I am working on a registration system which comprises of 3 total steps.
Step 1 - user enters a username, system searches the database for the
username. IF the username is found, it checks the account status (ie:
no password created, complete but not verified, registered and
verified).
If user is not found, user is directed to Step 2.
If status = no password created, the user is directed to Step 3.
If status = complete but not verified / registered and verified, Display error message.
Step 2 - user enters personal details.
The page stores user inputs
Step 3 - user creates a password, the system connects to the database and INSERTs user info to the user table. A success message is
displayed.
I have managed to figure out and complete the coding for the first 2 steps, by displaying a new form when the previous form has been submitted.
Problem: However, I have just realised that I am unable to retrieve data from the previous form (ie: at step 3 I am unable to retrieve the Username from Step 1). I have tried using the 'header('location: ?user=$uname');' approach however this doest work because the URL gets reset when I submit the new form and I lose the username again. How do I create a proper multi-step form using ONLY PHP and how do I store the input values so I could use them at the last step. Below is my code:
<?php
include 'includes/session_info.php';
if(isset($_SESSION['user_id'])){
header('Location: index.php');
}
$errors = array();
if(empty($_POST['user_info']) === false){
require ('core/dbcon.php');
$usr_email = mysqli_real_escape_string($con, $_POST['email']);
$usr_joined = mysqli_real_escape_string($con, $_POST['joined']);
$usr_recruited = mysqli_real_escape_string($con, $_POST['recruited']);
if($usr_email){
//direct user to password form
}else{
$errors[] = 'Please complete all fields marked with a Red Asterisk.';
}
$form2 = $usr_email.'<br>'.$usr_joined.'<br>'.$usr_recruited;
}
if(empty($_POST['username_chck']) === false){
require ('core/dbcon.php');
$username = mysqli_real_escape_string($con, $_POST['uname']);
$rpt_uname = mysqli_real_escape_string($con, $_POST['r_uname']);
if($username && $rpt_uname){
if($username == $rpt_uname){
$query = mysqli_query($con, "SELECT status FROM users WHERE username = '$username'") or die(mysqli_error($con));
// Display registration form if Username is not found.
if(mysqli_num_rows($query) == 0){
$form1;
}
// Actions performed If username entered already exists in the database.
elseif(mysqli_num_rows($query) == 1){
$status = mysqli_fetch_assoc($query);
if($status['status'] == 0){
$errors[] = '<b>'.$username.'</b> is already registered and awaiting to be verified by our admins. Feel free to contact an Admin via the website or in-game to get verified.';
}elseif($status['status'] == 1){
//header("Location:?create_pwd&user=$username");
}elseif($status['status'] > 1){
$errors[] = '<b>'.$username.'</b> is already registered and verified by our Admins. Please log in to access you account.
If you have forgotten your password you can rest your password <a class="navbar-link error_link" id="intext-link" href="login.php?fp"><b>here</b></a>.';
}
}elseif(mysqli_num_rows($query) > 1){
$errors[] = 'An error has occurred. Looks like a there is more than one member with that username. Please contact the Administrator for assistance.';
}
}else{
$errors[] = 'Please ensure that the username entered in both fields match.';
}
}else{
$errors[] = 'Please complete all required fields.';
}
}
?>
<html>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<?php
if(empty($_POST['username_chck']) === false){
if(empty ($errors) === false){
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Username: </label><br>
<input type="text" name="uname" class="form-control" placeholder="Please enter your Runescape username." id="Uname" required>
</div>
<div class="form-group">
<label for="repeat_Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Repeat Username: </label><br>
<input type="text" name="r_uname" class="form-control" id="repeat_Uname" placeholder="Please re-enter your Runescape username." required>
</div>
<input type="submit" name="username_chck" class="btn btn-default" value ="Next">
</form>
<?php
}else{ echo $reg_uname;
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Email"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Email: </label>
<input type="email" name="email" class="form-control" id="Email" <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
</div>
<div class="form-group">
<label for="Joined">Date Joined: </label><br>
<small class="notice">If you do not remember the exact date please select the first day of the month and year you joined (eg: 01/02/2001).</small><br>
<input type="date" name="joined" class="form-control" id="Joined" <?php if (isset($_POST['joined'])=== true){echo 'value="', strip_tags($_POST['joined']),'"';}?>>
</div>
<div class="form-group">
<label for="recruited">Recruited by: </label>
<select name="recruited" class="form-control" id="recruited">
