0

Since setting up a redirect in .htaccess I have achieved my goal of forcing WWW. and removing all .php extensions. However I don't think the use of https is working as my $_post is now null on submitting my form. Please help.

UPDATE -- HTTPS I think is ok. I remove the last two rows of my .htaccess code dealing with removing of php extensions and my form works again. So the questions is now, how do I remove the php extensions on the website without losing my $_POST data. -- UPDATE

I've tried switching between %{SERVER_PORT} 80 and %{HTTPS} !on in my .htaccess

Here is my .htaccess code:

DirectoryIndex index.php
Options +FollowSymlinks
RewriteEngine on
Rewritecond %{HTTP_HOST} ^example.co.uk [NC]
#Tried using... Rewritecond  %{SERVER_PORT} 80
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://www.example.co.uk/$1 [L,R=301,NC]
# This hides the php extensions
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R,L,NC]

Here is my form mark up:

<form autocomplete="off" name="productRequest" enctype="multipart/form-data" action="<?php echo "..".$_SERVER['PHP_SELF']."?item=".$item."&amp;design=".$design."&amp;option=".$option."&amp;add=Y"; ?>" method="POST">

Note I have tried https://www.example.co.uk.$_SERVER['PHP_SELF'] too

When the form calls itself I have:

$item = $_GET['item'];
$design = $_GET['design'];
$option = $_GET['option'];
$add = $_GET['add'];

if(!isset($item))
    {
    header('Location: ../index.php');
    exit;
    }
else if($add=='Y')
    {
    print_r($_POST);
    exit;
    }

I just get: Array ()

Paul
  • 11
  • 2
  • Do you actually __call__ your php script using https? If not, the Cross-Origin-Policy might be in your way. – Psi Feb 02 '19 at 10:29
  • Can you post your full form html? – Second2None Feb 02 '19 at 10:32
  • Here is the form button, the type is changed to 'submit' if everything is entered and this is working as I can see in the web inspector that it's changing and the page is called as I see the results of the print_r($_post)
    – Paul Feb 02 '19 at 10:37
  • Use a `
    ` `action` URL that does not need to be redirected! If you want to remove .php etc from the URL, write an `action` URL that does not contain .php to begin with. No redirect, no problem.
     – deceze Feb 02 '19 at 12:32
  • I'm using a
    action which has .php but the last two lines of the site wide redirect in the .htaccess file is causing issues.
     – Paul Feb 02 '19 at 12:46
  • Yeah, exactly, that’s the issue. Use an `action` which doesn’t need to be redirected because it’s already the URL you desire. – deceze Feb 02 '19 at 17:13
  • Yes the problem now is how do I visibly remove the php extensions throughout the site in such a way that the for action https://www.example.com/pagewithform.php isn't touched. – Paul Feb 02 '19 at 17:19
  • `action="/pagewithform"`. Boom, done. – deceze Feb 02 '19 at 17:23
  • Apologies deceze I stupidly assumed that the action would need the .php extension in order for it to no the page. Hence all working now! – Paul Feb 02 '19 at 19:03

1 Answers1

1

POST data is not resend after redirect. This is a wanted feature to enable a redirect after computing the post data (e.g. after file upload to show stats).

Solution: Change <form> to https.

Wiimm
  • 2,971
  • 1
  • 15
  • 25
  • as stated, I've changed the form action to: https: //www.example.co.uk.$_SERVER['PHP_SELF'] – Paul Feb 02 '19 at 10:31