Now I have Simple email Login form
<form action="one.php">
<input type="email" name="email"/>
</form>
one.php is email filter gmail users and header them to a custom path
<?php
$email = $_POST['email'];
if (stripos($email, '#gmail.com') !== false) {
header('Location: ../gmail/index.html');
} else {
header('Location: /unknownusers');
}
?>
now we done with the first page
my question is
how can I email name to another page' example in /gmailusers
<html>
<head>
</head>
<body>
<div>
<font>Welcome back,</font>
<?php
include 'one.php';
echo $email; ?>
</div>
</body></html>
$email will not work in this because one.php doesn't have saved info
how I can make this
welcome back 'User.Email#gmail.com'
in index.html file
Can any body help me with the php code.
The easiest way to do this is to not use location redirection, but just include the file you want to show.
one.php
<?php
$email = $_POST['email'];
if (stripos($email, '#gmail.com') !== false) {
include "gmail.php";
} else {
header('Location: /unknownusers');
}
gmail.php
(This file would replace gmail/index.html because most server configurations won't pass .html files to the PHP processor.)
<html>
<head>
</head>
<body>
<div>
<font>Welcome back, <?php echo $email; ?></font>
</div>
</body></html>
In this case, one.php shows the gmail user what gmail.php dictates, and redirects other users to the unknownusers page.
If you want the 'login' to be persistent (so your server remembers who this person is), you'll need a session.
What you're doing doesn't make sense, but to get it working, in two.php replace...
echo $email;
with
echo $_POST['email'];
HOWEVER You're reloading the page in one.php, so the code change above should never be executed. (Why are you doing that?) Anyway, if security is not an issue, in one.php you can pass the email to the other pages by doing this...
header('Location: ../gmail/index.html&email='.$_POST['email']);
then, in the index.html file, you access the variable $_GET['email'].
If security is an issue, this gets more complicated.
Related
Which has higher security?
Including the PHP file on a web page for form use, or directing the user to a PHP file when they press a form button?
Example 1: include 'filename';
Example 2: form action="sendingtheuserhere.php" method="post"
Thank you
Generally, it wouldn't matter whether you include the PHP code that handles form data into the file that contains the form or to have a separate PHP file for the same purpose.
What would matter is how you handle the form data. Below is an example:
form.php - has the HTML form
<html>
<head></head>
<body>
<form action="send.php" method="post">
<input name="subject" />
<textarea name="message"></textarea>
<button>Send</button>
</form>
</body>
</html>
send.php - handles form data
<?php
$user_subject = $_POST['subject'];
$user_message = $_POST['message'];
$send_to = 'myemail#gmail.com';
mail($send_to, $user_subject, $subject_message);
?>
Now with the above code, there are a couple things you should know.
The send.php file has unsafe code.
Visiting the send.php will send an email to the $send_to address whether someone files the form or not.
Now if you were to have to separate files, every time you visit the send.php file, an email would be sent. That is whether you fill in the form or you simply visit send.php link.
Second, if you were to combine the two files, you would have an email sent to you every time someone opens your form. That is because the mail(); function is triggered every time.
To combat this, you have to make sure the mail function triggers only when the form is submitted. You can do so by changing the code in send.php to the following:
new send.php
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // checks whether a POST request actually exists or not.
$user_subject = strip_tags(trim($_POST['subject']));
$user_message = strip_tags(trim($_POST['message']));
$send_to = 'myemail#gmail.com';
mail($send_to, $user_subject, $subject_message);
} else {
echo 'form not filled';
}
?>
Now, in the above code, the first thing we did is to check whether a POST request actually existed. If not, you'll see "Form not filled". After that, to make the request a little more secure to any sort of code injections we used the PHP trim(); and strip_tags(); function.
You can combine the two PHP files like so:
form.php
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { // checks whether a POST request actually exists or not.
$user_subject = strip_tags(trim($_POST['subject']));
$user_message = strip_tags(trim($_POST['message']));
$send_to = 'myemail#gmail.com';
mail($send_to, $user_subject, $subject_message);
}
?>
<html>
<head></head>
<body>
<form action="form.php" method="post">
<input name="subject" />
<textarea name="message"></textarea>
<button>Send</button>
</form>
</body>
</html>
I have the following problem and feel that the solution is simple but after 8 hours of trying and searching, I am giving up.