<option value="" selected disabled>Select a Member</option>
<?php
require ('core/dbcon.php');
$usr_qry = mysqli_query($con, "SELECT user_id, username FROM users")or die(mysqli_error($con));
while($usr = mysqli_fetch_array($usr_qry)){
echo '<option value="'.$usr['user_id'].'">'.$usr['username'].'</option>';
}
?>
</select>
</div>
<input type="submit" name="user_info" class="btn btn-default" value ="Next">
</form>
<?php
}
}elseif(empty($_POST['user_info']) === false){
if(empty ($errors) === false){
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Email"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Email: </label>
<input type="email" name="email" class="form-control" id="Email" <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
</div>
<div class="form-group">
<label for="Joined">Date Joined: </label><br>
<small class="notice">If you do not remember the exact date please select the first day of the month and year you joined (eg: 01/02/2001).</small><br>
<input type="date" name="joined" class="form-control" id="Joined" <?php if (isset($_POST['joined'])=== true){echo 'value="', strip_tags($_POST['joined']),'"';}?>>
</div>
<div class="form-group">
<label for="recruited">Recruited by: </label>
<select name="recruited" class="form-control" id="recruited">
<option value="" selected disabled>Select a Member</option>
<?php
require ('core/dbcon.php');
$usr_qry = mysqli_query($con, "SELECT user_id, username FROM users")or die(mysqli_error($con));
while($usr = mysqli_fetch_array($usr_qry)){
echo '<option value="'.$usr['user_id'].'">'.$usr['username'].'</option>';
}
?>
</select>
</div>
<input type="submit" name="user_info" class="btn btn-default" value ="Next">
</form>
<?php
}else
echo $reg_uname.'<br>'. $reg_email.'<br>'.$reg_joined.'<br>'.$reg_recruited.'<br>';
}else{
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Username: </label><br>
<input type="text" name="uname" class="form-control" placeholder="Please enter your Runescape username." id="Uname" required>
</div>
<div class="form-group">
<label for="repeat_Uname"><span class="glyphicon glyphicon-asterisk required" aria-hidden="true"></span> Repeat Username: </label><br>
<input type="text" name="r_uname" class="form-control" id="repeat_Uname" placeholder="Please re-enter your Runescape username." required>
</div>
<input type="submit" name="username_chck" class="btn btn-default" value ="Next">
</form>
<?php
}
?>
</div>
</div>
</html>
Ps. I have looked into creating a session which gets destroyed when the user navigates away from the page Destroy PHP session on page leaving. However I find that it's not very user friendly as it doesn't work properly if the user has multiple tabs open. I understand that I need to implement a javascript function to make it work properly. I do not know how to code in javascript and would really appreciate your assistance on making a better multi-step registration process.
As mentioned above, store the POST data from each step in the session variable.
// Step 1 submit
$_SESSION['steps'][1] = $_POST;
// Step 2 submit
$_SESSION['steps'][2] = $_POST;
// Step 3 submit
$_SESSION['steps'][3] = $_POST;
You can then use something like currentStep in the session to determine where they last were.
$currentStep = $_POST['step'];
And compare to what data you need available, or just use it directly from the array.
I opted to follow the 'hidden variable' method where I store the values form the previous form in hidden inputs of the current form. Thus enabling me to pass the values on to the next form. A sort of snowball effect, if you will. Below is an example:
Form 1
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Uname">Username: </label><br>
<input type="text" name="uname" class="form-control" id="Uname" required>
</div>
<div class="form-group">
<label for="repeat_Uname">Repeat Username: </label><br>
<input type="text" name="r_uname" class="form-control" id="repeat_Uname" required>
</div>
<input type="submit" name="username_chck" class="btn btn-default" value ="Next">
</form>
Form 2
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div class="form-group">
<label for="Email">Email: </label>
<input type="email" name="email" class="form-control" id="Email" required <?php if (isset($_POST['email'])=== true){echo 'value="', strip_tags($_POST['email']),'"';}?>>
</div>
<input type="hidden" name="username" <?php if (isset($_POST['username'])=== true){echo 'value="', strip_tags($_POST['username']),'"';}else{echo "value=\"$username\"";}?>>
<input type="submit" name="user_info" class="btn btn-default" value ="Next">
Explanation
Below is a skeleton of my code which should help you understand how I have displayed the forms
if(empty($_POST['form1'])=== false){
$username = mysqli_real_escape_string($con, $_POST['username']);
// display form 2
}elseif(empty($_POST['form2'])=== false){
//display form 3
}
Note the hidden input type before the submit button in the second form.
