i am making a "login and signup form" actions for my file. i searched about this many times but i cant find the answer and most of the topics are about sql which i don't use for these files.
im looking for a answer without include, sql, or session in my files
here's my codes
html:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Gleacc</title>
<!-- Load external CSS styles -->
<link rel="stylesheet" href="styles.css">
</head>
<body>
<h1>Gleacc GG</h1>
<br>
<form action="data/signedup.php" method="get">
<label for="usn">
<input placeholder="Username" name="usn" required>
</label>
<br>
<label for="psw">
<input placeholder="Password" name="psw" required>
</label>
<br>
<input type="submit" value="Submit">
</form>
<!-- Load external JavaScript -->
<script src="scripts.js"></script>
</body>
</html>
signuped. php:
<?php
$psw = $_GET['psw'];
$usn = $_GET['usn'];
echo "<form action="data/logined.php" method="post"><input placeholder="Username" name="usn" required><br><input placeholder="Password" name="psw" required><br><input type="submit" value="Submit"></form>";
?>
logined.php: none since we cant compair the input because we cant get the $usn and $psw from signuped.php
I think you are being silly.
Are the users signing up every time they are on the website? If not, then you need to save their username and password in some sort of database.
Any other method used in signuped is exposing data that you shouldn't be exposing.
Here is one way to do what you want and make it a tad secure.
<?php
$psw = encrypt($_POST['psw']);
$usn = encrypt($_POST['usn']);
echo "<form action='data/logined.php' method='post'>
<input placeholder='Username' name='usn' required><br>
<input placeholder='Password' name='psw' required><br>
<input class='hidden' value='$usn' name='encusn'><br>
<input class='hidden' value='$psw' name='encpsw'><br>
<input type='submit' value='Submit'></form>";
?>
Where you use CSS to hide the two inputs. Be warned that it is not hard to expose them in the browser by anyone with even a little knowledge of CSS.
In your logined file you encrypt the entered values and compare them with encrypted values from the hidden inputs. I wouldn't use a two-way algorithm and try to decrypt the encrypted values.
first make sure that signuped.php is placed inside the folder data which placed same level as the html file.
then change the action in the html file from get to post and try var_dump($_POST) to see if the inputs has been submited.
Related
Hey i'm having a problem where I cannot seem to get the value of an input using PHP, I have a form in HTML and another file named "handle.php" which i prints the value of username but when I submit It directs me to the file "handle.php" and does not print anything, just shows the script.
I tried doing the script inside the HTML but I got the same result, nothing happened so I thought maybe I need to make a function and then call it onclick but it didn't do anything eventually I made a separate file named "handle.php" and in the form I did "action="handle.php" which lead to the first problem.
HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title> Hide/Show Password Login Form</title>
<meta name="viewport" content="initial-scale=1.0, width=device-width" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="./style.css">
</head>
<body>
<div class="login_form">
<section class="login-wrapper">
<div class="logo">
<img src="logo.png" alt=""></a>
</div>
<form id="login" method="post" action="handle.php">
<label for="username">User Name</label>
<input required name="login[username]" type="text" autocapitalize="off" autocorrect="off" />
<label for="password">Password</label>
<input class="password" required name="login[password]" type="password" />
<div class="hide-show">
<span>Show</span>
</div>
<button type="submit">Sign In</button>
</form>
</section>
</div>
</body>
</html>
handle.php:
<?php
echo $_POST['login[username]'];
?>
By using this name="login[password]" you can get the values in PHP as:
print($_POST['login']['password']);
One more solution, store input array in a variable like:
$post = $_POST['login'];
then, use like:
echo $post['password']
$_POST['login']; will return a php array with all keys you used in your form. So you get the username key of this array like this:
echo $_POST['login']['username'];
first try to print only $_POST then you see what is you get in request.
always help to you for following this method. debug step by step then get the data into array.
