Greetings to all members of the community! On certain occasions, while transferring a POST to a script, I observe a loss of data. In this particular case, we have a simplified code that includes 'ent/enter.php' through '$tab = 'sr';'.

Here is the enter.php code that contains a form with a hidden input named 'tab' among others. Upon submission, the form is directed to '../ent/do_enter.php' where the PHP code checks if 'tab' is present in $_POST or not. If it's not present, the log file records an error message and the user is redirected to the homepage.

Do you have any idea what could be causing this issue? Any suggestions would be much appreciated. Thank you for your time!

$tab = 'sr';
include 'ent/enter.php';
enter.php :

...
echo
  "<form class='form_enter' name='form1' method='post'
          action='../ent/do_enter.php' >
   ...
    echo  "<input name='tab' type='hidden'  value=".$tab.">
  ...
      <input id='w_h' name='w_h' type='hidden'  value=''>     
      <input type='submit' name='enter' id='enter' value=' Войти ' class='exit_but bg1'
      onclick='get_w_h()' style= 'width: fit-content;margin-left:10px;'></div>
 </form>";
do_enter:

...
if (!isset($_POST['tab'])){
   $smess = 'No tab-a! ';
   foreach($_POST as $key => $value){
     $smess .= ' '.$key.' - '.$value.', ';
   }
   put_error_log($mess);
   header("Location:/");
   exit;
   // Occasionally I find myself here. In this case, the entire $_POST is empty.
}

For instance, a GET request from an outside source or an empty POST request can trigger the loss of data. In certain instances, the post key "rattles" and sends data repeatedly. One possible solution could be to disable the button upon the first submission of data through blocking the post button on the "onclick".

To identify the root cause, it would help to log more information such as the request method, data in $_POST, $_SERVER, $_SESSION, etc. This way, it is easier to determine if it's a bot sending a form or a search robot accessing the page via a direct link. To prevent using the GET method to access do_enter.php, it is recommended to return a 405 error.

Based on the provided code, I assume that direct access to /ent/do_enter.php and /ent/enter.php may be possible, bypassing the main script.