RE: [PHP] Accessing data posted from a different URL
[snip] If the form is submitted from a web browser, the POSTed data IS available/visible (print_r) in the new web page. If the form--that is, any form--is submitted from an email client (any email client), the POSTed data IS NOT available/visible in the new web page. So... I can think of three explanations: 1. The email client (Mail or Outlook Express) is stripping the POST data on Submit. [/snip] Try it with a different mail client, such as Eudora, to confirm. [snip] 2. The web browser (Safari, Firefox) is stripping incoming POST data if it's coming from outside the application. [/snip] There would be no 'incoming' POST data to a browser. That is not how HTTP works. [snip] 3. PHP somehow knows if the form data is being POSTed from inside the web browser or not (and fails on the latter). [/snip] Doubtful. PHP knows nothing except for what it sees. If there is POST data, it sees it, if there is no POST data, it will not. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Accessing data posted from a different URL
[snip] I have a script that periodically sends an email that includes form post to a script, which is meant to do something with the posted data. My problem is that apparently some PHP security measure is not permitting the externally posted data to be access via $_POST. I assume this is due to cross-site scripting issues, but in this case, I want to do just that. Any ideas? [/snip] http://www.php.net/curl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
Hmm, perhaps I didn't explain clearly. To put it another: 1. A script sends an email to a user with sign-in details. 2. The user clicks a [submit] button in the email message called Quick Sign In 3. A web browsers opens to http://www.website.com/signin.php (from the form method=post action=http://www.website.com/sign.php; in the email) 4. Signin.php looks for $_POST[signindetails] and auto-fills the form. Except the form post is not posting signindetails... On 20-Mar-06, at 2:57 PM, Jay Blanchard wrote: [snip] I have a script that periodically sends an email that includes form post to a script, which is meant to do something with the posted data. My problem is that apparently some PHP security measure is not permitting the externally posted data to be access via $_POST. I assume this is due to cross-site scripting issues, but in this case, I want to do just that. Any ideas? [/snip] http://www.php.net/curl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Accessing data posted from a different URL
[snip] Hmm, perhaps I didn't explain clearly. To put it another: 1. A script sends an email to a user with sign-in details. 2. The user clicks a [submit] button in the email message called Quick Sign In 3. A web browsers opens to http://www.website.com/signin.php (from the form method=post action=http://www.website.com/sign.php; in the email) 4. Signin.php looks for $_POST[signindetails] and auto-fills the form. Except the form post is not posting signindetails... [/snip] Have you tried print_r($_POST) ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
Jay Blanchard wrote: [snip] Hmm, perhaps I didn't explain clearly. To put it another: 1. A script sends an email to a user with sign-in details. 2. The user clicks a [submit] button in the email message called Quick Sign In 3. A web browsers opens to http://www.website.com/signin.php (from the form method=post action=http://www.website.com/sign.php; in the email) 4. Signin.php looks for $_POST[signindetails] and auto-fills the form. Except the form post is not posting signindetails... The e-mail client may very well be ignoring the POST request. To diagnose this, you can use Ethereal or some other packet sniffing software. That will also tell you the contents of fields submitted in the POST/GET request. Most certainly, what you want to do is not possible. I say this because Hi5 has eschewed that technique in favor of placing a hyperlink with an argument that contains a validation code. Thus, when you click on the link (which has the validation code embedded), you're directed to the page in question and automatically logged in. To implement that, you'd need a table that correlates validation codes with user IDs on your Web application. [/snip] Have you tried print_r($_POST) ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
#1. Show us the FORM. #2. Show us the email itself #3. Show us the code that processes the POST data. Without that, we're just guessing in the dark. Can you make the form work on your server, WITHOUT the email involved? Check your httpd.conf carefully. There is no inherent reason why this shouldn't work, but it would be trivial for you to configure httpd.conf to make it NOT work if you wanted it that way. What version of PHP are you running? Is it so old that $_POST is really $HTTP_POST_VARS ? Yikes. Upgrade! Add this as the first line to your processing script: ?php phpinfo();? Now use your email to POST to it. What do you see in the output about POST and involving your INPUTs in the form? On Mon, March 20, 2006 4:03 pm, René Fournier wrote: Hmm, perhaps I didn't explain clearly. To put it another: 1. A script sends an email to a user with sign-in details. 2. The user clicks a [submit] button in the email message called Quick Sign In 3. A web browsers opens to http://www.website.com/signin.php (from the form method=post action=http://www.website.com/sign.php; in the email) 4. Signin.php looks for $_POST[signindetails] and auto-fills the form. Except the form post is not posting signindetails... On 20-Mar-06, at 2:57 PM, Jay Blanchard wrote: [snip] I have a script that periodically sends an email that includes form post to a script, which is meant to do something with the posted data. My problem is that apparently some PHP security measure is not permitting the externally posted data to be access via $_POST. I assume this is due to cross-site scripting issues, but in this case, I want to do just that. Any ideas? [/snip] http://www.php.net/curl -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
