1

I need to post a username and a password, to a server to validate it, then return a true or false. This is fully working on my local machine, but when I try it on the production server, it is not receiveing the POST values (it is returning the "noPOST" back to the c# code).

C# code:

            string username = "user@xyz.com";
            string password = "pass";
            string urlAddress = "https://server/validate.php";

            using (WebClient client = new WebClient())
            {
                NameValueCollection postData = new NameValueCollection();

                postData.Add("username",username);
                postData.Add("password",password);
                    
                string ret = Encoding.UTF8.GetString(client.UploadValues(urlAddress, postData));
                Console.WriteLine(ret);
            }

PHP Code:

if (isset($_POST['username']) && isset($_POST['password'])) {
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    $check = "CALL validate('$username');";
    $res = mysqli_query($conn,$check);
    $row = mysqli_fetch_assoc($res);
    $pass = $row['password'];
    if (password_verify($password, $pass)) {
        echo("true");
    }else{
        echo("false");
    }
}else{
    echo("noPOST");
}

[EDITED]

C#:

            var client = new HttpClient();
            client.BaseAddress = new Uri("https://productionserverdomain.xy");
            var request = new HttpRequestMessage(HttpMethod.Post, "/sync.php");

            var requestContent = string.Format("site={0}&username={1}&password={2}", Uri.EscapeDataString("https://productionserverdomain.xy"),
                Uri.EscapeDataString(username), Uri.EscapeDataString(password));
            request.Content = new StringContent(requestContent, Encoding.UTF8, "application/x-www-form-urlencoded");

            var response = await client.SendAsync(request);

            var res = response.Content.ReadAsStringAsync();

PHP Code:

if (isset($_POST['username']) && isset($_POST['password'])) {
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    $check = "CALL validate('$username');";
    $res = mysqli_query($conn,$check);
    $row = mysqli_fetch_assoc($res)
    $pass = $row['password'];

    if (password_verify($password, $pass)) {
        http_response_code(200);
    }else{
        http_response_code(401);
    }
}else{
    echo("noPOST");
}
Xabah
  • 41
  • 7
  • Please share us a shot of error – Amir Mar 29 '21 at 20:23
  • There is no specific error, when I wrote "err", I meant `echo("err");` this. So this is the string returned to c#. I edited it, so it is not confusing anymore, or at least I hope. – Xabah Mar 29 '21 at 20:25

1 Answers1

1

You may have two issues:

1- Something related to proxy or reverse proxy, redirector in front of your PHP service in your production environment.

2- Type of sending the request, Solution: Use HttpClient and check these steps for more details.

Amir
  • 1,214
  • 7
  • 10
  • How can I see the returned values? I have to POST to PHP than get values back from PHP – Xabah Mar 29 '21 at 20:40
  • In the ResponseMessage, there is a Content property that has an extension method named: ReadAsStringAsync(). You can see the response message using this method as String. – Amir Mar 29 '21 at 20:43
  • But your solution is not the best practice. Try returning different status Codes like 200 and 401 in the response like this: https://stackoverflow.com/questions/3258634/php-how-to-send-http-response-code Not true or false :| – Amir Mar 29 '21 at 20:45
  • Thanks, I can see the result now, but it is still not working on the production server – Xabah Mar 29 '21 at 20:50
  • I have edited the post. New code is in the **[EDITED]** section – Xabah Mar 29 '21 at 21:14
  • use FormUrlEncodedContent in the link I've sent – Amir Mar 29 '21 at 21:19
  • It is still returning that "noPOST" string. So it is still not working. – Xabah Mar 29 '21 at 21:24
  • Does your production environment have any proxy in the front ? – Amir Mar 29 '21 at 21:27
  • Or something like reverse proxy, or WAF? – Amir Mar 29 '21 at 21:28
  • I don't know the anwser for those two questions. I will ask them as soon as possible. – Xabah Mar 29 '21 at 21:34
  • Ok I, got it working. So in the .htaccess file I have a rewrite engine turned on, so SSL is forced. Now I have turned it off just to see if it is working. And it is. But imo it is not a good solution to leave it turned off, or is there a workaround? – Xabah Mar 29 '21 at 21:38
  • Do you have a rewrite from http to https ? – Amir Mar 29 '21 at 21:44
  • Yes, I rewrite from http to https. – Xabah Mar 29 '21 at 21:45
  • So if you send your request with https protocol in your codes, there will be no rewrite. Have you tested this ? – Amir Mar 29 '21 at 21:46
  • Yes, and it is working that way. But I also have a website running, and it needs the https, to be safe. – Xabah Mar 29 '21 at 21:54
  • Keep your website safe with https, and Send your requests in https protocol in your c# codes. I guess all things will be ok, am I correct? – Amir Mar 29 '21 at 21:56
  • Yes you are. And now I have tested the website and somehow it is defaulting to HTTPS, so I don't even need the rewrite – Xabah Mar 29 '21 at 21:58
  • Any time <3. I have edited the answer based on our converstions. I will be glad to mark my answer as correct. Regards – Amir Mar 29 '21 at 22:03
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/230517/discussion-between-amir-and-xabah). – Amir Mar 29 '21 at 22:05