<?php
$request=$_POST['login'];
echo $request["username"];
echo $request["password"];
?>
Replace textbox name as username in html code and Change php code as echo $_POST['username']; in handle.php
In Html code,
<input required name="username" type="text" autocapitalize="off" autocorrect="off" />
In php code( handle.php),
echo $_POST['username'];
I've written some html code, and once i tried to place some PHP inside it, anything below this sign ?> wouldn't appear!!! I have some pictures and text that wouldn't appear unless I place it above. I'm writing with Bootstrap 2.3 and phpMyAdmin 4.10. all languages. Thank you for your time in advance.
here is my code so far:
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassowrd" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassowrd" placeholder="Your password">
<input class = "btn btn-default" type="submit" value="Sign in">
</form>
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
header("location:index.php");
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
?>
</div>
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
</body>
</html>
A few things have already been outlined (as answers) that do make sense, however I spotted a few typos in your inputs that will prevent your form from working, plus a few other points.
Here are a few of my recommendations:
First, this (in 2 instances) has a typo in it name="usrPassowrd" which should read as name="usrPassword" to go with your existing $password = $_POST['usrPassword'];
As I stated in my original comments:
Comment #1: die("cannot go empty"); header("location:index.php"); exit; Your header won't do anything, because it DIE()'d and that will cease to go any further.
Comment #2: What I suspect is going on is, because you've got your entire code inside one big clump, and that if certain conditions aren't met... it still wants to keep going. Now, I suggest that you put a conditional statement wrapped around your PHP....
such as if(isset($_POST['submit'])){ // PHP } then add this to your submit button name="submit" --- I also suggest you split up your form and your PHP/SQL altogether and make it submit to another page instead, with the same conditional statement I've already outlined.
If you absolutely want to execute everything in one page, try the following:
Note: I borrowed the img src from user3009875's answer also.
(Rewrite)
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="bootstrap/css/bootstrap.css">
<link type="text/css" rel="stylesheet" href="bootstrap/css/myStyle.css">
<title>OJRA - Registration</title>
</head>
<body>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username</h6>
<input type="text" name="username" placeholder="Your Username">
<h6>Password</h6>
<input type="password" name="usrPassword" placeholder="Your password">
<h6>Email</h6>
<input type="email" name="usrEmail" placeholder="Your Email"><br>
<input class = "btn btn-default" type="submit" value = "Register">
</form>
</div>
<div style="width:400px; height:400px; border-radius:5px; background-color:#aaa; margin-left:100px;">
<form action="" method="post" style="margin-left:20px;">
<h6>Username:</h6> <input type="text" name="username" placeholder="Your username">
<h6>Password:</h6> <input type="password" name="usrPassword" placeholder="Your password">
<input class = "btn btn-default" name="submit" type="submit" value="Sign in">
</form>
<?php
// this below, will prevent a premature execution of code
if(isset($_POST['submit'])){
define('INCLUDE_CHECK',true);
require 'connect.php';
$username = $_POST['username'];
if($username == "")
{
die("cannot go empty");
// header("location:index.php"); // commented out
exit;
}
$password = $_POST['usrPassword'];
$email = $_POST['usrEmail'];
$query = "insert into tz_members values('$username', '$password', '$email')";
mysql_query($query) or die(mysql_error());
} // end brace for if(isset($_POST['submit']))
?>
</div>
<!-- commented out original img src -->
<!--
<img src="sexymotivation.jpg" style="margin-top:-800px; margin-right:10px;" class="pull-right">
-->
<!-- new img src by user3009875 in an answer given -->
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
</body>
</html>
You can't use header() there to perform a redirection because you've already outputted some HTML and PHP has flushed HTTP headers.
The reason that <img> disappeared is probably that you called die(). This function terminates the whole page at once.
If you see cannot go empty, you should check the form to make sure you posted username field. If you see some error message about MYSQL, it is mysql_query($query) that fails.
By the way, your code has a SQL Injection problem.
IT doesn't load below ?> because script fails. This is common behaviour when there is a bug.
Check tail -f /var/log/apache2/error.log on linux (terminal)
Check tail -f /var/log/apache2/error_log on max (terminal)
windows -> I have no idea... somewhere in C:\\
At this point:
die("cannot go empty");
you stop the script. The following PHP code will not be executed and the HTML will not be sent to the user.
