Cannot access variables in URL on https-site?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Cannot access variables in URL on https-site?

Post by LJ79 »

Hey there,
I just registered so if I am asking in the wrong place please tell me so and I'll delete and repost the question.

Here goes:

I am having problems accessing the variables written in the URL of a site hosted on a secure server (https) - when i upload the same file to a normal server there is no problem and it reads all variables with $_GET, but from the https site i cant get them.

Does anybody know anything about this?
Do I need to use another method to access url-variables on a https?

Thanks in advance!
MalikBB
Forum Newbie
Posts: 11
Joined: Fri Jul 20, 2007 4:34 am
Contact:

Post by MalikBB »

on the second site there must be server 'understanding' https
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

can i somehow check that?

(the https server is for some crecit card payment service provided by my webhosting firm)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

please try

Code: Select all

<?php
foreach( array('_GET', '_POST', '_REQUEST', '_SERVER') as $v ) {
	echo '<pre>', $v, ': ';
	print_r($$v);
	echo "</pre>\n";
}
on the https server.
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

volka,

then the returned url looks kinda like this (i deleted some of the variables, but you get the idea):

https://pay.scannet.dk/xxx/shop/result. ... ostnr=8000

and your little script returns:
_GET: Array
(
)

_POST: Array
(
)

_REQUEST: Array
(
)

_SERVER: Array
(
[DOCUMENT_ROOT] => /domains/www.xxx.dk/www
[HTTP_ACCEPT] => */*
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => http://www.xxx.dk
[HTTP_USER_AGENT] => Wget/1.8.1
[PATH] => /bin:/usr/bin:/usr/local/bin
[REMOTE_ADDR] => 195.xx.xxx.84
[REMOTE_PORT] => 41438
[SCRIPT_FILENAME] => /domains/www.xxx.dk/www/shop/result.php
[SERVER_ADDR] => 195.xx.xxx.10
[SERVER_ADMIN] => root@xxx.dk
[SERVER_NAME] => http://www.xxx.dk
[SERVER_PORT] => 80
[SERVER_SIGNATURE] =>
[SERVER_SOFTWARE] => Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e PHP/5.2.1-0.dotdeb.1 with Suhosin-Patch
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /shop/result.php
[SCRIPT_NAME] => /shop/result.php
[PATH_TRANSLATED] => /domains/www.xxx.dk/www/shop/result.php
[PHP_SELF] => /shop/result.php
[REQUEST_TIME] => 1184929108
[argv] => Array
(
)

[argc] => 0
)
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

... and when i test exactly the same file (incl. the url-variables) on a normal server it returns all the variables in the _GET and _REQUEST arrays...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

the ...returned url... I'm not sure I'm missing something. To be on the safe side: this
calls your script and in this script (result.php) you cannot access the GET parameters ordrenr, prisumoms etc. ?

Can you POST data to that script, e.g. via <form method="POST", and access these parameters ( print_r($_POST); ) ?
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

yes exactly - i cannot access the $prisumoms and other variables in the url -

and no, unfortunately i cant do a POST instead, since this site (and the url) is generated by the "credit card payment module" that my webhost is offering. So the secure server is theirs and i simply do a POST with all the variables and they evaluate the creditcardinfo and then return the evaluation and alle the other variables (like price, addresses and other buyer info) with a GET to this result.php --

my problem is simply that I cant access the variables in the url - i find it very strage and the only thing i can think of that it could be is that it is a https. But i dont know anything about https-sites, and i dont know if it is standard there that they dont allow you to access the variables that are sent via GET.

(and that would make no sense, since that is exactly the way they sends them, so i am pretty confuzzled)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Have only read until
LJ79 wrote:and no, unfortunately i cant do a POST instead
It's a test whether only GET parameters are truncated or POST values as well. Please try.
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

okay now i tried POSTing variables directly to the result.php script and it cant access them either - (when it is uploaded to the secure server) -

and the little piece of code you gave me above to check for variables agains just show empty arrays under post, get and request...
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

When i test the result.php on a secure and a non secure server with that little snippet of code you gave me there is one difference (aside form the fact that the secure server doesnt get any variables):

FROM NORMAL SERVER:
[HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_LANGUAGE] => da,en-us;q=0.7,en;q=0.3
[HTTP_CONNECTION] => keep-alive
[HTTP_HOST] => http://www.xxx.dk
[HTTP_KEEP_ALIVE] => 300
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
FROM SECURE SERVER:
[HTTP_ACCEPT] => */*
[HTTP_CONNECTION] => Keep-Alive
[HTTP_HOST] => http://www.xxx.dk
[HTTP_USER_AGENT] => Wget/1.8.1
I dont know what those mean, but it seems like there are at least some differences on th server settings between the two servers...

I wrote my hosting company again - they are replying so slowly and always some kind of dodging answer, as if they have no clue what php is...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

I think now would be a good time to ask the people at scannet.dk what is removing the data. Reverse proxy, stateful firewall ...anything?
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

Hey thanks a lot! Very nice of you to help -
Now I am well-equipped to approach them! :)
When I find the solution I'll come back and post it here.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

LJ79 wrote:I dont know what those mean, but it seems like there are at least some differences on th server settings between the two servers...
Those are parameters/headers sent by the client. Instead of wget you might want to try

Code: Select all

<form method="post" action="https://pay.scannet.dk/xxx/shop/result.php">
	<div>
		<input type="hidden" name="ordrenr" value="14" />
		<input type="hidden" name="prisumoms" value="75.00" />
		<input type="hidden" name="kontrol" value="222" />
		<input type="hidden" name="valuta" value="208" />
		<input type="hidden" name="postnr" value="8000" />
		<input type="submit" />
	</div>
</form>
in your firefox
LJ79
Forum Newbie
Posts: 9
Joined: Fri Jul 20, 2007 4:16 am

Post by LJ79 »

Funny! I just noticed you are sitting in Berlin - so am I :)
*opens window and screams "Volka" to check if we're neighbours*
--

Okay, I tried POSTing again from a form - just like you suggest - but still the [HTTP_USER_AGENT] gives "Wget/1.8.1" -
and the script doesnt recieve the variables... (I dont know what "wget" is).

Thanks a lot for your effort.
Post Reply