Simple code works in FF and Chrome - not in IE

Hi -

I have the below code in a php file on my webserver. It asks for a project ID, and then logs into an ftp site using that ID as part of the link (I am using the browser ftp functionality with login credentials like ftp://name:password@ftp.example.com). It works fine in FF and chrome, but when you open it in IE, enter the project ID and click on Go, it opens a Page Cannot Be Displayed. Any ideas would be greatly appreciated.

Code:

<?php if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) : $projectid = $_POST[‘projectid’]; header(‘Location: ftp://‘.$projectid.’@ftp.example.com’); else:?>

<form action=“<?php echo $_SERVER[‘…/PHP_SELF’]; ?>” method=“post”>
<p><strong>Enter Your Project ID</strong> :
<input type=“text” name=“projectid” />
<input type=“submit” value=“Go” />
</p>
</form>
<?php endif; ?>

Have you tried entering the ftp address directly into the address bar of IE to see what happens?

Yes, if I go to IE and type in ftp://username@ftp.domain.com it pulls up with a credential request just fine. The problem appears to be in the way the PHP script tries to render that link.

It seems like there is something IE doesn’t like with this line:

<FORM ACTION=“<?php echo $_SERVER[‘PHP_SELF’]; ?>” METHOD=“POST”>

Another forum reply said that I should not use unsanitized PHP_SELF, for security purposes. But this doesn’t resolve my issue.

Thanks for looking at my post! I am a complete newb to php and have no idea what I am doing…

You can look at it here:

http://uptimesd.com/vcc-php.html

The initial page opens in all browsers. But when something is entered in the project field and the OK button is clicked, IE tanks. FF and Chrome work fine and bring you to the FTP site.

Thanks for looking at this!

Just a wild shot. But maybe if you gave the input an initial value attribute with a value of empty?

<FORM ACTION="/vcc-php1.php" METHOD="POST"> 
  <p><strong>Enter Your Project ID</strong> : 
    <input type="text" name="projectid" value="" /> 
    <input type="submit" value="Go" /> 
  </p> 
</form>

Thanks for the advice - I changed it with the empty value and the same thing happens.

Maybe it has something to do with calling itself with PHP_SELF in the original php file? Should I write the html page separately, and call the php file from there?

Just pretty lost here. I appreciate your help.

kb328785 describes your problem, and gives a solution.

Wow, that was it! From the article:

If the Show friendly HTTP error messages option on the Advanced tab of Internet Options is turned on, Internet Explorer does not generate an Authentication dialog box for you to enter the correct user name and password.

I unchecked this setting in IE options, advanced and the site now works. My problem now is to figure out how to have this setting changed from the server side somehow. My client won’t want to tell his users to go into IE to change that. He will want it to work without any effort on their part.

Thoughts?

I think (and sincerly hope from a security point of view) you’re not able to change this setting from the server side.

This leaves you with two options:

• Show a warning message describing the user to turn “Show friendly HTTP error messages” off
• Use another browser

Or, a third quite more elaborate option:

• Serve ftp through a PHP script, using PHP’s FTP functionality

Well I agree with you on the security part. I played with this and found that if I send the password to the location it will work in IE. Like this:

<?php if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) : $projectid = $_POST[‘projectid’]; header(‘Location: ftp://'.$projectid.'password@ftp.example.com’); else:?>

But that only works if I hard code the password into that line. I want to put a variable $pass there, but the way this line reads needs a colon between the username and password. So I have tried getting the $pass in my form action and then passing it to the location like this:

<?php if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) : $pass = $_POST[‘pass’] : $projectid = $_POST[‘projectid’]; header(‘Location: ftp://’.$projectid ‘:’.$pass.‘@mail.vikingcc.com’); else:?>

But I get an error: Parse error: syntax error, unexpected ‘:’

Do you know how to put the colon to the location statement without getting a parse error?

Thank you kindly for your advice!

You forgot a concatenation period after $projectid.

<?php if($_SERVER['REQUEST_METHOD'] == 'POST') : $pass = $_POST['pass'] : $projectid = $_POST['projectid']; header('Location: ftp://'.$projectid.':'.$pass.'@mail.vikingcc.com'); else:?>

Will work.

As an aside: separate this expression out with multiple lines and curly braces.

<?php
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    $pass = $_POST['pass'];
    $projectid = $_POST['projectid'];
    header('Location: ftp://'.$projectid.':'.$pass.'@mail.vikingcc.com');
}else {
    
}?>

That formatting is infinitely more readable than what you posted for anyone else who might be trying to come along and maintain your code after the fact.

Good to see you got it working!

Beware though that sending the password plain-text over the internet is really prone to man in the middle attacks! And especially since this password would give them access to an ftp server this is a risk worth considering.

BTW. Why don’t you just let the users surf to ftp://ftp.example.com/ by themselves and let let them type in the projectid / password? What is the advantage of your PHP script doing it for them?

I have tried the new code with the concatenation . after $projectid, but still get an error related to the colon:

Parse error: syntax error, unexpected ‘:’ in /home/content/u/p/t/uptimesd/html/vcc-php1.php on line 2

Thanks again for all of your help, I feel I am right on the cusp of getting this…

And what’s on line 2 exactly?
Could you maybe post the complete code you have so far? PHP indicating an error on line 2 might also mean there is an error on line 1

PS. You can use [ php ] and [/ php ] (without the spaces) to post PHP code to get it formatted by the forum.

Here is line 2:

<?php if($_SERVER[‘REQUEST_METHOD’] == ‘POST’) : $pass = $_POST[‘pass’] : $projectid = $_POST[‘projectid’]; header(‘Location: ftp://‘.$projectid.’:‘.$pass.’@mail.vikingcc.com’); else:?>

As you can see, I am trying to get the location to point to username:password@mail.vikingcc.com. And php doesn’t like the way the colon is inserted in the above line like this: ‘:’

I just don’t know any other way to do it. Thanks for your help!!!

Please note that a smiley was inserted in the above post. It should have read:

username:password@mail.vikingcc.com

The problem is the colon after

$pass = $_POST['pass'] :

Should be a semi-colon (

This is another reason why I recommend bumping those commands out to individual lines of code. Each line should do one thing (give or take, I don’t count things like concatenation). Assigning multiple variables on the same line just leads to a situation where bugs are more difficult to hunt down.

I realize that you probably think I’m harping on a small detail, but the second someone else tries to read your code, you immediately reduce the likelihood of getting a decent answer by clumping everything together on one line.

That doesn’t only apply to someone else reading your code.
Every once in a while I come by some code I wrote some years ago that needs changing, and I have to think really hard what’s going on in the code and what I should do to change it, and I feel like somebody else wrote it (although I’m sure I wrote it myself).

Because of this if changed my programming style about a year ago:

• Use variable names that makes sense. Sure $nrpst for “Number of posts” makes sense while working on a project, but try reading the code a year later and you’ll be lost, just use $nrOfPosts and get an IDE with code completion
• Don’t cram everything on one line, sure it looks cool and makes your code compact, but spaced out code is much easier to read and debug (as SituationSoap already said)
• Use comments when you can see from a piece of code that its quite hard, or if you have a long piece of code to something complicated, put a comment here and there like “Now we will do this”, “Well, that seems to have gone wrong, let’s solve it by doing that and that”. We all know that writing comments can be tedious, but when you do it to outline a piece of complicated code, you’ll thank yourself later.

Off topic: you just perfectly described the reason that I don’t enjoy coding in perl.