Solved

Inconsistent POST behavior

Posted on 2010-11-26
8
456 Views
Last Modified: 2012-08-14
I'm kinda stumped with this one after several hours of troubleshooting.

The script is a file called 'ns.php' that can be called from a couple different places by BOTH - GET and POST because it can be called by link from another page and call itself through a form. It contains processing at the top and the html output for the form or results at the bottom.

The issue is that in one case, from the <form method="post" ... , the POST data is empty, and prevents correct execution. Furthermore, Firebug reports 2 resulting pages. First, a POST to ns.php (status 302 moved Temporarily), with the response header containing a 'Location https://flydata.mobi/ns.php' and the response containing 2 nearly-identical and full copies of the form page. Secondly, a GET ns.php, has the same html response.

I solved the problem in one way by catching the missing double quotes in <style type=text/css>, but now the issue recurs after getting, then posting, selecting back to the get and now on the post.

I really can't see where this is coming from. As mentioned above, there are both the get & post mechanisms and the puzzle is that I'm seeing a difference between users. On the one side, there's a double post/get with empty post variables (and output duplication) and on the other side there is the correct single post.

I've tried to 'capture' the POST variables earlier, and used
$data = file_get_contents('php://input');

Open in new window

all with the same result - empty $_POST.

	
if ( !empty ( $_POST['flt'] ) AND !empty ( $_POST['dep'] ) AND !empty ( $_POST['date'] ) )
{
	$flt = $_POST['flt'];
	$date = strtoupper ( $_POST['date'] );
	$dep = strtoupper ( $_POST['dep'] );
	$get_ns = "YES";
	$case = '1';
}
elseif ( !empty ( $_GET['flt'] ) AND !empty ( $_GET['dep'] ) AND !empty ( $_GET['date'] ) )
{
	$flt = $_GET['flt'];
	$date = strtoupper ( $_GET['date'] );
	$dep = strtoupper ( $_GET['dep'] );
	$orig = (int) $_GET['od'];
	if ( (int) $date <  $orig )
	{
		$day = ( int ) $date;
		$date = strtoupper ( date ( "jM", mktime ( 0, 0, 0, idate ( "m", strtotime ( $date ) ) + 1, $day ) ) );
	}
	$get_ns = "YES";
	$case = '2';
}
elseif ( !empty ( $_POST['strFlt'] ) AND !empty ( $_POST['strDate'] ) AND !empty ( $_POST['strDep'] ) )
{
	// FA $form_data = "ns.php?strFlt=1022&strDate=14Jun&strDep=MIA&Buttons=Submit";
	$flt = $_POST['strFlt'];
	$date = strtoupper ( $_POST['strDate'] );
	$dep = strtoupper ( $_POST['strDep'] );
	$get_ns = "YES";
	$case = '3';
}
elseif ( !empty ( $_GET['strFlt'] ) AND !empty ( $_GET['strDate'] ) AND !empty ( $_GET['strDep'] ) )
{
	$flt = $_GET['strFlt'];
	$date = strtoupper ( $_GET['strDate'] );
	$dep = strtoupper ( $_GET['strDep'] );
	$get_ns = "YES";
	$case = '4';
}
elseif ( $_POST['submit'] == 'Get NS/NST' )
{
	$empty_req = 'YES';
	$get_ns = 'NO';
	$case = '5';
}
else
{
	$empty_req = 'NO';
	$get_ns = 'NO';
	$case = '6';
}

Open in new window

The code below follows some curl processing.
if ( $get_ns == 'YES' )
{
	echo $ns;
}
elseif ( $get_ns == 'NO' )
{
	if ( $empty_req == 'YES' )
	{
		echo "<center><span style=\"color: red;\"><br />**  Need Flight Info &nbsp; **</span></center>";
	}
	?>
	
