I have created a page linked to my databases so I can easly manipulate it
so , should I put this page on the public_html directory or there is some securised directory ?
There isn't any "securised directory" on your web server accessible only by you from your browser, you have to create an user/login system to access to the admin page you created.
There are many ways to do it, the simplest but also the less secure is to create 2 files:
index.php
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Sign in page</title>
</head>
<body>
<form action="validate_login.php" method="POST" name="loginform" novalidate>
<input type="text" name="users_email" placeholder="Username">
<input type="password" name="users_pass" placeholder="Password">
<input type="submit" value="Submit">
</form>
</body>
</html>
validate_login.php
<?php
// Get Username/Password submitted information
$email = $_POST["users_email"];
$pass = $_POST["users_pass"];
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Admin page</title>
</head>
<body>
<?php
if($email==USERNAME && $pass==PASSWORD) {
echo 'OK you are logged in';
//YOUR CONTENT HERE ....
} else {
echo '<p>Sorry, invalide username/password. Please try again.</p>';
};
?>
</body>
</html>
Change USERNAME and PASSWORD with your username and password.
Hoping to be helpful. :)
Related
I am new in using PHP - i am trying to get the data from data sent to the Apache server using $_POST - but i am getting nothing
below is the details
i am using XAMPP on Windows 7 for setup (Apache & PHP)
and I am having two files
welcome.html which is calling welcome.php to echo the contents got from the html
Note that I have nothing reported in Apache error log file
C:\xampp\apache\logs\error.log
any idea what went wrong here
<head>
<meta charset="utf-8"/>
</head>
<body>
<form action="welcome.php" method="post">
Name: <input type="text" name="name"><br>
<input type="submit">
</form>
</body>
and
welcome.php
<?php
error_reporting(E_ALL);
?>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
</head>
<body>
Welcome
<?php echo $_POST["name"]; ?><br>
</body>
for testing your php file. direct run this welcome.php from your localhost
like this http://localhost/welcome.php
<?php
echo 'Check your name';
?>
if you see "Check your name"; then your local server is working . else need to run local server
this is your html welcome.html file
<head>
<meta charset="utf-8"/>
</head>
<body>
<form action="welcome.php" method="post">
Name: <input type="text" name="name"><br>
<input type="submit">
</form>
then submit your form using name text
then check your code using
<?php
error_reporting(E_ALL);
print_r($_POST);
?>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
</head>
Welcome
everything work here
I am trying to create a very simple Control Panel for a web programming project, the "Show" function in my control panel works very well and shows all the elements by my Delete, Add and Update functions do not work at all.
Here's what I want to do with each function:
Add function -> I want to add an element to my database from the input elements
Delete function -> I want to delete the element that its ID is input by the user in the Control Panel
Update -> Using this function I want to change the Product Title of the selected Product.
These 3 functions don't work, when I input data in the webpage I see that nothing is added/altered to/in the tables.
Here's the code:
add.html
<title>Add</title>
</head>
<body>
<form action="add.php" method="post">
<font size="+2" color="#CC0033">ID</font><input type="text" name="ID" />
<font size="+2" color="#CC0033">Product Title</font><input type="text" name="ProductTitle" />
<font size="+2" color="#CC0033">Price</font><input type="text" name="Price" />
<font size="+2" color="#CC0033">Quantity</font><input type="text" name="Quantity" />
<input type="submit" value="Insert" />
</form>
</body>
</html>
add.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Done</title>
</head>
<body>
<?
$ID=$HTTP_POST_VARS["ID"];
$ProductTitle=$HTTP_POST_VARS["ProductTitle"];
$Price=$HTTP_POST_VARS["Price"];
$Quantity=$HTTP_POST_VARS["Quantity"];
$db=mysql_connect("localhost","root","");
if($db==false)
{
print "Error";
exit;
}
mysql_select_db("Computer");
$query=("insert into Products values('".$ID." ',' ".$ProductTitle."',' ".$Price."',' ".$Quantity."')");
mysql_query($query);
?>
</body>
</html>
delete.html
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
Enter the ID of the product that you wish to delete:
<form action="delete.php" method="post">
<input type="text" name="UserInput">
<br>
<input type="submit" value="Delete">
</form>
</body>
</html>
delete.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?
