I'm trying to bypass the .htaccess default username and password form with a customised form of my own.
I still want all passwords to be authenticated as .htpasswd file does.
My protected directory is members folder. I'm new to PHP so still trying to get my head around it.
I have checked some similar posts on this site and can't seem to get things working:
Replace Htaccess popup box with a html form?
How can I style a .htaccess password protection promp?
HTML:
<form action="<?=$PHP_SELF?>" method="post">
<div class="title">
<h2 class="section-title">Members Only Login</h2>
</div>
<div class="card_container">
<label for="user"><strong>Username</strong></label>
<input type="text" placeholder="Enter Username" name="user" required="">
<label for="pass"><strong>Password</strong></label>
<input type="password" placeholder="Enter Password" name="pass" required="">
<button type="submit">Login</button>
<label>
<input type="checkbox" checked="checked" name="remember"> Remember me
</label>
</div>
<div class="card_container" style="background-color:#f1f1f1">
<button type="button" class="cancelbtn">Cancel</button>
<span class="pass">Forgot password?</span>
</div>
</form>
PHP:
<?php
if (isset($_POST['done']))
{
$url = "ajayswebdesign.com.au/dromanaprobusclub/members/";
$site = "https://".$_)POST['user'].":".$_POST['pass']."#".$url;
header("Location: $site:);
}
?>
Related
I have a sample log in/log out module. It's inside a form that accesses a separate php file for verification and database access. I want to use sweetalert2 to display the success or denied modal. How can I do that?
HTML:
<div class="modal-body">
<div class="text-danger"><?php echo isset($_GET['error']) ? $_GET['error']: "" ?></div>
<form action="login.php" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="email">Email address</label>
<input type="email" class="form-control" name="email" placeholder="Enter email" required>
</div>
<div class="form-group">
<label for="password">Password</label>
<input type="password" class="form-control" name="password" placeholder="Password" required>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
<button type="submit" class="submit_btn btn btn-primary">Submit</button>
</div>
</form>
</div>
As you can see, it's accessing a separate php file. Don't worry about ^this modal, it can be closed. How do I replace this modal with another modal made of sweetalert2 when the php is in another file?
PHP: (login.php)
if (empty($email)) {
header("Location: index.php?error = You need to enter your email.");
} else if (empty($password)) {
header("Location: index.php?error = You need to enter your password.");
A sample of my php code. I know it's bad form to just...redirect like that, but the main problem here is how to pass that error into a sweetalert2. I've tried calling swwetalert2 inside the login.php file, but it doesn't work.
How do I get this cookies code to display properly? Both in Google Chrome and Firefox I get a dropdown suggestion from the browser. I would like to only have my own php "setcookie" to display.
PHP:
index.php:
<form action="index.php" method="POST">
<div class="row">
<div class="form-group">
<input type="email" class="form-control fill-bar" name="email" aria-describedby="emailHelp" placeholder="Email"
value="<?php
if(isset($_COOKIE["username"])) {
if(isset($_POST["email"])) {
echo($_POST["email"]);
}
} ?>" required>
</div>
<div class="form-group">
<input type="password" class="form-control fill-bar" id="passwd" name="password" placeholder="Password" value="<?php if(isset($_COOKIE["password"])) { echo $_COOKIE["password"]; } ?>" required>
</div>
<p><input type="checkbox" name="remember" class="mr-1">Remember Me</p>
Forgot your password?
<br><br><br>
<input type="submit" class="btn d-inline btn-primary register_button mr-3 w-100" id="login" name="login" value="Login">
<p class="text-center mt-3">No account yet? Register Here</p>
<br>
</div>
</div> <!-- end row -->
</form>
page-2.php: (inside if isset login button clicked)
if(!empty($_POST["remember"])) {
setcookie ("email",$_POST["email"],time()+ 3600);
setcookie ("password",$_POST["password"],time()+ 3600);
echo "Cookies Set Successfuly";
} else {
setcookie("email","");
setcookie("password","");
echo "Cookies Not Set";
}
Instead of my "setcookie", both Google and Firefox displayes these, I would like to have them not appear.
In your form, add the autocomplete attribute to your inputs and set it to off, like the following:
<form action="index.php" method="POST">
...
<div class="form-group">
<input type="password" class="form-control fill-bar" id="passwd" name="password" placeholder="Password" value="<?php if(isset($_COOKIE["password"])) { echo $_COOKIE["password"]; } ?>" autocomplete="off" required>
</div>
...
</form>
That should be enough to prevent autocomplete. However, browsers are not required to follow that attribute. You can check which browsers currently comply with the autocomplete attribute here. In the case of a browser not respecting the autocomplete attribute, you could try using methods to mangle the input names (such as jQuery plugins or by using PHP to generate random names and store those names in the user's session, and verify the form versus the session on submit).
I am making a registration form and have made some simple php to process the email as a test:
Hello <?php echo $_POST["email"]; ?>
I am using the post method, and although the atom editor was displaying the Hello, it doesn't display the email.
And in case anyone needs it, here is the html I am using:
<form action="welcome.php" method="post">
<div class="container">
<h1>Register</h1>
<p>Please fill in this form to create an account.</p>
<hr>
<label for="email"><b>Email</b></label>
<input type="text" placeholder="Enter Email" name="email" required>
<label for="psw"><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="psw"
required>
<label for="psw-repeat"><b>Repeat Password</b></label>
<input type="password" placeholder="Repeat Password" name="psw-
repeat"
required>
<hr>
<p>By creating an account you agree to our <a href="#">Terms &
Privacy</a>.</p>
<button type="submit" class="registerbtn">Register</button>
</div>
<div class="container signin">
<p>Already have an account? Sign in.</p>
</div>
</form>
this code works fine, please make sure you echoing Hello <?php echo $_POST["email"]; ?> in welcome.php
if yes make sure you have php installed.
