0

So here's my problem summed up:

I have this form, (in page X for the sake of example) that submits data to a processing page, whose address is a URL mapped by Apache's RewriteAlias. This form's action URL has a session hash key as a GET query that would be required for it to go through, and this changes with every page load for each user. That session hash isn't changed when you are in the processing page. Normally it would go through, but in this case it wouldn't.

After a while of investigating, I figured the most likely reason that this is happening is that the mapped URL must have redirected through pages somehow when Apache processed the .htaccess file containing all the rewrite conditions, and changed the session hash key in the mapped page X. I found this out when I used the original unmapped URL that's page X(which would be index.php?snowglobe={snowglobe} as opposed to /sg/{snowglobe}. I don't know what's causing the mapped URL to change the session hash, and for that matter how to fix this problem.

The PHP snippet containing the session hash

    if(!isset($_GET['verify'])){     $_SESSION['temp_n'] =   md5(microtime(true));} //this changes at every page except the processing page

The .htaccess file

RewriteEngine On
RewriteRule ^profile/([A-Za-z0-9]+)/?$    index.php?profile=$1        [PT]
RewriteRule ^thread/([-_A-Za-z0-9]+)/?$    index.php?thread_view=$1   [PT]
RewriteRule ^profile_nuise/([-_A-Za-z0-9]+)/?$    index.php?query=$1   [PT]
RewriteRule ^profile_nuise/([-_A-Za-z0-9]+)/notifs/?$    index.php?query=$1&notifs=all                                                    [PT]
RewriteRule ^profile_nuise/([-_A-Za-z0-9]+)/find/([A-Za-z_-]+)/?$    index.php?query=$1&find=$2                                      [PT]
RewriteRule ^profile_nuise/([-_A-Za-z0-9]+)/find/([A-Za-z_-]+)/?$    index.php?find=$2&query=$1                                     [PT]                         
RewriteRule ^profile_nuise/([-_A-Za-z0-9]+)/find/([A-Za-z_-]+)/submit    index.php?find=$2&query=$1&direct=$2_submit                                 [PT]
RewriteRule ^thread/([-_A-Za-z0-9]+)/comment/([a-z0-9]+)/?$    index.php?comment=$2&thread_view=$1                                                   [PT]
RewriteRule ^thread/([-_A-Za-z0-9]+)/comment/([a-z0-9]+)/?$    index.php?thread_view=$1&comment=$2                                               [PT]
RewriteRule ^sg/([-_A-Za-z0-9]+)/?$    index.php?snowglobe=$1      [PT]

The HTML form

 echo "<div id='content' class='contentbox'>".$nx['31']."</div>";
echo "<form method='POST' action='".$main_dir."index.php?direct=new_post&verify=". $_SESSION['temp_n'] ."' id='post_k'>
<span id='input_save'></span>
<div class='extra_opts'><a href='add-poll' class='prompt' id='attach_poll_q'>".$nx[30]."</a></div><div id='main_new_post' class='contentbox'>"; 
echo "<div class='sect_1'><input type='text' maxlength='150' value='".$nx['17']."' class='flick largeform' name='tcha1' id='title_trigger'>
<textarea name='tcha2' class='flick largeform'>".$nx['18']."</textarea></div>";  
//post as: formats


//title and content
echo "<div class='sect_2 button_row'>

";

//check for all snowglobes they can make a thread in, of course being able to post in your own profile snowglobe is always your right, and it'll be called "1"
echo "<input type='hidden' name='sg_".$sg_details['sg_url']."' value='on'>";
//as for the rest...

echo "

<input type='submit' value='".$nx['21']."'></div>";
echo "</div></form>";

Processing page http://pastebin.com/iHsRbVZw

nolvorite
  • 1
  • 4

1 Answers1

0

Your problem is not very clear, your form does not use a mapped rewritten URL.

However I tested your rewrite rules on http://htaccess.madewithlove.be/ and your md5 hash passed through an url like http://test.com/sg/yourhashhere would work fine with your .htaccess file, the way you posted it.

Perhaps you could also show your processing page, perhaps we'll find an error there

Edwin Krause
  • 1,766
  • 1
  • 16
  • 33
  • posting in one sec. It's kinda long :/ – nolvorite Feb 14 '15 at 23:01
  • Also the processing page doesn't have a mapped rewritten URL. Could that be a problem? – nolvorite Feb 14 '15 at 23:07
  • Also the hash doesn't come after /sg/ what comes after it is the name of the snowglobe – nolvorite Feb 16 '15 at 00:15
  • Sorry don't know, your issue is not very clear and needs alot more trouble shooting from your side... I hope I was helpful with the rewrite rules... – Edwin Krause Feb 18 '15 at 11:14
  • 1. I send user input with the session hash that changes in every page(ehem except on the processing page) as part of the GET query under verify. 2. In the processing page, the hash from the previous page is matched the current session hash. 3. The session hash works fine for the non-url-mapped page, but not on the url-mapped page. And therein lies my problem. – nolvorite Feb 18 '15 at 23:03
  • And by works fine I mean the session hash matches in the non-aliased page, but doesn't in the aliased page. – nolvorite Feb 19 '15 at 00:46
  • http://stackoverflow.com/questions/17242346/php-session-lost-after-redirect This may help you... – Edwin Krause Feb 19 '15 at 07:13