rbtech Posted February 22, 2012 Share Posted February 22, 2012 Hello all, I am having a problem with a login form. Sometimes when the user initially submits the form the method is changed by the server from POST to GET and the form data is stripped out of the header. This only occurs with the page that is initially loaded when the user accesses the web portal URL. Does anyone have any ideas about what might be occurring to cause this? This web portal is used by a group of medical practices. I have a log that shows all logins/login attempts so that is how I know this is occurring. It seems to only occur on certain computers but I cannot confirm this as I am not onsite and the computers are behind routers so only two different IP addresses are captured in the log. Any help would be greatly appreciated. Best regards,rbtech Link to comment Share on other sites More sharing options...
niche Posted February 22, 2012 Share Posted February 22, 2012 Sounds like some kind of hack or virus. Try removing the offending computers from your net. Someone might be having fun with you. Else, post your code. This is interesting. Link to comment Share on other sites More sharing options...
rbtech Posted February 22, 2012 Author Share Posted February 22, 2012 Hello Niche,Thank you very much for responding. The network is not under my control so I can neither identify nor remove the offending computers. Also, I forgot to note that users access the web portal via SSL so I don't think hacking or a virus would be the culprit but then I don't know much about the capabilities of either when SSL is involved. Below is the page code with the portion containing the form. I included the header information and doc tag as I'm wondering if XHTML is an issue since, due to the "autocomplete" the page will not validate as XHTML. Do you think it would make a difference if I just used HTML? Also, you are likely unfamiliar with the action value; the web portal applicaion utilizes the built-in web server of 4th Dimension, an RDBMS-building application that is very powerful but not generally well-known. The action is calling a method that executes on the web server to handle validating the user. Thanks again! <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" ><head><title>Data Warehouse</title><meta http-equiv="expires" content="Mon, 31 Jan 2012 05:00:00 GMT" /><meta http-equiv="cache-control" content="no-cache" /><meta http-equiv="pragma" content="no-cache" /><meta http-equiv="content-type"content="text/html;charset=UTF-8" /><link href="style.css" rel="stylesheet" type="text/css" /></head><body><!--REMOVED STUFF HERE--><form action="/4dcgi/login" method="post" enctype="application/x-www-form-urlencoded" autocomplete="off"><table width="50%"><tr><td colspan="2"> </td></tr><tr><td>Database:</td><td><select name="vDBName"><option value="Prac1" selected="selected">Practice1</option><option value="Prac2">Practice2</option><option value="Prac3">Practice3</option></select></td></tr><tr><td>User Name: </td><td><input type="text" name="vUser" size="40" /></td></tr><tr><td>Password: </td><td><input type="password" name="vPassword" size="40" /></td></tr><tr><td colspan="2" align="center"><input type="submit" name="vSubmit" value="Log in" /></td></tr><tr><td colspan="2" align="center"><center><font color="red">Unauthorized use is prohibited.</font></center></td></tr></table></form><!--REMOVED STUFF HERE--></body></html> Link to comment Share on other sites More sharing options...
thescientist Posted February 22, 2012 Share Posted February 22, 2012 how do you know the method is changing from POST to GET? Do you have logging enabled? Are you using $_REQUEST instead of $_POST on the backend? Link to comment Share on other sites More sharing options...
niche Posted February 22, 2012 Share Posted February 22, 2012 Thanks for your last post the scientist. Didn't know about $_REQUEST. What do you mean "logging enabled"? Link to comment Share on other sites More sharing options...
rbtech Posted February 22, 2012 Author Share Posted February 22, 2012 how do you know the method is changing from POST to GET? Do you have logging enabled? Are you using $_REQUEST instead of $_POST on the backend? Hello thescientist,Thank you for your reply. I actually created my own log -- stored in the backend database -- to track each login and/or login attempt and to capture the http header. So I can see (in the header) whether the web request came into the server as "POST" or "GET". Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.