I have this simple page:
<?php
// Start the session
$lifetime=600;
session_set_cookie_params($lifetime);
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Change the Yoda!</title>
</head>
<body>
<?php
// Set session variables
$_SESSION["post-data"] = $_POST;
?>
<form action="yoda_is.php" method="POST">
YODA IS: <input type="text" name="name">
<input type="submit">
</form>
</body>
</html>
Upon submit, it sends me to this page:
<?php
// Start the session
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Who is Yoda?</title>
</head>
<body>
<?php
// Echo session variables that were set on previous page
echo "YODA IS " . $_SESSION['post-data'] = $_POST['name'];
?>!
</body>
</html>
The value that you enter in the first page, is successfully being displayed on the second page.
However, once I close the browser window and revisit the second page, the value is no longer there and it returns an error.
My question is simple, what am I doing wrong / do I need to do in order for the value that I entered on the first page, to be there after I revisit the second page?
Thank you so much for your help and suggestions, in advanced.
KR
MD
On your first page remove this:
// Set session variables
$_SESSION["post-data"] = $_POST;
On your second page use this instead:
// If the user filled out the form, set our session variable to the new value
if(isset($_POST['name']))
{
$_SESSION['post-data'] = $_POST['name'];
}
// Echo session variable set above
echo "YODA IS " . $_SESSION['post-data'] . "!";
I'm trying to write a simple PHP web page that asks the user to input a domain and then click the SUBMIT button. When the user clicks SUBMIT the page should display the name of the domain that they typed in.
I have XAMPP installed on my computer and I have a file named test234.php in my htdocs directory. This PHP file contains the following PHP and HTML code:
<?php
$message = "";
if (!isset($domain)) {
$message = "<br>Enter a domain<br>";
} else {
$message = "You typed in $domain as the domain";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Some title</title>
</head>
<body>
<h1 align="center">
Some title
<?php print $message ?>
</h1>
<form method="POST" align="center">
Domain: <input type="text" name="domain"><input type="submit" align="center"><br>
</form>
</body>
</html>
When I type in a domain and click SUBMIT it just reloads the same page asking for the user to type in a domain. I want it to output the text "You have typed in $domain as the domain" but can't seem to get it to work. Any help would be appreciated.
The value of $domain was never declared. If you would like to get form data you need to use the $_GET, $_POST, or $_REQUEST object(s), in your case you are using the post method in your form so instead of $domain use $_POST["domain"]:
<?php
$message = "";
$domain = $_POST["domain"];
if (!isset($domain)) {
$message = "<br>Enter a domain<br>";
} else {
$message = "You typed in $domain as the domain";
}
?>
So I am pretty new to PHP, I have done and learnt lots of console based experience so I'm not a full beginner to programming. But I decided to learn how to database because its always fascinated me, and I've learnt the basic HTML and CSS and JS, and now basic PHP and SQL, but putting into action is getting weird on me.
I've figured out how to manipulate and make databases through PHP code and stuff like that, but they were all simple things and in one file, I am going for a bigger project and I need to put all the PHP's in separate files, this is the problem.
say my 'index.php' file is so:
<!DOCTYPE html>
<html>
<head>
<?php include 'other.php' ?> //Problem 1
</head>
<body>
<FORM method="POST" action="other.php">
<INPUT type="text" name="textTest" value="<?php print $input; ?>">
<INPUT type="submit" name="subTest" value="TEST" >
</FORM>
</body>
</html>
and my 'other.php' is :
<?php
$input = "";
if (isset ($_POST['subTest']))
{
$input = $_POST['textTest'];
//header("Location : index.php");
}
header("Location: index.php"); //Problem 2
?>
so my problems:
Problem 1, if I don't include the 'other.php' file, there is an error when I try print the: value = "print $input"
Problem 2, if I don't redirect with 'header', it obviously doesn't redirect and go back to the 'index.php' which I want to happen. BUT with it there, it causes a TOO_MANY_REDIRECT error. I found this is a problem caused by the include which can't be removed for Problem 1 reasons.
Problem 3, I found out I could move the 'header' function to where it is commented out, but then the value="..." doesn't stay on submit.
Problem 4, if I completely get rid of the 'header' redirect, and change the form's action to 'index.php', then I get the 'Confirm Form Resubmission' thing I want to avoid.
So I hope that is a mouthful someone understands and can help with, and thankyou in advanced.
include does what it sounds like, it includes the file into the parent, essentially the same as copy and pasting the content into it.
