Solved

submit form to a remote server

Posted on 2014-11-03
13
215 Views
Last Modified: 2014-12-22
Hi,

I have an html form:

http://www.site.com/us/events/techday2014/overview.html

that submits to a remote server php script.

http://www.site2.com/techday2014/toolbox.php

Some users complained that it takes forever for the form to process.  Looked into the log file, I got this kind of error, 302.  Is it cross-domain error?  How do I solve this?

Thank you very much.

Log file
199.106.103.54 - - [03/Nov/2014:13:31:54 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
199.106.103.58 - - [03/Nov/2014:13:44:01 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
199.106.103.52 - - [03/Nov/2014:15:05:09 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
207.140.43.21 - - [03/Nov/2014:15:52:10 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
199.106.103.58 - - [03/Nov/2014:15:53:59 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36"
207.140.43.22 - - [03/Nov/2014:16:00:37 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:08:20 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:09:57 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:11:23 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:13:18 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:14:34 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:19:14 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:24:08 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:32:52 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:34:55 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:38:28 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:40:27 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:41:41 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:42:36 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"
207.140.43.22 - - [03/Nov/2014:16:50:43 -0500] "POST /techday2014/toolbox.php HTTP/1.1" 302 - "http://www.site.com/us/events/techday2014/overview.html" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; MS-RTC LM 8)"

Open in new window

0
Comment
Question by:levbao
  • 4
  • 3
  • 3
13 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40420620
0
 

Author Comment

by:levbao
ID: 40420633
Hi Ray,

Thank you for your response.  Could it be a cross-domain issue on some browsers when I submit the form to a remote server?  People from the same company could submit the form and I got the record in the database, however some people could not submit the form.

Regards,
Bao
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40420658
Without seeing the code in the action script, to see how it treats forms from foreign servers, we can't be sure.  But Cross-site request forgeries are one of the things that developers defend against.  Sometimes the defense is to sleep() for a while in order to reduce the effects of a DoS attack.  It may also be setting a cookie, and if the cookie is not returned, it may be altering its behavior.  Cookies are only settable for the domain in question; a cookie set by an action script will only be usable with the domain name of the action script.

What's the design strategy behind the current setup?  Any reason why you can't have the form and action script in the same domain?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:levbao
ID: 40420749
Hi Ray,

This form has been there for a while and I am taking over.  My understanding for the current setup is that the server that host the html form doesn't support php (it's controlled by our client) so we submit it to a remote server that supports php.

It's just a very simple form, after validating the form, document.my_form.submit();

<form name="my_form" action="http://www.site2.com/techday2014/toolbox.php" method="post">
<input type="hidden" name="app_data" value="1" />
<input type="hidden" name="LOC" id="LOC" />
.....
</form>

Open in new window


toolbox.php
#################################################################
<?php
session_start(); ob_start();
$SERVER = '...';
$USER = '...';
$PASSWORD = '...';
$DATABASE = '...';

function redirect($url, $type=301)
{
	if ($type == 301)
	{
		header("HTTP/1.1 301 Moved Permanently");
		header("Location: ".$url);
		echo 'This page has moved to <a href="'.$url.'">'.$url.'</a>';
		exit();
	}
}
$con = mysqli_connect($SERVER,$USER,$PASSWORD,$DATABASE);
if (!$con){die('Could not connect: '.mysqli_connect_error());}

function enterApplicant(){
        global $con, $_REQUEST;

        $breakout_sessions = 'N/A';
        $tshirt_size = 'N/A';
        
        if(!empty($_REQUEST['BREAKOUT_SESSIONS'])) {
            $breakout_sessions = implode(",", $_REQUEST['BREAKOUT_SESSIONS']);
        }
        if(strlen(trim($_REQUEST['TSHIRT_SIZE']))!=0) {
            $tshirt_size = $_REQUEST['TSHIRT_SIZE'];
        }
        $title = ($_REQUEST['TITLE']!='Other')? $_REQUEST['TITLE'] : $_REQUEST['TITLE_OTHER'];
        
	$QUERY = "INSERT INTO Applicants ";
	$QUERY .= "(first,last,title,department,email,breakout_sessions,code,tshirt_size) ";
	$QUERY .= "VALUES ";
	$QUERY .= "('".$_REQUEST['FIRST']."','".$_REQUEST['LAST']."','".$title."','".$_REQUEST['DEPARTMENT']."','".$_REQUEST['EMAIL']."','".$breakout_sessions."','".confirmation_code()."','".$tshirt_size."')";
	
	$Red = substr($_REQUEST['LOC'],0,-13).'thank-you.html'; 	//FOR PROD
	
	$q = mysqli_query($con, $QUERY);
	if ($q){

		mail('admin@site.com','noreply@site.com','Tech Day Registration',adminEmail()); 
		mail($_REQUEST['EMAIL'],'noreply@site.com','Tech Day Participant',ApplicantEmail());
		header('Location: ' . $Red);
	}
}
if (isset($_REQUEST['app_data'])){enterApplicant();}

Open in new window

###################################################################

Regards,
Bao

Ed. note: Code moved into Code snippet
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40420797
This "header('Location: ' . $Red);" is the line that causes the 302 and it's done on purpose to send the user to another page.  It's not an error.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40420816
I see the 301 redirects, but no 302 redirects in this code.  How are  you sure that this is the code that is getting executed?
0
 

Author Comment

by:levbao
ID: 40420867
Hi Ray, yes, I am sure this code gets executed because I got it from <form action="http://www.site2.com/techday2014/toolbox.php">

Dave, after it inserts into db, it redirects user to thank-you.html which is back to the server that host the form.  

Like I said, not all users experience the same issue that they could not submit the form, it just takes forever.  So what could take the form forever to process for some users?

My initial thought was this could be a client side issue like different browsers behave differently when redirects to a remote server (like Dave said "header('Location: ' . $Red);" is the line that causes the 302).

Regards,
Bao
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40421058
The "header('Location: ' . $Red);" is what causes the 302.  That's what it is supposed to do.  More info here:

http://php.net/manual/en/function.header.php

http://en.wikipedia.org/wiki/HTTP_302
0
 

Author Comment

by:levbao
ID: 40422121
Thanks Dave.  I am wondering if the line "header('Location: ' . $Red);" causes the issue, I should at least see the record in the database.  But for those users complained about the form, I don't see their records in the database.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40422186
The 'header' only causes the 302 listing in your log.  It has nothing to do with the database.  And $_REQUEST is an automatic 'global', you do not need to declare it.  

But you are doing something I never do and that is using the $_REQUEST variables directly in your SQL text.  There is probably an error in the SQL that is being generated.  It could be invalid or empty values in one or more of your $_REQUEST variables.  This is the format I use to process incoming $_REQUEST, $_POST, and $_GET data.  I never use it directly.  Note in the 'else' part of the statement, I am using 'substr' to limit the size of the data.  One of the most frequent problems with forms is people sending over size data to try to crash or break the forms.

if (!isset($_REQUEST['ordnum'])) $ordnum = ''; else {$ordnum = substr($_REQUEST['ordnum'],0,32);}

Open in new window

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question