Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    Regular Coder
    Join Date
    Oct 2006
    Location
    Spain
    Posts
    187
    Thanks
    7
    Thanked 0 Times in 0 Posts

    Question pass information from html or a webpage to php via forms

    Dear all,

    Why this code does not works giving the following message:

    Notice: Undefined index: url in E:\web\public_html\PROGRAMS\phrasenet.com\webapp\server_processing2.php on line 27

    Notice: Undefined index: url in E:\web\public_html\PROGRAMS\phrasenet.com\webapp\server_processing2.php on line 30


    <form action='server_processing2.php'>
    URL: <input type ="text" name="url">

    <input type="submit" value="submit">
    </form>

    <?php


    PHP Code:
    if($_POST){// this checks for the existence of the $_POST array    
                 //now we're assuming a form was submitted
    $urlInForm  $_POST['url'];    
    echo (
    "URL entered: " $urlInForm);
              } 
        
    $url $_POST['url'];
     
    //Use file_get_contents to GET the URL in question.
    $contents file_get_contents($_POST['url']);
     
    //If $contents is not a boolean FALSE value.
    if($contents !== false){
        
    //Print out the contents.
        
    echo $contents;

    ?>

    Thanks in advance

  2. #2
    Regular Coder
    Join Date
    Oct 2015
    Posts
    445
    Thanks
    1
    Thanked 58 Times in 55 Posts
    The $_POST array is always created so:
    PHP Code:
    if ($_POST) {
      ...

    Will always execute.

    When you submit a form, the default submission type is GET and you are trying to use POST in your code.

    Notice: Undefined index: url
    refers to
    PHP Code:
    $_POST['url'

  3. #3
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,385
    Thanks
    10
    Thanked 1,191 Times in 1,181 Posts
    Define the method ....

    <form action='server_processing2.php' method='post'>

  4. #4
    Regular Coder
    Join Date
    Oct 2006
    Location
    Spain
    Posts
    187
    Thanks
    7
    Thanked 0 Times in 0 Posts
    I have placed method="post"

    But the error continues:

    Notice: Undefined index: url in E:\web\public_html\PROGRAMS\phrasenet.com\webapp\server_processing3.php on line 29

    line 29 = $url = $_POST['url'];


    Sincerely speaking, i donīt know where is the error.

    Thanks in advance

  5. #5
    Regular Coder
    Join Date
    Oct 2015
    Posts
    445
    Thanks
    1
    Thanked 58 Times in 55 Posts
    I'm going to take a punt and suggest that you have your HTML and PHP in the same file? and will also suggest that the error occurs when you first load the page?

    When you first load the page, there is no value for url since the browser cannot send information that it doesn't have, this gives rise to your error.

    Have a look through this, what I've tried to do is restrict access to a white listed folder so that a user can only access what you want them to have access to.

    Code:
    <?php
    /**
     * filename server_processing2.php
     */
    /**
     * Giving access to all files on your system including system files,
     * is dangerous, I hope for obvious reasons.
     *
     * An open url will give access to all of your php files as well,
     * which could then be viewed in plain text allowing complete access to your web site.
     *
     *
     * Define a folder containing validated files
     * This restricts access to files which you are happy for users to view
     *
     * $_SERVER['DOCUMENT_ROOT'] is the document root of the web site.
     */
    $white_listed_files = $_SERVER['DOCUMENT_ROOT'] . '/white_listed_files/';
    /**
     *  Test if the user has submitted the form using POST, which is what is expected
     */
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
      /**
       *  Test to see if the filename textbox has been filled in and contains a valid value
       */
      $filename = filter_input(INPUT_POST, 'filename', FILTER_SANITIZE_SPECIAL_CHARS);/** returns filename or false */
      if ($filename) {
        $filename = str_replace("/", "", $filename);/** prevent navigating the file structure */
        /** Check to see if the file exists */
        if (file_exists($white_listed_files . $filename)) {
          /** Add a bit of security to the output to prevent <script> and <a href = > */
          echo htmlspecialchars(file_get_contents($white_listed_files . $filename));
          /** All checks have been completed and the file echoed so exit script */
          exit;
          /**
           * It's also possible to just use:
           *
           * include $white_listed_files . $filename;
           *
           * but that would mean you couldn't use htmlspecialchars in the same way,
           * it all depends on what your files contain and where they come from
           */
        } else {
          echo "File not found, try again.<br>";
        }
      } else {
        echo "There's something wrong with the filename that you have used, try again.";
      }
    }
    /** If any of the above checks failed, echo the form out */
    ?>
    <!DOCTYPE html>
    <html lang="en">
      <head>
        <meta charset="utf-8">
        <title>Dangerously playing with HTML forms and file access</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
      </head>
      <body>
        <form action="server_processing2.php" method="post">
          <label for="filename">URL:</label>
          <input type ="text" id="url" name="filename">
          <input type="submit" value="submit">
        </form>
      </body>
    </html>
    The script works by conducting validation checks (make sure the user has submitted what you expect), if any of them fail, a form is output for the user to submit - in the case where an invalid file has been entered, a message is sent along with the form.

    It might be a lot to take in, but take the time, and certainly take on board the additional security offered - this is by no means complete (I don't know what you hope to achieve), I hope that it will be a learning tool. Never trust user input, always restrict access to your system.

  6. Users who have thanked wha for this post:

    lebronletchev (Oct 21st, 2018)

  7. #6
    Regular Coder
    Join Date
    Oct 2006
    Location
    Spain
    Posts
    187
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Dear WHA

    Many thanks for your interest in helpme and code. Unfortunately my problem dealing with open urls from remote server, not files in my folders, independetly if I palce relative or absolute urls with or wihout "www".

  8. #7
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,385
    Thanks
    10
    Thanked 1,191 Times in 1,181 Posts

  9. Users who have thanked mlseim for this post:

    lebronletchev (Oct 22nd, 2018)

  10. #8
    Regular Coder
    Join Date
    Oct 2006
    Location
    Spain
    Posts
    187
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Yeah... it works fine. Interesting I have created a html file (with a form) and when I input the URL in the box, open a new web page with the contens of the URL.... however the address bar shows my url, not the url of the open page.

  11. #9
    Supreme Master coder!
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    10,385
    Thanks
    10
    Thanked 1,191 Times in 1,181 Posts
    Why would you need to do such a thing in the first place?
    Seems a bit sketchy to me ... I hope you somehow be secure on which files people are viewing.
    Maybe you can elaborate on what the script is supposed to do in the final application.
    We might be getting off-track here.
    Last edited by mlseim; Oct 22nd, 2018 at 12:27 PM.

  12. #10
    Regular Coder
    Join Date
    Oct 2006
    Location
    Spain
    Posts
    187
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Hi Mlseim

    My apologies,

    In true I place wrong my question and my little piece of code. I was "trying" to discovery as working with 2 files - one in html and other in php, where in html I will put the relative url and it will open on the php file independently if it is an url that starts by https or http.

    Thanks


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •