"Else" Get Triggered Wrongfully!

uniqueideaman · June 29, 2017, 2:45pm

Guys,

Can anyone figure-out why the ELSE gets triggered after you click the “submit” button when the script is set to trigger the THEN once you click the button ?


<?php

$conn = mysqli_connect("localhost", "root", "", "id");

if ($_SERVER['REQUEST_METHOD'] == "POST")
   {
		$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET["url_to_proxify"]));
		//WHY IS NOT THE FOLLOWING BEING ECHOED ?
		echo $url_to_proxify;
		?>	

		<?php
		//WHY IS NOT THE FOLLOWING CODE GETTING TRIGGERED AFTER SUBMIT BUTTON HAS BEEN CLICKED ?
		$page = file($url_to_proxify);
    	foreach($page as $phrase)
		{	
		//eg: $pattern = array("localhost", "./", "https://", "http://");
		$phrase = preg_replace('/src="/', 'src="'.$url_to_proxify, $phrase);
		$phrase = preg_replace('/action="/', 'action="proxy.php?url_to_proxify=' .$url_to_proxify, $phrase);
		echo $phrase;
		}		
	}
else
	{
		echo 'The "else" got triggered in the "if" condition!';
	}
?>

<html>
   <body>   
      <form action = "<?php $_PHP_SELF ?>" method = "GET">
         Url: <input type = "text" name = "url_to_proxify" />
              <input type = "submit" />
      </form>      
   </body>
</html>

Strange!

Dormilich · June 29, 2017, 2:46pm

you submit the form using GET.

uniqueideaman · June 29, 2017, 2:51pm

Thanks man! In 5 secs, you solved my issue that I was overlooking!

But new issue …

Can anyone figure-out why I get these errors ?

Notice: Undefined index: url_to_proxify in C:\xampp\htdocs\id\proxy.php on line 7

Warning: file(): Filename cannot be empty in C:\xampp\htdocs\id\proxy.php on line 14

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\id\proxy.php on line 15

I already included a file name and so I should not get this error.
Using the script, type “http://google.com” in the text box and then click the “submit” button. You will be redirected to google.com.
Then, search google and you will see these errors mentioned above.


<?php

$conn = mysqli_connect("localhost", "root", "", "id");

if ($_SERVER['REQUEST_METHOD'] == "GET")
   {
		$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET["url_to_proxify"]));
		//WHY IS NOT THE FOLLOWING BEING ECHOED ?
		echo $url_to_proxify;
		?>	

		<?php
		//WHY IS NOT THE FOLLOWING CODE GETTING TRIGGERED AFTER SUBMIT BUTTON HAS BEEN CLICKED ?
		$page = file($url_to_proxify);
    	foreach($page as $phrase)
		{	
		//eg: $pattern = array("localhost", "./", "https://", "http://");
		$phrase = preg_replace('/src="/', 'src="'.$url_to_proxify, $phrase);
		$phrase = preg_replace('/action="/', 'action="proxy.php?url_to_proxify=' .$url_to_proxify, $phrase);
		echo $phrase;
		}		
	}
else
	{
		echo 'The "else" got triggered in the "if" condition!';
	}
?>

<html>
   <body>   
      <form action = "<?php $_PHP_SELF ?>" method = "GET">
         Url: <input type = "text" name = "url_to_proxify" />
              <input type = "submit" />
      </form>      
   </body>
</html>

I suspect the issue is this …
When I click the Google Search box, I am taken to a SERP that has no google domain. Now, I need to deal with this by finding a proper regex that will grab the domain name from any url. I am googling for it but too many links show different ways of doing it and so if you guys know a regex then you are welcome to mention it.

Thanks!

Dormilich · June 29, 2017, 3:17pm

Because the initial page load is a GET request.

uniqueideaman · June 29, 2017, 3:19pm

Yeah, I figured that out the very moment I read your previous post. Thanks!