While I have opted to include the if statements within the tags for the sake of this example, you could alternatively choose to process the forms at the top of your page (before the tag).
Related
Every time I press submit. It goes straight to the (action) page without checking to see if any value is filled in.How do I stop it from changing pages without first checking to see if any information is filed in the name email and comment?
<?php
if( empty($name) && isset($_POST["submit"])){
global $connect;
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST["comment"];
$sql = "INSERT INTO entries (fullName,email,comment)
VALUES ('$name', '$email', '$comment')";
$result = mysqli_query($connect, $sql);
if(!$result){
die("try again" .mysqli_error());
}
}
?>
<section>
<div class="container text-center ">
<h1>Guess Book</h1>
<div class="row"></div>
<form class="text-center" action="thankYou.php" method="post" id="signUp" >
<label class="mb-2 mt-2" style="padding-right:1vh" for="name">Please Enter Your Full Name Here:</label><input type="text" name="name" placeholder="Enter Full Name" minlength="3" ><br>
<label class="mb-2 mt-2" style="padding-right:4.1vh" for="email">Please Enter Your Email Here:</label><input type="email" name="email" placeholder="Enter Email" minlength="4" ><br>
<div class="form-group ">
<label for="comment">Comment:</label>
<textarea name="comment" class="form-control mb-3" rows="8" minlength="4" id="comment"></textarea>
</div>
<input class="bottom-pad" type="submit" name="submit">
</form>
</div>
</section>
the simplest option is to use html "required" attribute
in your case:
<input type="text" name="name" placeholder="Enter Full Name" minlength="3" required>
this is client side validation, you also always need to validate server side.
your code:
if( empty($name) && isset($_POST["submit"])){
is slightly wrong, here is the fixed version
if( !empty($_POST['name']) && isset($_POST["submit"])){
The reason why it get submited , it because your not doing any validation in the form for a minimal validation you can use required on the input field
Please consider using a better validation i just used this for the purpose of demonstration
<section>
<div class="container text-center ">
<h1>Guess Book</h1>
<div class="row"></div>
<form class="text-center" action="thankYou.php" method="post" id="signUp" >
<label class="mb-2 mt-2" style="padding-right:1vh" for="name">Please Enter Your Full Name Here:</label><input type="text" name="name" placeholder="Enter Full Name" minlength="3" required><br>
<label class="mb-2 mt-2" style="padding-right:4.1vh" for="email">Please Enter Your Email Here:</label><input type="email" name="email" placeholder="Enter Email" minlength="4" required><br>
<div class="form-group ">
<label for="comment">Comment:</label>
<textarea name="comment" class="form-control mb-3" rows="8" minlength="4" id="comment" required></textarea>
</div>
<input class="bottom-pad" type="submit" name="submit">
</form>
</div>
</section>
You can do form validation like the previous answers have suggested. This will prevent the form from submitting unless the inputs that are required have a value in them.
You should also get in the habit of validating your code on the server side as well to make sure the data submitted by the user is the information you expect to be submitted by the user.
Here is some simple code to check to make sure that the values at least have something in them. You can take it further to validate that each field has data that meets certain criteria like a name only having alpha characters.
if($_POST["submit"] && isset($_POST["submit"])){
global $connect;
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST["comment"];
if(!empty($_POST["name"]) && !empty($_POST["email"]) && !empty($_POST["comment"])){
$sql = "INSERT INTO entries (fullName,email,comment)
VALUES ('$name', '$email', '$comment')";
$result = mysqli_query($connect, $sql);
if(!$result){
die("try again" .mysqli_error());
}
} else {
echo 'You must enter enter a value for all fields.';
}
}
This is my sign-up form.
