Request form and POST in a single go? - php

Please excuse the poor title.
I am a total beginner and don't know the right terms to make it better.
I am trying to POST form data using PHP.
My problem is that before i POST the form data i need to get a value from the form, that is changing each time i request the page.
Please notice the second input, the value is auto generated and is a random number each time i request the form.
Here is my form.php:
<?php
if(!isset($_REQUEST['submit_btn'])){
echo '
<form action="'.$_SERVER['PHP_SELF'].'" method="POST">
<input type="text" name="user_name" id="user_name">
<input type="hidden" name="a_random_password" value="'.(rand(10,100)).'">
<input type="submit" value="submit" name="submit_btn">
</form>';
}
if(isset($_REQUEST['submit_btn']))
{
$user_name= $_POST["user_name"];
$a_random_password = $_POST["a_random_password"];
echo "Your User Name is:". $user_name;
echo "<br> and your Password is : $a_random_password;
}
?>
And my post.php
<?php
$url = "http://test.com/form.php";
$data = array(
'user_name' => 'John',
'a_random_password' => 'xxx',
'submit' => 'submit'
);
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
if ($result === FALSE) { echo "Error"; }
var_dump($result);
?>
So how do i get the a_random_password value and submit it along with the form in a single request, else the password wont fit with the user name.


Sup, what you wanna do is impossible using PHP in that way, cause the only job PHP has is to render your content on server side. To listen to the client side you'll need to use javascript.
let randomPassword = document.getElementById('a_randow_password')
let name = document.getElementById('name')
let password = document.getElementById('password')
name.onkeyup = function(){
password.value = randomPassword.value + name.value
}
<input type="text" id="name" name="user_name" placeholder="name"><br />
<input type="hidden" name="a_random_password" id="a_randow_password" value="xxx">
<input type="text" id="password" placeholder="password"><br />


Not sure exactly what you trying to achieve, but if You want to interrupt a request (and modify|use it) from HTML to PHP, You need AJAX request (JavaScript).

Related

Why is my Recaptcha failing upon submission?

I spent a day getting Recaptcha to work on a site I created. We had to move the site to another hosting company recently. Now it constantly fails when the form is submitted.
I created a new set of keys and still nothing. I can't find any definitive support for this issue.
Could it be a PHP or server setting?
Any help would be greatly appreciated. Even if it's just a way to get some data upon failure.
I'm using a demo form I found for testing purposes. It's the second demo I've tried and they both failed on submission.
The Form
<html>
<head>
<title>Google recapcha demo - Codeforgeek</title>
<script src='https://www.google.com/recaptcha/api.js' async defer></script>
</head>
<body>
<h1>Google reCAPTHA Demo</h1>
<form action="captcha-php.php" method="post" enctype="multipart/form-data">
<input name="sender_name" placeholder="Your Name..."/>
<input name="sender_email" placeholder="Your email..."/>
<textarea placeholder="Your Message..." name="sender_message"></textarea>
<div class="captcha_wrapper">
<div class="g-recaptcha" data-sitekey="6LdMl0saAAAAAI4PyxOt24481BPzmzTmiU2GGhR6"></div>
</div>
<button type="submit" id="send_message">Send Message!</button>
</form>
</body>
</html>
captcha-php.php
<?php
$sender_name = stripslashes($_POST["sender_name"]);
$sender_email = stripslashes($_POST["sender_email"]);
$sender_message = stripslashes($_POST["sender_message"]);
$response = $_POST["g-recaptcha-response"];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => 'I have entered the secret key here',
'response' => $_POST["g-recaptcha-response"]
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
if ($captcha_success->success==false) {
echo "<p>You are a bot! Go away!</p>";
} else if ($captcha_success->success==true) {
echo "<p>You are not not a bot!</p>";
}
?>

Url from form using php

I am trying to create a link to include variables from a form.
The script below works put only includes the first variable:
http://example.com/abc.php?id=2
I want it to send:
http://example.com/abc.php?id=2&name=zac
PHP code shown below:
$base = 'http://example.com/abc.php';
$id=$_GET['ID'];
$name=$_GET['Name'];
$data = array(
'id' => $id,
'name' => $name,
);
$url = $base . '?' . http_build_query($data);
header("Location: $url");
exit;

You could make your life a bit easier by just sending the form via $_GET and it will redirect to the URL like you're wanting. Here's an example:
<form action="http://example.com/abc.php" method="GET">
<input type="text" name="ID" />
<input type="text" name="Name" />
</form>
This would send the user to: http://example.com/abc.php?ID=id_value&Name=name_value
Note: This will send all form variables with a value set.