On 20-Mar-06, at 3:05 PM, Jay Blanchard wrote: [snip] Hmm, perhaps I didn't explain clearly. To put it another: 1. A script sends an email to a user with sign-in details. 2. The user clicks a [submit] button in the email message called Quick Sign In 3. A web browsers opens to http://www.website.com/signin.php (from the form method=post action=http://www.website.com/sign.php; in the email) 4. Signin.php looks for $_POST[signindetails] and auto-fills the form. Except the form post is not posting signindetails... [/snip] Have you tried print_r($_POST) ? Yes. And to answer a few other questions: The script, the email, the server—everything is on the same computer, running on top of the same Apache/PHP installation (v 4.3.11). The form is essentially: form method=POST target=SI action=http:// www.website.cominput type=hidden name=signindetails value=serialized and htmlentitized array values...input type=submit name=submit value=Fill/form I've narrowed it down a little farther: 1. If I copy the form from the email into the destination php page (ProcessSignin.php), and click Submit, it works—I get can see the $_POST[signindetails] 2. If I copy the form from the email into the original php page (MakeandSendSignin.php), and click Submit (with action=ProcessSignIn.php), it works—I can see the $_POST [signindetails] 3. ONLY if I click the Submit FROM the email—email client Mac OS X Mail.app or Outlook Excell—does it fail. The destination php page (ProcessSignin.php) appears, but print_r($_POST) reveals no $_POST [signindetails]. So, it appears that the email clients are stripping the POST data on Submit. ...Rene -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
On Mon, March 20, 2006 5:04 pm, René Fournier wrote: form method=POST target=SI action=http:// www.website.cominput type=hidden name=signindetails value=serialized and htmlentitized array values...input What does this value actually look like? How long is it? Is mail wrapping it to 72 characters with a newline, thereby breaking the data up? Though you would still get some POST data, just not what you thought... type=submit name=submit value=Fill/form I've narrowed it down a little farther: 1. If I copy the form from the email into the destination php page (ProcessSignin.php), and click Submit, it worksI get can see the $_POST[signindetails] 2. If I copy the form from the email into the original php page (MakeandSendSignin.php), and click Submit (with action=ProcessSignIn.php), it worksI can see the $_POST [signindetails] 3. ONLY if I click the Submit FROM the emailemail client Mac OS X Mail.app or Outlook Excelldoes it fail. The destination php page (ProcessSignin.php) appears, but print_r($_POST) reveals no $_POST [signindetails]. So, it appears that the email clients are stripping the POST data on Submit. Possibly. Here's an idea: Take all that signindetail you want and cram it into a database table, with a unique random key field to look it up. You can then use method=GET or even a simple link like: http://example.com/signin?key=345kjh46kjn345984y3569078v9 For those of us who don't even READ html-enhanced (cough, cough) email, it's better anyway. :-) -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Accessing data posted from a different URL
On 20-Mar-06, at 4:40 PM, Richard Lynch wrote: On Mon, March 20, 2006 5:04 pm, René Fournier wrote: form method=POST target=SI action=http:// www.website.cominput type=hidden name=signindetails value=serialized and htmlentitized array values...input What does this value actually look like? How long is it? Is mail wrapping it to 72 characters with a newline, thereby breaking the data up? Though you would still get some POST data, just not what you thought... Actually, neither the form, nor the data seems to matter. I've copied in simple forms from elsewhere, and the only determining factor so far is: If the form is submitted from a web browser, the POSTed data IS available/visible (print_r) in the new web page. If the form--that is, any form--is submitted from an email client (any email client), the POSTed data IS NOT available/visible in the new web page. So... I can think of three explanations: 1. The email client (Mail or Outlook Express) is stripping the POST data on Submit. 2. The web browser (Safari, Firefox) is stripping incoming POST data if it's coming from outside the application. 3. PHP somehow knows if the form data is being POSTed from inside the web browser or not (and fails on the latter). Weird. ...Rene -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php