How to shortcut execute php script without filling out form?

11/10/2007, 21h19

Ok so there is a website that has two input boxes inside a POST form
that uses the action="rcon.php"

here is the code for the form

<form method=POST action="/rcon.php">
<input size=25 type=text class="sm" name="addr">
<input size=20 type=text class="sm" name="rcon">
<input class="coolbuttonblue" type=submit value="Submit">
<input class="coolbutton" type=checkbox name="announceflag" value="1"
checked>

What I want to do is to be able to execute this script without having
to fill out the form every time. My ideal thought was to make a
shortcut to the URL http://whateversite.com/rcon.php?add...announceflag=1
and that way everytime i click the shortcut, it executes the script,
and passes it static data that I put in the shortcut, therefor I don't
have to fill out a form every time and click submit.

This is not my website I am dealing with, it is a public site that
uses a form that has the code above. So why can't I just pass the
data through the address bar? Is there some security in place that
might prevent url passing of variables?

If I can't do that, would writing a script that uses sockets be able
to accomplish this somehow? Or is it somehow not possible without
using their html form

11/10/2007, 22h25

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

worktech@gmail.com wrote:
> This is not my website I am dealing with, it is a public site that
> uses a form that has the code above. So why can't I just pass the
> data through the address bar? Is there some security in place that
> might prevent url passing of variables?

The problem arising from this is what could occur when someone bookmarks
or links to a URL with data in them. Every search engine that will find
the link will also execute the script and submit the data.

GET should always be used to _get_ data from a server, POST should always
be used to _modify_ data on a server and HEAD should always be used to
_retrieve headers_ from a server.

> If I can't do that, would writing a script that uses sockets be able
> to accomplish this somehow?

Sure it is. Read up on the HTTP specs. After all, your browser uses
sockets to send the data to the server.

> Or is it somehow not possible without
> using their html form

A HTML form simply describes what data the browser should allow a user to
submit.

- --
Brendan Gillatt
brendan {at} brendangillatt {dot} co {dot} uk
http://www.brendangillatt.co.uk
PGP Key: http://pgp.mit.edu:11371/pks/lookup?...rch=0xBACD7433
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFHDpS3kA9dCbrNdDMRAtKaAKCkJj1Tf004ECPugEavPP SIHjTKaACgg/Zf
pJPbJQfMTE9tI2fYG07n3Zo=
=+3CE
-----END PGP SIGNATURE-----

12/10/2007, 18h42

worktech@gmail.com wrote:

> This is not my website I am dealing with, it is a public site that
> uses a form that has the code above. So why can't I just pass the
> data through the address bar? Is there some security in place that
> might prevent url passing of variables?

No, it's just coded in a way it doesn't react to the variables you pass
in the $_GET array, but only in the $_POST array.

There is a small work around, but it has nothing to do with PHP. At
least, not as you describe it.

> If I can't do that, would writing a script that uses sockets be able
> to accomplish this somehow? Or is it somehow not possible without
> using their html form

Woah, hold your horses !

You don't need to use sockets to do this. If you want to retrieve data
with your PHP server, then a little bit of cURL and it will all be over.

On the other hand, from what you've explained, I understood that it's
just *you*, client side who wants to get to a page that needs a form to
post a bit of information.

Create an html file with this code in it:

<html>
<head>
<script type="text/javascript">
function sendData ()
{
var form = document.getElementById ("theForm");
form.submit ();
}
</script>
</head>
<body onload="javascript:sendData ()">
<form id="theForm" method=POST
action="http://whateversite.com/rcon.php">
<input type="hidden" name="addr" value="ADDRESSVALUE" />
<input type="hidden" name="rcon" value="RCONVALUE" />
<input type="hidden" name="announceflag" value="1" />
</form>
</body>
</html>

(You will need to replace 3 values: the address of the server, and the
values of "addr" and "rcon")

When you load this page, it will automagically submit the form to the
server, and should get you where you want.

Of course, this only works if there are no involved (in which
case you will have to identify against the server before executing this
page, within the same browser).

If I misread your post, please correct me.

HTH,

S.