<div class="tab-content">
<div id="signup">
<h1>Sign Up for Free</h1>
<form action="register.php" method="POST">
<div class="top-row">
<div class="field-wrap">
<label>
Username<span class="req">*</span>
</label>
<input name="username" type="text" required autocomplete="off" />
</div>
<div class="field-wrap">
<label>
E-mail<span class="req">*</span>
</label>
<input name="email" type="text"required autocomplete="off"/>
</div>
</div>
<div class="field-wrap">
<label>
Password<span class="req">*</span>
</label>
<input name="password" type="password"required autocomplete="off"/>
</div>
<div class="field-wrap">
<label>
Repeat password<span class="req">*</span>
</label>
<input name="rpassword" type="password"required autocomplete="off"/>
</div>
<button type="submit" class="button button-block"/>Get Started</button>
</form>
</div>
<div id="login">
<h1>Welcome Back!</h1>
<form action="login.php" method="post">
<div class="field-wrap">
<label>
Username<span class="req">*</span>
</label>
<input name="username" type="text"required autocomplete="off"/>
</div>
<div class="field-wrap">
<label>
Password<span class="req">*</span>
</label>
<input name="password" type="password"required autocomplete="off"/>
</div>
<p class="forgot">Forgot Password?</p>
<button class="button button-block"/>Log In</button>
</form>
</div>
Then the register.php
<?php
session_start();
$host= 'localhost';
$user='root';
$pass='';
$db='gameforum';
$conn=mysqli_connect($host, $user, $pass, $db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$username = $_POST['username'];
$password = $_POST['password'];
$rpassword = $_POST['rpassword'];
$email = $_POST['email'];
if ($password!==$rpassword) {
echo "Passwords did not match, please try again!"
$conn->close();
}
else {
$sql = "INSERT INTO users (username, password, Repeat_Password, email)
VALUES ('$username', '$password', '$rpassword', '$email')";
if ($conn->query($sql) === TRUE) {
$redirectUrl = 'index.php';
echo '<script type="application/javascript">alert("Thank you for your registration! You may now log in with your account!"); window.location.href = "'.$redirectUrl.'";</script>';
}else{
echo "Username or Email already exists!". mysql_error();
}
$conn->close();
}
?>
The problem is that if the passwords do not match then the user comes to a blank page where it says that. I want the errormessage to pop up on the same page the user i signing up on. I do not know how to do that, any ideas?
There are two ways to do this. One is to use sessions, the other one is to redirect user back to login page with something like signin.php?err=invalid_pass
of you do it with a session, you will need this code on top of your sign in page. It will print out error message if you set any in your signin page.
<?php
session_start();
if(isset($_SESSION['err']))
{
echo $_SESSION['err'];
unset($_SESSION['err'];
}
alternatively, you can add this code on top of your sign-in page:
<?php
if(isset($_REQUEST['err']))
echo $_REQUEST['err'];
You will also need to replace your echo "Passwords did not match, please try again!"
with this if you do sessions:
$_SESSION['err']="Passwords did not match, please try again!";
header("Location: signin.php");
and this if you do using the other method.
header("Location: signin.php?err=You_Goofed");
You will need to use ajax on your HTML page. When the user clicks on the form button, instead of submitting the form to the server, use ajax to send the data to the server. Then return the data from the server to the client.
Example:
$('#submit-btn').click(function(e){
$.ajax({
type:'POST',
url:'register.php',
data:{
user:username,
pw:password
}
}.done(function(data){
if(data === false){
alert("passwords don't match!");
}
});
});
In your PHP page, you will validate the passwords. If they don't match, echo false.
I have a Bootstrap form and after complete the form I want remain in the same page and display a thank you message just below the submit button.
Here my HTML code
<div id="form">
<div class="row">
<div class="col-md-12"><h3>RESTA IN CONTATTO</h3>
<form id="form_members" role="form" data-toggle="validator" novalidate action="form-data.php" method="POST">
<div class="form-group">
<label for="firstname" class="control-label">Nome</label>
<input type="text" class="form-control" name="firstname" id="name" placeholder="Inserisci il Nome" required>
</div>
<div class="form-group">
<label for="lastname" class="control-label">Cognome</label>
<input type="text" class="form-control" name="lastname" id="lastname" placeholder="Inserisci il Cognome" required>
</div>
<div class="form-group">
<label for="email" class="control-label">Email</label>
<input type="email" class="form-control" name="email" id="email" placeholder="Enter the Email" data-error="Inserire email valida" required>
<div class="help-block with-errors"></div>
</div>
<div class="form-group">
<div class="checkbox">
<label>
<input type="checkbox" id="terms" required data-error="Devi essere d'accordo con i termini di condizione d'uso">Privacy
</label>
<div class="help-block with-errors"></div>
</div>
</div>
<div class="form-group">
<button type="submit" class="btn btn-primary" name="submit" id="submit" onclick="this.form.clear()" value="submitmessage">Registrati</button>
</div>
</form>
<div id="submitmessage"></div>
and Here my php Code
<?php
$link = mysqli_connect("","","") or die("failed to connect to server !!");
mysqli_select_db($link,"");
if(isset($_POST['submit']))
{
$errorMessage = "";
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
// Validation will be added here
if ($errorMessage != "" ) {
echo "<p class='message'>" .$errorMessage. "</p>" ;
}
else{
//Inserting record in table using INSERT query
$insqDbtb="INSERT INTO `test`.`members`
(`firstname`, `lastname`, `email`) VALUES ('$firstname', '$lastname', '$email')";
mysqli_query($link,$insqDbtb) or die(mysqli_error($link));
}
}
?>
First check if your insert actually happen by assigning result to a variable, ie:
$res=mysqli_query($link,$insqDbtb);
Now, below your form you can add the following php code and you can use this variable in an if statement to echo different things:
if($_POST && $res)
{/*this code is executed if form is submitted and insert worked*/
echo ' <div class="alert alert-success" role="alert">
Grazie per esserti registrato!