CodeIgniter not receiving POST data

I already have a Codeigniter based RESTful api service which performs basic CRUD operations to the mySQL database. And now I'm trying to make a control panel with angularJS and Restangular.
I make a POST request like this:
HTML:
<form ng-submit="addUser()">
<input type="text" name="name" ng-model="newUser.name" placeholder="Enter Your Name" />
<input type="text" name="fact" ng-model="newUser.fact" placeholder="Enter A Fact" />
<input class="pure-button" type="submit" value="Send" />
</form>
JS:
$scope.addUser = function ()
{
var newuser = $scope.newUser;
Restangular.one("user").post(newuser).then(function(data) {
console.log(data);
})
}
PHP (Using Codeigniter's inpu class):
$data = array(
'name' => $this->input->post('name'),
'fact' => $this->input->post('fact')
);
And then it writes $data array to the database. But in database, values are always 0, which means the $data['name'] and $data['fact'] are empty.
I think i should handle the data in a diffrent way in PHP but how can i do that? Or what is the type of POSTed data?

try
$data = file_get_contents("php://input");
$data = json_decode($data,true);
:)

get action to happen, only when submit button is pressed

i have some code that will post to the users wall, however, at the minute it will post when the page is loaded, i need it to post only when the 'post to my wall button is submitted.
here is my code:
<div align="center">
<form method="GET" action="translate.php">
<textarea name="status2" cols="50" rows="5"<input type="text"/>
<?php echo str_ireplace(array ('old','awkward','all','again','behind','along','alright','hello','among','children','yes','child','kids','food','barnard castle','beer','book','blow','beautiful','bird','burst','brown','burn','boots'),
array ('auld', 'aakwad', 'aall','agyen','ahint','alang','alreet','alreet','amang','bairns','aye','bairn','bairns','bait','barney','beor','beuk','blaa','bonny','bord','borst','broon','bourn','byeuts'),$status); ?>
</textarea><br>
<input type="submit" value="post to wall"
// i did try my wall code here but it still posted on page load
/>
</form>
</div>
<?php
$args = array(
'message' => 'Hello World',
'link' => 'http://apps.facebook.com/geordie-status/',
'caption' => 'Translate from English to Geordie'
);
$post_id = $facebook->api("/$uid/feed", "post", $args);
?>

Add name attribute to your input tag. and use isset for check if the user pressed the submit button.
<input type="submit" value="post to wall" name="submit"
// i did try my wall code here but it still posted on page load
/>
</form>
</div>
<?php
if (isset($_POST['submit'])){
$args = array(
'message' => 'Hello World',
'link' => 'http://apps.facebook.com/geordie-status/',
'caption' => 'Translate from English to Geordie'
);
$post_id = $facebook->api("/$uid/feed", "post", $args);
}
?>

You should put the code for the posting to the wall inside translate.php since that is the page listed in the form action. When the form gets submitted, values will be passed as parameters to translate.php then you can use $_GET to fetch them and execute the code that writes to the wall.

I think your problem is that your browser re-sends data each time the page is reloaded.
There are 2 approaches:
Redirect user to the same page, so sent data will be cleared (header("Location: asd"))
Store some hash in session, make a hidden input and check whether the hash is right. Change the hash when the form is correctly submitted.

Sanitize input before executing at server in php

I want to let user input two variable, Name and Password in a form. I want to disable any XSS or script insert in the input values. I have the following code in the form method:
<form name="form1" method="post" action="checkpw.php">
Your Name:
<table>
<tr><td><input class="text" name="name" onBlur="capitalize(this);" maxlength=12 type="text" /></td></tr>
</table>
Password:
<table>
<tr><td><input class="text" name="passwd" maxlength=8 type="password" /></td></tr>
<tr><td align="center"><br/>
<input class="text" type="submit" name="submitbt" value="Login" />
</td></tr>
</table>
and the following checkpw.php:
<?php
// Clean up the input values
$post = filter_input_array(INPUT_POST, array(
'name' => FILTER_SANITIZE_STRING,
'pw' => FILTER_SANITIZE_STRING,
));
if (is_null($post) || in_array(null, $post)) {
header("location:login.php");
return; // missing fields (or failed filter)
}
// pw is the password sent from the form
$pw=$_POST['passwd'];
$name=$_POST['name'];
if($pw == 'testpass'){
header("location:index.php");
} else {
header("location:wrong.php");
}
?>
Is this a secure way to ensure the form is sent to the server and executed ONLY after the input values have been sanitized?
Also, the $name value i want to pass it to index.php file. I insert a code in the index.php as follow:
<?php echo $name ?>
But it's empty. Any idea how to resolve it?

You are issuing a header( .. ), that means that you are redirecting to another page and start all over.
You have 3 options:
put your $name in the session.
pass the $name in the header function, like header("location: index.php?name=$name");
do not redirect, but include the php file. In that case you do not need a session at all. Will be faster also, because you do not need a round trip to the browser.
As for sanitizing, for a start it will do. It depents what you later on will do with the data. I would suggest, if putting the data in a database to look in more detail what to do.

The magic_quotes_gpc should be disabled on most servers by now; however, do read this article to see other ways of disabling them.
Furthermore, you can use filter_input_array() (PHP >= 5.2) for this purpose:
$post = filter_input_array(INPUT_POST, array(
'name' => FILTER_SANITIZE_STRING,
'pw' => FILTER_SANITIZE_STRING,
));
if (is_null($post) || in_array(null, $post)) {
return; // missing fields (or failed filter)
}
// you can safely use $post['name'] and $post['pw'] here

Categories