It's possible that there is an error when executing your PHP code, that would prevent it from going through the rest of the file.
Using your browser's Developer Tools, check the contents of the HTML that was returned, it's possible that the last line could be an error message. If you have erorr_reporting off then it would write to your error log only.
/var/log/apache2/error.log is a common location for the error log file if you are using Apache on a Linux machine.
As a side note, that code you have is very dangerous, do not use data sent from the client directly in a SQL statement, you need to sanitize otherwise you make your web app vulnerable to SQL injection.
Consider using a prepared statement
http://php.net/manual/en/pdo.prepare.php
Try:
<img src="sexymotivation.jpg" style="margin-top:100px; margin-right:10px;" class="pull-right">
I think setting the top margin to -800px will cause it to disappear from the screen.
Also, make sure your image is of .jpg.
I am new to web designing. Now, I have created a form, and if the user input doesn't meet the requirements I display error message, and if it does I do some mysql commands to enter the info to the database. Now one way to do this is to code the php file into the html and use this command,<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> like described [here][1]
But I don't want to put the script in the same file. How do I do that in another php file such that if user input is invalid, it will return to the homepage with the error message updated?
Here is my code
<!DOCTYPE html>
<head>
<link rel="stylesheet" type="text/css" href="register.css">
</head>
<h1>Register as A new user</h1>
<div id="signup">
<form id="registration_form" action="registration.php" method="post">
<p>
<label>Name</label>
<input type="text" name="name"/>
<span class="errorMessage"></span>
</p>
<p>
<label>Email</label>
<input type="text" name="email"/>
<span class="errorMessage"></span>
</p>
<p>
<label>Password</label>
<input type="password" name="passwd"/>
<span class="errorMessage"></span>
</p>
<p>
<label>Repeat Password</label>
<input type="password" name="repasswd"/>
<span class="errorMessage"></span>
</p>
<input type="submit" class="button" value="sign up"/>
</form>
</div>
What should be in the registration.php? Like the link, I do everything, I set a flag to the error, Now if the flag is true I return the user to the homepage with the error messages, and if false, I show a message saying registration successful. How do I do the part,"return to homepage with the appended error message"?
All your validation and bulletproofing should be in the registration.php
stuff like this:
//both parameters are required, so make sure they were passed-in
if(!isset($_GET['name'])) {
die('Must pass \'name\');
//both parameters are required, so make sure they were passed-in
if(!isset($_GET['email'])) {
die('Must pass \'email\');
}
if(!isset($_GET['passwd'])) {
die('Must pass \'password\');
} else {
//do cool stuff here
}
Don't forget your JS validation as well for the front end. I really hope this helps and gives you a bit of direction.
put your validation codes in "validate.php" or any file name you like
then change the action to validate.php to
then in validate.php if validation matches the requirements.
header("Location: registration.php");
if not match
header("Location: back to the httml with form.php");
You can learn form validation here : http://allitstuff.com/registration-form-in-php-with-validation/
when the user input a name to a form. how to display the name to another webpage?
so i have 2 webpage here it is
webpage 1:
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div>
</html>
webpage 2 :
<html>
<body>
<p> echo 'welcome! $_POST
</html>
huhuhu so whats next ? :( im kinda new to php please be gentle guys tnx
As an addition to the already existing answers: One very important thing to keep in mind is protection against Cross Site Scripting attacks. You must assume "All Input Is Evil!". Users might not only enter their name or something like that but also JavaScripts (XSS or even persistent XSS, if you save the inputs) or parts of SQL querys to perform an SQL injection.
Let's say your script accepts a variable called txtname from GET or POST (this is what $_REQUEST means). And you have this code:
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
One could build a link like this:
http://yourhost/yourscript.php?txtname=<script%20type="text/javascript">alert("This%20might%20also%20be%20an%20evil%20script!");</script>
Then one uses a URL shortening service to build a harmless looking link redirecting to the attacker's URL above, e.g.
http://short.xy/dfudf7
which will redirect the user to the evil JavaScript link above. Then your website will execute any JavaScript or embedd evil iframes or whatever an attacker wants. Your users / customers will only see your website in the address bar and will think all that comes from you although a hacker added malicious parts to the site they view.