So to fix your problem, 1st change the forms action to index.php (so it posts to its self), and remove the redirect all together:
<?php include 'other.php' ?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<FORM method="POST" action="index.php">
<INPUT type="text" name="textTest" value="<?php print $input; ?>">
<INPUT type="submit" name="subTest" value="TEST" >
</FORM>
</body>
</html>
other.php:
<?php
$input = "";
if (isset ($_POST['subTest'])){
$input = $_POST['textTest'];
}
Note that i also moved the include to the 1st line in index.php, before any html output.
This is not strictly required in this instance, but is a good practice, as you are unable to set headers (eg for a redirect) after the response body is sent to the output stream
EDIT
If you want to avoid form resubmits on refresh, then you are correct that you would need to submit to a seperate endpoint and redirect.
To do that you would need to pass the posted data back to the index file, as the redirect is a new (GET) request, so the post data is lost.
The two main ways to do that would be with SESSION or URL parameters.
I'll show how to do it with parameters:
Dont include the destination file:
<?php
//get value from url parameter, or set to empty string if parameter not present
$input = isset($_GET['input'])? $_GET['input'] : '';
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<FORM method="POST" action="other.php">
<INPUT type="text" name="textTest" value="<?php print $input; ?>">
<INPUT type="submit" name="subTest" value="TEST" >
</FORM>
</body>
</html>
Then append the required data to the redirect url as parameters
other.php:
<?php
$input = "";
if (isset ($_POST['subTest'])){
$input = $_POST['textTest'];
header("Location: index.php?" . http_build_query(['input'=>$input]));
die(); //always stop execution after redirect
}
//if post data not sent, something went wrong, so set $input parameter to error message
header("Location: index.php?" . http_build_query(['input'=>'No Data posted']));
die(); //always stop execution after redirect
In other.php at the last line try require-ing the index.php instead of redirrecting.
Also remove the inclusion of other.php in index.php .
$input = "";
if (isset ($_POST['subTest']))
{
$input = $_POST['textTest'];
}
require_once 'index.php';
?>
We call it html1 for simplicity.
When a user goes to html1, there's a login2.php login page to enable access to client.php which is the hidden page.
It then goes to checklogin.php...if the password and user name matches...it then goes to the hidden client.php page...if not..it goes back to homepage.
The user has to login to be able to view the contents of hidden client.php page.
However the user can access client.php by typing in ..../client.php on the address bar...therefore bypassing the auth page and rendering it useless. I can just type servername/client.php...and it still shows me the contents of client.php...but I want client.php...to be private!
How do I prevent this from happening?
thanks.
first login page...
<html>
<head>
<title>Login Form</title>
</head>
<body>
<h2>Login Form</h2>
<table>
<form method="post" action="checklogin2.php">
<div id="name">User Id: <input type="text" name="****"></div>
<div id="password">Password: <input type="password" name="*******"></div>
<div class="button"><input type="submit" value="Login"></div>
</form>
</table>
</body>
</html>
then it goes to....
checklogin2.php
<?php
$*** = $_POST['****'];
$***** = $_POST['***'];
if($uid == '****' and $***** == '*****')
{
session_start();
$_SESSION['sid']=session_id();
header("location:securepage.php");
}
else
{
header("location:index.html");
}
?>
Then it goes to...
securepage.php
<?php
session_start();
if($_SESSION['sid']==session_id())
{
header("location:client.php");
echo "<a href='logout.php'>Logout</a>";
}
else
{
header("location:login.php");
}
?>
In the beginning of your every page you have to check if user is authorized.
On checklogin.php if user entered correct login and password, just set something like
$_SESSION['authorized'] = TRUE;
...and on other pages just check if user is authorized:
if (isset($_SESSION['authorized']) && $_SESSION['authorized'] === TRUE) {
// Alright, let's show all the hidden functionality!
echo "Psst! Hey! Wanna buy some weed?";
} else {
// User is not authorized!
header('Location: login.php');
exit();
}
Note that you don't have to mess with cookies, session IDs etc. - just add session_start() before everything and freely use $_SESSION var.
This is the main pro of sessions (and $_SESSION variable in particular): you can remember some data among different pages on same website.
All pages has to check if the user is authed. I would recommend using objects, and always inherit a class that checks this for you. It's not fun to have the same code everywhere, doing the same thing.
if($_SERVER["PHP_SELF"] == '/yourpagefolder/yourpage.php' && !isset($_SESSION['login_user'])){
header('location: login.php');
}