There is no error. If you place the php code provided in above in welcome.php, and you fill the form, email is displayed properly after Hello. There migh
I have a website with two form authentication in different pages, have different input name and link to different pages . The problem is that when I save my authentication to a browser (chrome) of a form , the browser fill in the fields with the same data in the other form . How is it possible?
First form
<form action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="exampleInputEmail1">Email</label>
<input type="email" name="private_email" class="form-control" id="email1" value="" placeholder="Enter email" required>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="private_password" value="" id="password1" placeholder="Password" required>
</div>
<input type="submit" name="login" class="btn btn-default" value="Login">
</form>
Second Form (It is a form of a cms)
<form action="http://escuolainsieme.it/shop/login" method="post" id="login_form" class="box">
<h3 class="page-subheading">Sei già registrato?</h3>
<div class="form_content clearfix">
<div class="form-group form-ok">
<label for="email">Indirizzo email</label>
<input class="is_required validate account_input form-control" data-validate="isEmail" type="text" id="email" name="email" value="">
</div>
<div class="form-group">
<label for="passwd">Password</label>
<span><input class="is_required validate account_input form-control" type="password" data-validate="isPasswd" id="passwd" name="passwd" value=""></span>
</div>
<p class="lost_password form-group">Hai dimenticato la password?</p>
<p class="submit">
<input type="hidden" class="hidden" name="back" value="my-account"> <button type="submit" id="SubmitLogin" name="SubmitLogin" class="button btn btn-default button-medium">
<span>
<i class="icon-lock left"></i>
Entra
</span>
</button>
</p>
</div>
</form>
Login.php
<?php session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['private_login'])) {
if (empty($_POST['private_email']) || empty($_POST['private_password'])) {
$error = "<div class='alert alert-danger'>Compila tutti i campi</div>";
} else {
$email = mysqli_real_escape_string(conn(), $_POST['private_email']);
$password = mysqli_real_escape_string(conn(), $_POST['private_password']);
$cls_utente = new utente();
if ($cls_utente->check_user($email, $password) == 1) {
$_SESSION['login_user'] = $email; // Initializing Session
$_SESSION['is_logged'] = true;
} else {
$error .= "<div class='alert alert-danger'>Email o password errati</div>";
}
}}?>
You can try using autocomplete="false" or autocomplete="off" to disable it, not sure if it will work but give it a try.
As far as i am concerned it's not possible to make the browser 'realize' that they are different forms and they should not be auto-filled with the same data.
Have a look at these 2 answers, answer1 answer2 for more information how browser detects the forms.
You must add another one column in your user table, example if you add type column the value set default super admin,moderator, user. Now you can check the login authentication with this column.If user-name and password and type is equal redirect to particular page.so you can redirect different page depends upon the user type..
I'm a newbie programmer trying to utilize Twitter Bootstrap to build out a concept. I'm using PHP and assigning actions within HTML tags to POST data and essentially take a user through the navigation. This has been pretty straightforward when using forms: i.e. here is a snippet that does work. For example, for this snippet of HTML:
<form action="?viewnotes" method="post">
<input type="hidden" name="id" value="<?php htmlout($note['id']); ?>">
</form>
It successfully triggers the following if statement in my index.php:
if (isset($_GET['viewnotes']))
However, I'm trying to do the same thing in my registration page, using a Twitter Bootstrap class for buttons. Here is the HTML:
<a class="btn btn-primary btn-large" action="?register">Sign Up Free!»</a></p>
The PHP code is:
if (isset($_GET['register']))
{
include 'register.html.php';
}
Clicking on the Sign Up button is not invoking the PHP code. If I hard code the URL it works, but then I have a similar issue on the register.html.php page. HTML on the register page has:
<form class="form-horizontal" action="?storeuser" method="post">
<fieldset>
<legend>It's quick and easy...</legend>
<div class="control-group">
<label class="control-label">First Name</label>
<div class="controls">
<input type="text" name="fname" class="input-xlarge" id="fname">
</div>
</div>
<div class="control-group">
<label class="control-label" name="lname">Last Name</label>
<div class="controls">
<input type="text" name="lname" class="input-xlarge" id="lname">
</div>
</div>
<div class="control-group">
<label class="control-label" name="email">Email Address</label>
<div class="controls">
<input type="text" name="email" class="input-xlarge" id="email">
</div>
</div>
<div class="control-group">
<label class="control-label" name="password">Password</label>
<div class="controls">
<input type="password" name="password" class="input-xlarge" id="password">
</div>
</div>
</fieldset>
<button type="submit" name="action" class="btn btn-primary btn-large">Complete Registration</button>
</form>
However, when clicking on the button, the index file does not trigger the following, which would store the fields into the DB.
if (isset($_GET['storeuser']))
If I hardcode the URL to register.html.php, then the resulting URL looks like localhost/register.html.php?storeuser instead of localhost/?storeuser. I'm not sure if that's affecting the behavior here.
Thank you for the help!
I think you're approaching this the wrong way, and it's not Twitter Bootstrap's fault.
Usually, you'd use POST, not GET, to handle user registrations. Your form would look like this:
<form action="register.php" method="post">
<!-- your form -->
<fieldset>
<input type="submit" name="register" value="Register" class="btn btn-primary" />
</fieldset>
</form>
You can then build register.php as follows:
<?php
if (isset($_POST['register'])) {
// handle user registration
}
// display form
?>
This will display the form when the user visits register.php, but will try and process the user registration first if the form's been POSTed.
try passing a value with your GET variable
<form action="?viewnotes=1" method="post">