</div>';
}
elseif ($_POST && !$res)
{ /*you can write a different message if insert did not happen*/
echo '<div class="alert alert-danger" role="alert">
<strong>Oh no!</strong> Provaci ancora
</div>';
}
Note that this might only work if you use php to process the form and scripts are on the same page so you would also need to modify your form like this:
<form action="register.php" method="post" accept-charset="utf-8">
(where register.php stands in for the name of your file)
and the submit button like this:
<input type="submit" name="submit" value="Submit" id="submit_button" class="btn btn-primary" />
Then at the top of your page, after you have set the parameters for the connection you put the following statement:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
and you can put all the form validation here. What happens is the first time you go to the file it will be through a GET so nothing happens, after you submit the form you access the same file but with a POST so the submission is validated.
To submit the form and stay on the same page you have two possibilites:
A) As other people have suggested you use Ajax
B) The other possibility which has the same visible result for the user is that when you submit your form you go back to the same page, so the user will see the same page but different things will be displayed depending on weather he has already submitted the form or not
To achieve this second solution you can do the following:
1)In your head you establish the connection (the php you have is improvable but as a first attempt should do the job)
2) In your page you put your form with the following modification:
<form action="FILNAME.php" method="post" accept-charset="utf-8">
and
<input type="submit" name="submit" value="Submit" id="submit" class="btn btn-default" />
THis way when a user clicks the button the form is submitted to the same page.
3) Now you need to check if your page is beening accessed for the first time (ie thoruh a GET) or after the form has been submitted, so where you want your message to appear you put the following if statement:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
3) Within this bracket you put all your php to validate the form and after validation your insert command
$insqDbtb="INSERT INTO `test`.`members`(`firstname`, `lastname`, `email`) VALUES ('$firstname', '$lastname', '$email')";
$res = mysqli_query($link, $insqDbtb);
4) If the query created a new row you can write the thank you message:
if (mysqli_affected_rows($link) === 1) {echo '<div class="alert alert-success"><h3>Thanks!</h3><p>Thank you for registering! </p></div>';
If not you can write an alert instead
I learned this method from a book by Larry Ullman, you can find the scripts with examples for free
here
I have created a signup form and it is working perfectly but now the issue is even if the user are not able to register due to common username the PID still increases.