	<form method="POST" action="ns.php">
		<br />
		<label for="flt" class="label">Flight Number:</label><br />
		<input type="number" type="number" name="flt" value="<?php echo $flt ?>" class="input_back" maxlength="5" />

		<label for="date" class="label">Date ( e.g. <?php echo strtoupper ( date ( "jM " ) ); ?>): &nbsp;&nbsp;&nbsp;&nbsp;</label><br />
		<input type="number" type="" name="date" value="<?php echo $dep_date ?>" class="input_back" maxlength="5" onBlur="this.value = this.value.toUpperCase();" />

		<label for="dep" class="label">Departure ( 3 letter ):</label><br />
		<input type="text" name="dep" value="<?php echo $dep ?>" class="input_back" maxlength="3" onBlur="this.value = this.value.toUpperCase();" />
						
		<input type="submit" class="submit" name="submit" value="Get NS/NST">
		
		<label for="notice" class="notice">This request will take a few moments to complete.</label>
	</form>
	</div>
<?php
}
?>

Open in new window

0
Comment
Question by:dolan2go
  • 6
8 Comments
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 34220416
Have you tried using the $_REQUEST?  

THe one PHP request takes in both _GET and _POST so there is no possibility of confusion --

http://stackoverflow.com/questions/359047/php-detecting-request-type-get-post-put-or-delete
0
 
LVL 1

Author Comment

by:dolan2go
ID: 34220429
Just in case it's not clear, both the POST & GET requests resulting from one form submit, contain the entire page twice. From <!DOCTYPE html all the way to </html>, twice. This is shown in firebug Net panel.
0
 
LVL 1

Author Comment

by:dolan2go
ID: 34220432
@scrathchboy,

Yes, using $_SERVER['REQUEST_METHOD'] resulted in GET for this questionable behavior and POST for another user having the correct experience.
0
 
LVL 1

Author Comment

by:dolan2go
ID: 34220450
Another interesting development.

On trying to test & confirm the request method above, gets this:

Unable to connect.....
Firefox can't establish a connection to the server at flydata.mobipost.

That end 'post' doesn't belong and it's in the address window.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:dolan2go
ID: 34220489
On the hopes that it might help, here are the good and bad headers

Good Request:
Host: flydata.mobi
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://flydata.mobi/members.php
Cookie: user=354; PHPSESSID=11f3cf63106cbd79ec1717

Good Response:
Date: Sat, 27 Nov 2010 02:28:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Bad Request:
Host: flydata.mobi
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://flydata.mobi/ns.php
Cookie: PHPSESSID=9058b47f4875cc52e4162a14aa; user=335

Bad Response:
Date: Sat, 27 Nov 2010 02:26:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: https://flydata.mobiPOST
Content-Length: 0
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

So the Bad POST request results in 3 requests (firebug) that are:
POST flydata.mobi     302 Moved Temporarily
GET flydata.moipost     Aborted
GET flydata.mobi     200 OK
with the request method = GET displayed on the resulting page.
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34222300
Can you please post the complete scripts?  Thanks.
0
 
LVL 1

Author Comment

by:dolan2go
ID: 34222849
Don't need to post the whole script.

How about this part, found while I was cutting out the unnecessary part of my post for Ray:
   elseif ( $page17_size < 100 AND $page17_status == '302' )
   {
    $_SESSION['logged_in_Jet'] = 'No';
    if ( empty ( $orig ) )
    {
       $orig = "/ns.php?strFlt=$flt&strDate=$date&strDep=$dep&Buttons=Submit";
    }
    header ( "Location: https://flydata.mobi" . $orig );
    exit ( );

Open in new window

I can't believe how those things get in there sometimes. OMG
0
 
LVL 1

Author Closing Comment

by:dolan2go
ID: 34223019
Ray,

Thank you for asking about the script. I was reticent to post 700+ lines of code.

Your suggestion to do so, caused me remove some code and thus to find the header( ) function which was the culprit.

Kudos to you.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now