Therefore, whenever you output something that comes directly or indirectly from a user input (regardless whether read by $_REQUEST or fetched from a database), you have to make sure, HTML special chars like < and > don't work any more! php offers the function htmlspecialchars to escape these dangerous characters. Then they are displayed just as text and do not function as HTML/JavaScript.
By the way, this is not a protection against SQL injections. If you plan to use a database later, you will also have to look for that. Also in this area there are functions to "demine" a user input before passing it to a database.
You are missing to close <form> tag, missing to add submit button, I have fixed your form and it should be like...
webpage.html
<form action="lol.php" method="post">
<div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" />
<input type="submit">
</div>
</form>
lol.php
<?php echo "Welcome!" .$_POST['txtname']; ?>
NOTE
You can also use $_REQUEST to print name..
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
Page : 1
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div></form>
</html>
Page : 2
<?php
echo "Welcome ".$_POST['txtname'];
?>
You are missing to close <form> tag, missing to add submit button
webpage.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>webpage</title>
</head>
<body>
<form action="lol.php" method="post" name="form" id="form">
<div id="name">
<label for="txtname">name: </label>
<br/>
<input type="text" name="txtname" id="txtname" />
<input type="submit" name="submit" id="submit" value="Submit">
</div>
</form>
</body>
</html>
lol.php
<?php
if((isset($_REQUEST['submit']) && trim($_REQUEST['submit']) =='Submit'))
{
$txtname = addslashes(trim($_REQUEST['txtname']));
echo "Welcome ".$txtname;
}
?>
I'm building my first PHP website (attempting to, anyway!), and I'm trying to create a contact form whose contents are submitted to me via email. I've got the email part down, but I'm having trouble getting the form ("contact.php") to accept data. It automatically refreshes as soon as I type a character in any field. Here's the relevant code:
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
This works fine when tested independent from the rest of the site. However, here's the context:
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php include 'header.php'; ?>
<?php
$id = $_GET['id'];
switch($id)
{
case 'main':
include 'storeinfo.php';
break;
case 'shop':
include 'inventory.php';
break;
case 'cart':
include 'cart.php';
break;
case 'contact':
include 'contact.php';
break;
default:
include 'error.php';
}
?>
<?php include 'footer.php'; ?>
</body>
</html>
"contact.php" works fine when displayed as a separate page, but won't accept any input when accessed as an include file. If I try to enter data in any of the fields, the page immediately refreshes after I type the first character, and the data is lost.
If anyone could point me in the right direction, I would really appreciate it!
EDIT
Disabling Javascript didn't work. I cleared my cache and restarted my browser (Firefox) just to be sure. While I'm working on that voodoo priest, here's the page source for index.php?id=contact:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Main</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div>
<p><img src='headerimg.png' class='header'/></p><a href='index.php?id=main'>
<img src='mainbutton.png' class='nav1'</a><a href='index.php?id=shop'>
<img src='shopbutton.png' class='nav2'</a><a href='index.php?id=cart'>
<img src='cartbutton.png' class='nav2'</a><a href='index.php?id=contact'>
<img src='contactbutton.png' class='nav2'</a>
</div>
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
<div id = "footer">
<p>©2012</p>
</div>
</body>
</html>
It sounds like a Javascript-related problem.
Check and make sure you're not including any scripts which try to autocomplete, as being misconfigured might cause it to send a request upon key up which would cause the behavior you're mentioning.
An easy way to test this is to disable JavaScript in your browser and see if the issue continues. If it does, it means you have ghosts in your computer and should see a voodoo priest. If the issue doesn't persist, it means it's an issue with some JavaScript on your site.
Posting some contents of header.php will help, as well. OR, you could simply post the complete HTML page source once - that is, visit your index.php?id=contact page, hit view source, and show that here.