POST Variables

[jadecook]

Do post variables have to be in a form? For an example, I make a site that has one page called "index.php" on my site's root, and I want to call different bodies to it. I would do something like this with the GET function.

Code: Select all

<html><body>
<a href="?page=home">Home</a>
<a href="?page=contact">Contact</a>
<?php include("/pages/" . $REQUEST_["page"] . ".php"); ?>
</body></html>


But say I want to use the POST function so I don't have to see all the junk in the URL, and make it more secure. How would I make a link using POST?

[WallShadow]

Hmm, I didn't quite understand what you want, but what you can try is using cookies or PHP sessions for such hidden stuff.

[jadecook]

I just want to make a link that passes a POST variable, is it possible?

[WallShadow]

I just want to make a link that passes a POST variable, is it possible?

I can't think of any way to do that. A link is used for traversing, not submitting data. If you really need it, you can pass a GET variable with a link such as <a href="moo.com/moo.php&foo=bar">something</a>. Something that you can do is to use php sessions in a smart way. When you load a page, php has a way of knowing where you came from (and if it doesn't know, just store the current page the user is on in a session and you can always see where a user came from that way).

Anyone got any other ideas?

[jadecook]

Huh. Yeah I was thinking about making my dir like this

Code: Select all

index.php (root)

+pages (folder) {
home.php
contact.php
}


That way I can code my index.php body to say:

Code: Select all

include("/pages/" . $REQUEST_["page"] . ".php");


And the URL will always read: mysite.com
Because everything is happing in the background.

-- Sun Dec 02, 2012 6:46 pm --

IDEA!

What if... The link was a GET variable, but went to a page to "clean" it, then redirected back to the home page?!

index.php:

Code: Select all

<html><body>
<a href="clean.php?page=home">HOME</a>
<a href="clean.php?page=contact">CONTACT</a>
<?php include("/pages/" . $_REQUEST["page"] . ".php"); ?>
</body></html>


clean.php:

Code: Select all

Huh, I'm stuck here...
How do I take my GET page, and change it to a POST page?
Then transfer the current DIR back to "index.php" to use it?


[weekend hacker]

if you want to clean up the url, you could possibly use apaches modrewrite. If its installed on your webhost you could add the following to the .htaccess file in the affected directory:

Code: Select all

RewriteEngine on
RewriteRule ^page/([^/\.]+)/?$ index.php?page=$1 [L]


With that you can link to ursite.com/page/contact or ursite.com/page/contact/ and internally, it'll proccess index.php?page=contact
Rewrite rules consist of: RewriteRule pattern substitution flags
So in this case it means:

Code: Select all

^page/

If the url starts(the ^) with page/ the rule is proccessed, if not it'll be ignored

Code: Select all

([^/\.]+)

Remember whatever is between the (), which would be 1 or more chars(the +) that aren't(the ^) a / or a .(. has special meaning so it uses \.)

Code: Select all

/?$

The only thing after that string we just captured may be a / and nothing else.

Code: Select all

index.php?page=$1

The page to replace it with, the $1 will be whatever we remembered between the previous ()

Code: Select all

[L]

Don't proccess any other rewrite rules.

This will do what you need. If you're using something other then apache you might need to take a different aproach. But prettymuch all webservers have some kind of functionality for this, but you can't always set it with a file in a web dir and may need to tweak some configs.(example taken from this site.)

Other things to remember... The php code you wrote is very vuln, you'll be hacked pretty quickly.
You don't check the contents of page, it could be anything, and they can open any file on your machine!
Not only can they use ../ to go back dirs, they can open any possible file extension by ending their string with a nullbyte(which will end the string before you .php is added)
With your current setup try opening index.php?page=../../proc/self/environ%00 (assuming its a linux box)
keep adding ../'s untill it works. You'll see all kinds of info related to the current web proccess. One of those things displayed is the users USER AGENT, something you can set yourself. And since this is included by php, even though it doesn't end with .php any code in there will be executed. So a person going there with a custom string set as their user agent, can run any code on your machine. Which in turn can run more code.. etc etc untill your box is rooted.
We call this a local file inclusion, there are loads of ways to exploit this type of thing and you'll need to secure it properly.
addslashes to deal with the nullbyte injection, and either only accept very specific pages(use a switch) or actualy check what the constructed directory would be with realpath.
I may be forgetting things here... but that about covers it.