$UserInput=$HTTP_POST_VARS["UserInput"];
$db=mysql_pconnect("localhost","root","");
if(!db)
{
print "Error";
exit;
}
mysql_select_db("Computer");
$query=("delete from Products where ID=".'$UserInput');
mysql_query($query);
?>
</body>
</html>
update.html
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="update.php" method="post">
Product ID<input type="text" name="ProductID">
Product Name<input type="text" name="ProductTitle">
New Product Name<input type="text" name="NewProductTitle">
<br>
<input type="submit" value="Update">
</form>
</body>
</html>
update.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?
$ProductID=$HTTP_POST_VARS["ProductID"];
$ProductTitle=$HTTP_POST_VARS["ProductTitle"];
$NewProductTitle=$HTTP_POST_VARS["NewProductTitle"];
$db=mysql_pconnect("localhost","root","");
if(!$db)
{
echo "Error";
exit;
}
mysql_select_db("Computer");
$query=("update Products set ProductTitle='".$NewProductTitle. "' where ID=$ProductID");
mysql_query($query);
?>
</body>
</html>
firstly, good on you for trying to come up with a solution, however, as other commenters have said, you do have issues in your script. Firstly, I'd consider replacing $HTTP_POST_VARS["ID"]; with the $_POST global variable, and also running an if(isset()) to ensure all fields were set when the user submitted the form.
Secondly, you should consider using MySQLi or PDO for handling your database connection, as they can also provide validation and filtration to prevent injection attacks as Marc B mentioned. It's a good attempt if you are an absolute beginner and I feel if you stick at it you can progress further, and this community is great for getting answers and understanding where you have gone wrong. Hopefully this helps and good luck! :)
This is my coding for the search form:
<html>
<head>
<title>Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
<form action="https://excelforth.com/search1.php" method="GET">
<input type="text" name="query" />
<input type="submit" value="Search" />
</form>
</body>
</html>
The thing is , When I submit this form on my web page , It goes to the php Results page and displays the results. But the thing is that it is just a plain page with just the results displayed.
My search page :
www.mysite/test/certification-database-search/
The Php file is located in my webroot folder . I was told that for wordpress , the individual subpages cannot be edited .
How do I :
1.Display the results on the same page as the search page. Not a completely new page.
2.Retain the page layout and theme / headers/ footers of the page
3.If possible run the .php file in /certification-database-search/ and query it from there. instead of using the one in my webroot folder.
THANKS!!
Put your form and PHP in one page, PHP on top with HTML below, then use action=""
Use the variables from the inputs as $var=$_GET['var']; then echo $var;
Sidenote: If you want to stop a process, you can use die(); or exit();
You can put a message inside it; i.e.: die("Enter a search term");
A basic example:
<?php
if(isset($_GET['submit'])){
$query=$_GET['query'];
echo $query;
}
?>
<html>
<head>
<title>Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
<form action="" method="GET">
<input type="text" name="query" />
<input type="submit" name="submit" value="Search" />
</form>
</body>
</html>
An alternative, showing an error message if field is empty:
<?php
if(isset($_GET['submit'])){
if(empty($_GET['query'])){
echo "Enter a search term";
}
$query=$_GET['query'];
echo $query;
}
?>
<html>
<head>
<title>Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css"/>
</head>
<body>
<form action="" method="GET">
<input type="text" name="query" />
<input type="submit" name="submit" value="Search" />
</form>
</body>
</html>
I am looking for a way for a text field and submission button to take me to a new site, fill out a text input field and hit enter. The page I want to link to is Googles speed test. I know I can link to spped test results as well like this:
https://developers.google.com/speed/pagespeed/insights#url=http_3A_2F_2FYOURDOMAINHERE&mobile=false
but how can I have a customer fill out a "test my page" field on my site, hit submit, and it create a link to:
https://developers.google.com/speed/pagespeed/insights#url=http_3A_2F_2FYOURDOMAINHERE&mobile=false
with their field submission in the "YOURDOMAINHERE" area of the link. This seems linke not a huge task but i cannot wrap my head around it, php, javascript??? not sure. Any help would be greatly appreciated.
You can do something similar to this, although if Google catches you according to their TOC they *could* lock or ban your account:
<?php
if (!empty($_POST['url'])){
$url = preg_replace('!http[s]://!','',strip_tags($_POST['url']));
$url = preg_replace('![%]!','_',urlencode($url));
$newlink = "https://developers.google.com/speed/pagespeed/insights#url=$url&mobile=false";
$page = '<!doctype html>
<html lang="en">
<head>';
$page .= '<script type="text/javascript">
function replaceDoc()
{
window.location.replace("'.$newlink.'")
