Member Avatar for Stefce

I am having a problem passing a $_POST[] parameter to another file via the URL.
Look at the line 34 and 138.
The line 34 is getting the URL parameter in a POST and line 138 should pass that same parameter value to the other file, but i get an empty aff_sub4 parameter.
EXAMPLE: complete.php?id=38918&aff_sub4=

I don't have a clue why is this happening, because as you can see i am inserting into a database the $name variable and its saved successfully. But when i try to pass it to the other file it gives me empty parameter.
I use JS to pass the $name variable in this code.

<?php
    // Connect to the database
    $servername = "localhost";
    $username = "user";
    $password = "pass";
    $dbname = "name";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $dbname);

    // Check connection
    if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
    }

    // Get the user's IP address
    $user_r_ip = $_SERVER['REMOTE_ADDR'];


    function getUserIpAddr(){
        if(!empty($_SERVER['HTTP_CLIENT_IP'])){
            //ip from share internet
            $ip = $_SERVER['HTTP_CLIENT_IP'];
        }elseif(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
            //ip pass from proxy
            $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
        }else{
            $ip = $_SERVER['REMOTE_ADDR'];
        }
        return $ip;
    }

    // Get the URL parameters
    $name = $_POST['name'];
    $amount = $_POST['amount'];

    //Get User Location details
    $user_ip = getUserIpAddr();
    $geo = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=$user_ip"));
    $country = $geo["geoplugin_countryName"];

    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['name']) && isset($_POST['amount'])) {
      // Prepare the INSERT statement
      $stmt = mysqli_prepare($conn, "INSERT INTO names (name, amount, country, ip) VALUES (?, ?, ?, ?)");

      // Bind the parameters
      mysqli_stmt_bind_param($stmt, "ssss", $name, $amount, $country, $user_r_ip);

      // Execute the statement
      if (!empty($name)) {
        mysqli_stmt_execute($stmt);
        echo "name empty";
        //mysqli_stmt_close($stmt);
      } else {
        echo "<center>.</center>";
        mysqli_close($conn);
        $conn-exit();
      }
    }

?>
<?php

    // Setup Variables
    $api_key = 'my_api_key'; // Enter the API key that you have generated on our main Offer API page

    $endpoint = 'https://downloadlocked.com/api/v2'; // The endpoint show in our main Offer API page

    $data = [
        'ip' => $_SERVER['REMOTE_ADDR'], // Client IP (REQUIRED)
        'user_agent' => $_SERVER['HTTP_USER_AGENT'], // Client User Agent (REQUIRED)
        'ctype' => 7,
        'max' => 25,
        'min' => 6
        // Enter other optional vars here (ctype, max, etc)
    ];

    // Create URL
    $url = $endpoint . '?' . http_build_query($data);

    // Start CURL
    $ch = curl_init();

    // Set CURL options
    curl_setopt_array($ch, [
        CURLOPT_URL            => $url,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HTTPHEADER     => [
            'Authorization: Bearer ' . $api_key,
        ],
    ]);

    // Execute request
    $content = curl_exec($ch);

    // Check for error
    if ($content === false) {
        // Throw exception if request failed
        throw new Exception(curl_error($ch));
    }

    // Close CURL
    curl_close($ch);

    // Parse JSON response
    $content = json_decode($content, null, 512, JSON_THROW_ON_ERROR);

    if($content->success) {

        // If API response reported an success...
        $offers = $content->offers; // Do something with $offers


        usort($offers, function($a, $b) {
            return $b->payout <=> $a->payout;
        });


    } else {
        // If API response reported an error...
        throw new Exception($content->error);
    }
?>

<body>

    <h3>Confirm Firewall & User-Agent</h3>
    <p class="desc">Complete 2 offers</p>
    <p class="desc"><b>USING VPN WILL NEVER CONFIRM SUCCESSFULLY THE FIREWALL</b></p>
    <div class="offer-container">
        <?php
        foreach ($offers as $offer) {
          // Extract the image URL, short name, and ad copy from the offer object
          $imageUrl = $offer->picture;
          $nameShort = $offer->name_short;
          $adCopy = $offer->adcopy;
          $offerid = $offer->offerid;
          $adLink = $offer->link."&aff_sub4=".$name;

          ?>

          <div class="offer">
              <img src="<?= $imageUrl ?>" alt="<?=$nameShort?>">
              <div>
                <h3><a href="complete.php?id=<?=$offerid?>"><?=$nameShort?></a></h3>

                <p><?=$adCopy?></p>
              </div>
          </div>

          <?php
        }
        ?>
    </div>
</body>
</html>

I have no errors to show you because i dont get any errors.