11/10/2007, 21h19	#1
worktech@gmail.com Messages: n/a Hébergeur:	How to shortcut execute php script without filling out form? Ok so there is a website that has two input boxes inside a POST form that uses the action="rcon.php" here is the code for the form <form method=POST action="/rcon.php"> <input size=25 type=text class="sm" name="addr"> <input size=20 type=text class="sm" name="rcon"> <input class="coolbuttonblue" type=submit value="Submit"> <input class="coolbutton" type=checkbox name="announceflag" value="1" checked> What I want to do is to be able to execute this script without having to fill out the form every time. My ideal thought was to make a shortcut to the URL http://whateversite.com/rcon.php?add...announceflag=1 and that way everytime i click the shortcut, it executes the script, and passes it static data that I put in the shortcut, therefor I don't have to fill out a form every time and click submit. This is not my website I am dealing with, it is a public site that uses a form that has the code above. So why can't I just pass the data through the address bar? Is there some security in place that might prevent url passing of variables? If I can't do that, would writing a script that uses sockets be able to accomplish this somehow? Or is it somehow not possible without using their html form

11/10/2007, 22h25	#2
Brendan Gillatt Messages: n/a Hébergeur:	Re: How to shortcut execute php script without filling out form? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 worktech@gmail.com wrote: > This is not my website I am dealing with, it is a public site that > uses a form that has the code above. So why can't I just pass the > data through the address bar? Is there some security in place that > might prevent url passing of variables? The problem arising from this is what could occur when someone bookmarks or links to a URL with data in them. Every search engine that will find the link will also execute the script and submit the data. GET should always be used to _get_ data from a server, POST should always be used to _modify_ data on a server and HEAD should always be used to _retrieve headers_ from a server. > If I can't do that, would writing a script that uses sockets be able > to accomplish this somehow? Sure it is. Read up on the HTTP specs. After all, your browser uses sockets to send the data to the server. > Or is it somehow not possible without > using their html form A HTML form simply describes what data the browser should allow a user to submit. - -- Brendan Gillatt brendan {at} brendangillatt {dot} co {dot} uk http://www.brendangillatt.co.uk PGP Key: http://pgp.mit.edu:11371/pks/lookup?...rch=0xBACD7433 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFHDpS3kA9dCbrNdDMRAtKaAKCkJj1Tf004ECPugEavPP SIHjTKaACgg/Zf pJPbJQfMTE9tI2fYG07n3Zo= =+3CE -----END PGP SIGNATURE-----

12/10/2007, 18h42	#3
Sebastiaan 'CrashandDie' Lauwers Messages: n/a Hébergeur:	Re: How to shortcut execute php script without filling out form? worktech@gmail.com wrote: > This is not my website I am dealing with, it is a public site that > uses a form that has the code above. So why can't I just pass the > data through the address bar? Is there some security in place that > might prevent url passing of variables? No, it's just coded in a way it doesn't react to the variables you pass in the $_GET array, but only in the $_POST array. There is a small work around, but it has nothing to do with PHP. At least, not as you describe it. > If I can't do that, would writing a script that uses sockets be able > to accomplish this somehow? Or is it somehow not possible without > using their html form Woah, hold your horses ! You don't need to use sockets to do this. If you want to retrieve data with your PHP server, then a little bit of cURL and it will all be over. On the other hand, from what you've explained, I understood that it's just you, client side who wants to get to a page that needs a form to post a bit of information. Create an html file with this code in it: <html> <head> <script type="text/javascript"> function sendData () { var form = document.getElementById ("theForm"); form.submit (); } </script> </head> <body onload="javascript:sendData ()"> <form id="theForm" method=POST action="http://whateversite.com/rcon.php"> <input type="hidden" name="addr" value="ADDRESSVALUE" /> <input type="hidden" name="rcon" value="RCONVALUE" /> <input type="hidden" name="announceflag" value="1" /> </form> </body> </html> (You will need to replace 3 values: the address of the server, and the values of "addr" and "rcon") When you load this page, it will automagically submit the form to the server, and should get you where you want. Of course, this only works if there are no involved (in which case you will have to identify against the server before executing this page, within the same browser). If I misread your post, please correct me. HTH, S.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email