}
</script>';
$page .= '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Page for testing</title>
</head>
<body onload="replaceDoc()">
Test your page.
</body>
</html>
';
} else {
$page = '<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Page Checker</title>
</head>
<body>
<form method="post">
Enter your URL:<br />
<input name="url" type="text" style="width:50em;" />
<input type="submit" name="submit" value="Check your page" />
</form>
</body>
</html>';
}
echo $page;
?>
Be careful directly injecting headers:
<?php
if (!empty($_POST['url'])){
$url = preg_replace('!http[s]://!','',strip_tags($_POST['url']));
$url = preg_replace('![%]!','_',urlencode($url));
$newlink = "https://developers.google.com/speed/pagespeed/insights#url=$url&mobile=false";
header("Content-Type: application/x-www-form-urlencoded");
header("Referer: https://developers.google.com/speed/pagespeed/insights");
header("Location: $newlink");
} else {
$page = '<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Page Checker</title>
</head>
<body>
<form method="post">
Enter your URL:<br />
<input name="url" type="text" style="width:50em;" />
<input type="submit" name="submit" value="Check your page" />
</form>
</body>
</html>';
}
echo $page;
?>
make a submit.php
have the form submit to that script with the "DOMAIN NAME"
your php should look something like this..
$domainName = $_POST["domainname"];
$redirectURL = "https://developers.google.com/speed/pagespeed/insights#url=http_3A_2F_2F".$domainName."&mobile=false";
header('Location: $redirectURL');
That script should work havn't tested it but it'll give you an idea...
make sure you sanitize your inputs too... :) good luck
Hows about a simple str_replace? Something like:
<?php
$link = "https://developers.google.com/speed/pagespeed/insights#url=http_3A_2F_2FYOURDOMAINHERE&mobile=false";
$replace = "YOURDOMAINHERE";
if(isset($_POST['myDomain'])){
$newHeader = str_replace($replace, $_POST['myDomain'], $link);
header("Location: ".$newHeader);
}
?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>googleDomain</title>
</head>
<body>
<form action="domain.php" method="post">
<input type="text" name="myDomain" />
<input type="submit" />
</form>
</body>
</html>
I haven't tested this at all, but should be something pretty similar
This was my last attempt that I tried as a last effort:
index.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Customer Login</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="wrapper">
<div class="login">
<form name="loginForm" action="loginCheck.php" method="post">
<?php require("protect/serverInfo.php"); ?>
Email: <input type="text" name="Email" maxlength="35" /><br />
Password: <input type="text" name="Password" maxlength="4" /><br />
<input type="submit" name ="submit"/>
</form>
</div>
</div>
</body>
</html>
loginCheck.php
<?php
session_start();
$_SESSION['email'] = $_POST['Email'];
$_SESSION['password'] = $_POST['Password'];
require("protect/serverInfo.php");
$myusername=$_POST[Email];
$mypassword=$_POST[Password];
$result = mysql_query("SELECT * FROM Customers WHERE Email='$myusername' AND Password=$mypassword");
$count=mysql_num_rows($result);
if($count==1){
header('Location: customer.php');
exit();
}
else{
header('Location: index.php');
exit();
}
?>
customer.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
<?php
session_start();
$myusername = $_SESSION['email'];
$mypassword = $_SESSION['password'];
?>
</head>
<body>
<?php
echo"success";
?>
</body>
</html>
I just need a very simple way to have a form post, the post info to be checked if correct then redirect if correct and pass the post data with it. I have been trying to use sessions and redirects but it doesn't to work quite right. What is the easiest way to accomplish this. At the moment I have been using PHP to check the login info from a MySQL database.
You need to use "session_start()" before you do anything else on the page.
Other few things, I avoid storing passwords on a page.. it just seems like a security issue.
Your login form should generate $_SESSION data based on the mysql information returned from the queury, not the form information that the user submited. You need to check against your customers database, to make sure they are an actual customer.
Also, avoid using the "header()" function, especially when working with sessions. I typically have a "redirect" function in php that does something like this...
function redirect($url) {
echo "<script type='text'/javascript'>window.location='" . $url . "';</script>";
}