SamA74 · June 29, 2017, 3:23pm

That means the page load before you have submitted the form.
So this condition is returning true:-

if ($_SERVER['REQUEST_METHOD'] == "GET")

uniqueideaman · June 29, 2017, 3:36pm

Wasn’t there a third one that grabs both GET and POST ? Can;t remember what it was. Might aswell change the GET to that.

DaveMaxwell · June 29, 2017, 3:40pm

You’re missing the point. The get check will ALWAYS return true, so it always goes into it. So you either need to also check for a value in url_to_proxify or replace the two instances of GET to POST. Replacing the instances to POST would probably be better in the long run

Dormilich · June 29, 2017, 3:44pm

most simply done using filters, since there is only one value in the form:

// returns FALSE if it's neither set nor an URL
$url = filter_input(INPUT_GET, 'url_to_proxify', FILTER_VALIDATE_URL);

SamA74 · June 29, 2017, 3:47pm

You are thinking of $_REQUEST but are missing the point like Dave said. Get is the “normal” request method for any page, so it’s going to be true in most cases (where the request method is not something else).

uniqueideaman · June 29, 2017, 8:58pm

Yes! I was looking for $_REQUEST. Thanks for reminding!

uniqueideaman · June 29, 2017, 9:04pm

Let me see if I understood you.
You are saying, the very moment the page loads, it is always getting the following to become $TRUE not matter what. Hence, no chance of the ELSE getting triggered ?

if ($_SERVER[‘REQUEST_METHOD’] == “GET”)

Now, how did I manage to mess this up ?
How would you code it so this mess does not occur ?

Thanks!

uniqueideaman · June 29, 2017, 9:24pm

Thanks man!
Yeah, I did miss the point!
I forgot that, if my url contains the “?” and the “=” which are related to the GET, then I am already triggering the GET, without giving the chance for the script to use the IF condition in the script flow. (Eg. 3rd line of the script in our example).

So, what you are saying is, if I put a link to the following on my webpage:
http://localhost/id/proxy.php?url_to_proxify=http://www.ebay.com

and if any visitor clicks it or if the visitor directly types that in their browser then the 3rd line will always prove to be true:

if ($_SERVER[‘REQUEST_METHOD’] == “GET”)

Hence, the GET will always get triggered. Therefore, the following line of code will be ignored or be rendered useless:


if ($_SERVER['REQUEST_METHOD'] == "GET")
   {
		$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET["url_to_proxify"]));
		echo $url_to_proxify;
		?>	

		<?php
		$page = file($url_to_proxify);
    	foreach($page as $phrase)
		{	
		//eg: $pattern = array("localhost", "./", "https://", "http://");
		$phrase = preg_replace('/src="/', 'src="'.$url_to_proxify, $phrase);
		$phrase = preg_replace('/action="/', 'action="proxy.php?url_to_proxify=' .$url_to_proxify, $phrase);
		echo $phrase;
		}		
	}
else
	{
		echo 'The "else" got triggered in the "if" condition!';
	}

Right ?

Therefore, in order to not get the script jump the first 2 lines (get the GET involved in the url), I should link like this:

http://localhost/e_id/proxy.php

And not go beyond the “.php” in the linking ? Meaning, not link like this:

http://localhost/e_id/proxy.php?url_to_proxify=http://www.ebay.com

Or, am I missing the point again ?

Here is the actual code again to jog your memory:


<?php

$conn = mysqli_connect("localhost", "root", "", "id");

if ($_SERVER['REQUEST_METHOD'] == "GET")
   {
		$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET["url_to_proxify"]));
		//WHY IS NOT THE FOLLOWING BEING ECHOED ?
		echo $url_to_proxify;
		?>	

		<?php
		//WHY IS NOT THE FOLLOWING CODE GETTING TRIGGERED AFTER SUBMIT BUTTON HAS BEEN CLICKED ?
		$page = file($url_to_proxify);
    	foreach($page as $phrase)
		{	
		//eg: $pattern = array("localhost", "./", "https://", "http://");
		$phrase = preg_replace('/src="/', 'src="'.$url_to_proxify, $phrase);
		$phrase = preg_replace('/action="/', 'action="proxy.php?url_to_proxify=' .$url_to_proxify, $phrase);
		echo $phrase;
		}		
	}
else
	{
		echo 'The "else" got triggered in the "if" condition!';
	}
?>