Here is the HTML form:
<form class="form-register" method="post" action="php/reg.php">
<div class="form-register-with-email">
<div class="form-white-background">
<div class="form-title-row">
<h1>Create an account</h1>
</div>
<div class="form-row">
<label>
<span>First Name</span>
<input type="text" name="first_name">
</label>
</div>
<div class="form-row">
<label>
<span>Last Name</span>
<input type="text" name="last_name">
</label>
</div>
<div class="form-row">
<label>
<span>Username</span>
<input type="text" name="username">
</label>
</div>
<div class="form-row">
<label>
<span>Email</span>
<input type="email" name="email">
</label>
</div>
<div class="form-row">
<label>
<span>Password</span>
<input type="password" name="password">
</label>
</div>
<div class="form-row">
<label class="form-checkbox">
<input type="checkbox" name="checkbox" checked>
<span>I agree to the terms and conditions</span>
</label>
</div>
<div class="form-row">
<button type="submit" name="submit">Register</button>
</div>
</div>
Already have an account? Login here →
</div>
<div class="form-sign-in-with-social">
<div class="form-row form-title-row">
<span class="form-title">Sign in with</span>
</div>
Google
Facebook
Twitter
</div>
</form>
Here is the php code:
<?php
include('connect.php');
if(isset($_REQUEST['submit'])) {
if($_REQUEST['first_name'] == '' || $_REQUEST['last_name'] == '' || $_REQUEST['username'] == ''|| $_REQUEST['email'] == '' || $_REQUEST['password'] === '' ) {
echo "please fill the empty field.";
}
else {
$sql="SELECT pid FROM players WHERE username = '".$_REQUEST['username']."'";
$res=mysql_query($sql);
if (mysql_num_rows($res) == 0) {
$sql="insert into players(first_name,last_name,username,email,password) values('".$_REQUEST['first_name']."', '".$_REQUEST['last_name']."', '".$_REQUEST['username']."', '".$_REQUEST['email']."', '".$_REQUEST['password']."')";
$res=mysql_query($sql);
} else{
echo "username was already used";
}
if($res) {
echo "Record successfully inserted";
}
else {
echo "There is some problem in inserting record";
}
}
}
?>
Here is the table I created:
Here is the properties of the column of table:
This is a feature of MySQL INNODB. See Why does MySQL autoincrement increase on failed inserts? for details. To avoid this problem, you should ask the db if it's ok to insert the record before sending the INSERT command. Just try to SELECT that record from the players table and only if you did not receive any records, send the INSERT.
A side note: You are wide open to a SQL Injection attack. You need to use a prepared statement instead of using the $_REQUEST object in your query.
It seems like you've deleted some records. However you can set next increment number by executing this query.
ALTER TABLE players AUTO_INCREMENT=2;
I have a website with two form authentication in different pages, have different input name and link to different pages . The problem is that when I save my authentication to a browser (chrome) of a form , the browser fill in the fields with the same data in the other form . How is it possible?
First form
<form action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="exampleInputEmail1">Email</label>
<input type="email" name="private_email" class="form-control" id="email1" value="" placeholder="Enter email" required>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" name="private_password" value="" id="password1" placeholder="Password" required>
</div>
<input type="submit" name="login" class="btn btn-default" value="Login">
</form>
Second Form (It is a form of a cms)
<form action="http://escuolainsieme.it/shop/login" method="post" id="login_form" class="box">
<h3 class="page-subheading">Sei già registrato?</h3>
<div class="form_content clearfix">
<div class="form-group form-ok">
<label for="email">Indirizzo email</label>
<input class="is_required validate account_input form-control" data-validate="isEmail" type="text" id="email" name="email" value="">
</div>
<div class="form-group">
<label for="passwd">Password</label>
<span><input class="is_required validate account_input form-control" type="password" data-validate="isPasswd" id="passwd" name="passwd" value=""></span>
</div>
<p class="lost_password form-group">Hai dimenticato la password?</p>
<p class="submit">
<input type="hidden" class="hidden" name="back" value="my-account"> <button type="submit" id="SubmitLogin" name="SubmitLogin" class="button btn btn-default button-medium">
<span>
<i class="icon-lock left"></i>
Entra
</span>
</button>
</p>
</div>
</form>
Login.php
<?php session_start(); // Starting Session
$error = ''; // Variable To Store Error Message
if (isset($_POST['private_login'])) {
if (empty($_POST['private_email']) || empty($_POST['private_password'])) {
$error = "<div class='alert alert-danger'>Compila tutti i campi</div>";
} else {
$email = mysqli_real_escape_string(conn(), $_POST['private_email']);
$password = mysqli_real_escape_string(conn(), $_POST['private_password']);
$cls_utente = new utente();
if ($cls_utente->check_user($email, $password) == 1) {
$_SESSION['login_user'] = $email; // Initializing Session
$_SESSION['is_logged'] = true;
} else {
$error .= "<div class='alert alert-danger'>Email o password errati</div>";
}
}}?>
You can try using autocomplete="false" or autocomplete="off" to disable it, not sure if it will work but give it a try.
As far as i am concerned it's not possible to make the browser 'realize' that they are different forms and they should not be auto-filled with the same data.
Have a look at these 2 answers, answer1 answer2 for more information how browser detects the forms.
You must add another one column in your user table, example if you add type column the value set default super admin,moderator, user. Now you can check the login authentication with this column.If user-name and password and type is equal redirect to particular page.so you can redirect different page depends upon the user type..