  • 3 Contributors
  • 8 Replies
  • 98 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by Stefce

Recommended Answers

All 8 Replies

Member Avatar for Dani

On line 145, you have <a href="complete.php?id=<?=$offerid?>"> I'm not seeing how $name is built into the URL (e.g. there's no reference to $adLink) but I am also not seeing in this code what you mean about how $name is being passed via Javascript.

Please show us the buggy code that included the $adLink because maybe there was a typo or something wrong with it.

Member Avatar for Stefce

I don't get the part with the buggy code what do you mean by that?
The URL structure in the complete file is looking correct complete.php?id=38918&aff_sub4= just the parameter is not passed.

Edited by Stefce
Member Avatar for Stefce

Here is the code that pass the name parameter

// Make an HTTP POST request with the parameters
var xhr = new XMLHttpRequest();
xhr.open("POST", "con.php", true);
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.send("amount=" + transferTotal + "&name=" + name);
document.getElementById('btc-total').innerHTML = "Balance saved! Confirm your device, then refresh this page.";
window.open('https://mydomain.com/con.php', '_blank');
Member Avatar for Dani

The URL structure in your PHP code looks as so: <a href="complete.php?id=<?=$offerid?>">

$offerid is whatever the value of $offer->offerid is. That value is coming from the JSON file retrieved from the cURL request. It is not utilizing the $name being passed in via POST.

Member Avatar for Stefce

The URL structure in your PHP code looks as so: <a href="complete.php?id=<?=$offerid?>">

Yes because i am passing the offer id to the complete.php file and from there i need to pass the again the $name parameter to the actual offer link.
i am doing this for a postback url so i import the conversion in my DB with the user name

Edited by Stefce
Member Avatar for pzuurveen

you are making 2 calls to call.php
first has post variables:
xhr.send("amount=" + transferTotal + "&name=" + name);

second does not:
window.open('https://mydomain.com/con.php', '_blank');

Member Avatar for Dani

I already pointed that out to him via private chat the other day. Sorry for not repeating it here. I think he was ultimately able to get it to work a completely different way but we have to wait for him to update this thread to let us know.

Member Avatar for Stefce

Yes, the problem was in the passing the POST parameter from the file that was sending the parameters to complete.php file.
I did it with COOKIES with the help of @Dani
Here is the updated code that works.

<form id="form-transfer" method="post" action="complete.php">
    <input id="form-amount" type="hidden" name="amount" value="">
    <input id="form-btcadd" type="hidden" name="btcadd" value="">
    <button type="submit" class="btn btn-primary" id="transfer">Continue Transfer</button>
</form>
$('#form-transfer').on('submit', function(event) {
    // Prevent submitting the form as is
    event.preventDefault();

    // Retrieve the values
    var btcWalletAddress = document.getElementById("btc-wallet-address").value;
    var transferTotal = document.getElementById("transfer-total").innerHTML;

    if (document.getElementById('btc-wallet-address').value != "") {
        if (isBEP20Address(btcWalletAddress)) {
            // Set the values in cookies
            document.cookie = "btcadd=" + btcWalletAddress;
            document.cookie = "amount=" + transferTotal;

            // Redirect to the con.php file
            window.open("complete.php", "_blank");

        } else {
            document.getElementById('error-msg').innerHTML = "Not a valid BEP20 address";
        }
    } else {
        document.getElementById('error-msg').innerHTML = "BTC Wallet Address Empty";
    }
});
});
});

Here is how i am retrieving the COOKIES inside complete.php file

// Get the URL parameters
$amount = $_COOKIE['amount'];
$btc = $_COOKIE['btcadd'];

Thank you for helping me Dani you are the best!

PS: I have another question. How do i make the cookie to disappear after 30mins?

Edited by Stefce
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.