POST variables without forms?

iantresman

If I use <form .. method=post>, I can transfer some form field variables to a new page at a new domain.

Is there a way to do this without using <form> and Submit? I'd like to be able to click on a link, and have some values POSTed so that I can see them at the destination domain.

I don't want to use GET as I don't want the variables visible.

I don't want to modify the links as I have a lot of them.

I don't want to use Cookies as these can be blocked.

I chose POST as it is a superglobal variable.

stuartc1

what about javascript, is that an option you would use?

dkberman

I'm interesting in a similar solution, did you have any luck?

iantresman

Sorry no.

Regards,
Ian

edspace

I am having the same problem.

Right now I am using sessions. If the user has disabled cookies then u can always send the session id and it will still save the variables.

Another thing you can do is encode the variables and send them using GET in the url.

example.

$ip=bin2hex($REMOTE_ADDR);
echo "newpage.php?&ip=$ip";

That is going to send the ip in hex format. Which is something like 1254ee126432e665467e654654 so the user might look at it in the url but will have no idea what it is.

Then in newpage.php you can do this.

$ip2 = bin2hex($REMOTE_ADDR);

if ( $ip == $ip2 )
{
//user came from your site
}
else
{
//user did not come from your site
}

The script above is what i used for a while to stop other pages from leeching my files. It works great but the only problem is the damn proxy caches. The proxy caches would cache an old link with the wrong ip encoded.

Hope that helps.

DigitalExpl0it

<a href="page.php?varible=anythinghere">Link</a>

somthing like that???

thats just sending a varible over the url string

edspace

Yes but i was changing the variable to hex first. If I wanted to send 60.80.157.2 in hex it would be something like 12635e15497e476e16763

Unless you can read hex i dont think you would even know what the hex code stands for.

trex005

fairly simple 🙂 make a form
have all the varibles of the hidden type and in the link submit the form eg
<FORM NAME='the_form' METHOD=POST ACTION='http://the.other.domain.com/the.other.page.php'>
<INPUT TYPE=HIDDEN NAME='first_name' VALUE='$first_name'>
</FORM>
<A HREF='' ONCLICK='document.the_form.submit();return false'>

🙂

edspace

Nice idea trex. lol

With just a right click>>view source they would be able to see all that sensitive infromation you hide in the forms and with a page like mine that has 200 links in one page i dont think the browser will like to deal with 200 forms every time it loads the page. 🙂

iantresman

Thanks for the last couple of suggestions. I was trying to avoid encoding the variable data in the URL as it becomes visible at the destination Web site.

And the only problems with forms and a bit of Javascript is if someone has Javascript disabled.

It's a shame there isn't way to pre-stack the variables into the http headers and have it emulate a form POST.

My current solution is a variation on the URL encoding, but using the secondary domain, eg.

data.mydomain.com
moredata2.mydomain.com

etc

Ian

winterbeef

Hello,

Here is a nice example of POSTing using fsockopen().

Is this what you're looking for?

MrAlaska

Here's a few tools that might help also:
http://sourceforge.net/projects/snoopy/