, where access is limited.

Hrm..
0
 

Author Comment

by:headzoo
ID: 20081543
Well, the SSLVerifyClient issue seems to be a whole different can of worms. So I'll accept hernst42's solution, and look for answers to the client cert problem.
0
 

Author Comment

by:headzoo
ID: 20081653
Update: In case anyone else has this same problem.

Everything works fine if you put the "SSLVerifyClient require" and "SSLVerifyDepth 1" _outside_ of the <Directory> node. There appears to be a bug in either Apache or PHP, where PHP doesn't get the POST vars when using SSLVerifyClient inside a <Directory> node.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
Suggested Courses
Course of the Month16 days, 2 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question