<html>
   <body>   
      <form action = "<?php $_PHP_SELF ?>" method = "GET">
         Url: <input type = "text" name = "url_to_proxify" />
              <input type = "submit" />
      </form>      
   </body>
</html>

Now, about these errors:

Notice: Undefined index: url_to_proxify in C:\xampp\htdocs\e_id\proxy.php on line 7

Warning: file(): Filename cannot be empty in C:\xampp\htdocs\e_id\proxy.php on line 14

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\e_id\proxy.php on line 15

Looking at my code, I guess here it means the Variable has not been defined (error indicating to line 7).
But, I don’t understand how I have not defined it since line 7 looks like this:

$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET[“url_to_proxify”]));

Now, looking at this link:

It seems the best way to avoid this error is by using the “isset”. But, I don’t know how to isset the following:

if ($_SERVER[‘REQUEST_METHOD’] == “GET”)

Anyone have any suggestion to how I can code this part ?

uniqueideaman · June 29, 2017, 11:11pm

No replies to my previous post to how much I am correct in my assumptions and which ones am correct on ?

cpradio · June 29, 2017, 11:17pm

No. Even visiting without the query parameters will trigger that IF statement to be TRUE. All visits to a page are GET by default.

Why are you using mysqli_real_escape_string? You shouldn’t be.

Yup, read this post again (it replaces mysql_real_escape_string) and validate $url has a value in your IF statement ~~(hint: replace INPUT_GET, with $_GET["url_to_proxify"])~~.

uniqueideaman · June 29, 2017, 11:48pm

If you don’t mind me asking: Do you mind simply adding your suggested code onto my code and then pasting it in this thread so I can get a clear picture what you are suggesting ?

Because in my code, I do not see any: $url.
I see instead:

$url_to_proxify = trim(mysqli_real_escape_string($conn,$_GET[“url_to_proxify”]));

Neither do I see in my code: INPUT_GET.
You suggest I change that to: $_GET[“url_to_proxify”]).

I think you are saying to replace the above line with this:

$url_to_proxify = ($conn,$_GET[“url_to_proxify”]));

Yeah, I read mysqli_real_escape_string is outdated.
Let’s see how you would change this line to what.
Best you update my script on your end and just paste it here so newbies all can be clear on what you are hinting. Not everyone can understand hints.

Thanks

cpradio · June 30, 2017, 12:02am

$url_to_proxify = filter_input(INPUT_GET, 'url_to_proxify', FILTER_VALIDATE_URL);

That is actually all you need, after looking at the manual, you do want to use INPUT_GET as that is what the method/function wants.

uniqueideaman · June 30, 2017, 12:10am

I changed it to your suggestion.
Anyway, what about my post 13 above about the Undefined Index error ?
Elsewhere, I just got suggested that, I should revert my code back to:

if(isset($_GET[“url_to_proxify”]) === TRUE)

Recently, I had changed the above line to this (check line 5 in post 13):

if ($_SERVER[‘REQUEST_METHOD’] == “GET”)

What is your input on this ? I reckon what I have been suggested is correct but let us see what you think before I roll off to sleep.
Check this before replying:

Once again thank you everyone who helped! Most appreciated!

Good Night! Happy Dreams!

cpradio · June 30, 2017, 12:12am

Your isset line is just fine. The filter_value is to replace your mysql_real_escape_string

uniqueideaman · June 30, 2017, 12:17am

So, I should stick to my old code, like another is suggesting:

if ($SERVER[‘REQUESTMETHOD’] == “GET”)

He says I should change my new code, which was the following and my Undefined Index error would be gone:

if ($_SERVER[‘REQUEST_METHOD’] == “GET”)

Seems like you are agreeing with him. But correct me if I am wrong.

Thanks and good night! Good weekend too!