I have this form:
<form name="form2" method="post" action="http://1.1.101.1/reg.php">
<input id="field12" type="text" value="{$username}" name="username" maxlength="32" placeholder="Username" required="required" />
<input id="field22" type="text" value="{$password}" name="password" maxlength="32" placeholder="Password" required="required" />
<input name="checkbox" type="hidden" id="checkbox" value="checkbox" />
<input type="hidden" name="url" value=""/><br/>
<input type="submit" value="Connect to WiFi" name="button1" /><br/>
</form>
the action is a external url.
How can i check in my php when the button submit is posted (name = button1) before it goes to that url.
Right now i have this but its not working becasuse it goes directly to the action url from the form.
if ($_SERVER['REQUEST_METHOD'] == "post") {
var_dump($_POST);
exit;
}
You can't.
The only way to validate it without using client side code is to submit the form to your own server side code.
You then won't be able to reliably redirect the request while maintaining POST.
You have basically two options the way I see it.
If it's not necessary for the user to see the output of the external script, you could do the posting yourself from your backend. I.e. change the action of your form to your own script and do something like the following:
Validation the fields
If validation OK, POST the data to the external URL via CURL (or similar)
If POST to external URL went OK, redirect to wherever the user should end up in the end
If the user must end up at this external URL, you could do it in two steps. First have your form action set to your own server side validation. If it passes, give the user a confirmation page with a form containing the same data which would then post it to the external URL. The fields should probably be hidden/read-only on this page to prevent them from being changed before the final submit.
This last method is definitely possible to mess with since it's easy to first use valid values, and then change the data in the HTML before doing the final submit. So if security is important here, you're stuck with the first option.
Try this
<?php
if(isset($_POST['button1'])){
//action
header('Refresh:3; url=http://1.1.101.1/reg.php');
}
?>
Related
I am attemping to create a PHP login system using MySQLi.
However I have created an HTML Form:
<form action="register_manager.php" method="post">
<p>Please fill all fields!</p>
<input type="text" name="username" value="<?PHP print $getuser; ?>" maxlength="15" /><br />
<input type="password" name="password" placeholder="Password" maxlength="15" />
<input type="password" name="confirmpassword" placeholder="Confirm Password" /><br />
<input type="text" name="email" placeholder="E-Mail Address" />
<p style="margin: 0; padding: 0;">
(Use a vaid a valid E-Mail Address for activation!)
</p>
<p>
Already got an account?
</p>
<input type="submit" name="regsubmit" value="Register"/><br />
<?PHP echo '<p>'.$errormsg.'</p>'; ?>
</form>
Once I click submit, it redirects me to the registration_manager.php page, which is not what I want it to do. I am new to PHP so I am not aware on why it is doing this, instead of registering the user.
This is the register_manager.php file:
http://pastebin.com/cvbA6L6P
The action specified in your form is register_manager.php so whenever you hit the submit button you will get redirected there. Also, in the link you provided of the source code of register_manager.php, you're generating error messages, depending on the case, but never printing them on the page so the user can see what is wrong, unless of course the html form you provided is included in the register_manager.php. Finally, when testing make sure you fill all the requirements set by the if statements in you register_manager.php file, i.e. pass all wanted fields (username, email (which must be longer than 7 chars, containing the '#' and '.' characters), password, password confirmation). Hope this solves your question!
What you are describing is normal. The browser will send a POST request to the URL defined as action. So you need to render the form there as well. You can either abstract the form out and reuse it in both files or do the initial form rendering and the processing in one file by checking if $_POST['regsubmit'] is set (if it is not set you are rendering the form initially).
Submit button will activate the request of the webpage specified in the attribute action, passing the information inside the form by the method selected. In your example, the information is passed to register_manager.php using POST method.
To retrieve the information passed, you could use the arrays $_POST and $_GET depending the method used. In your example:
<?php
print $_POST['password'];
print $_POST['confirmpassword'];
print $_POST['email'];
?>
I'm trying to login to a site and from there i want to send a message with the form available there. It looks like
<form method="POST" action="pm.php">
To: <input type="text" name="user" />
<input type="hidden" name="pm_tid" value="ef0gjpmgwag5g21agjg" />
<input type="hidden" name="box" value="new" />
Subject: <input type="text" name="subject" />
message: <textarea name="text"></textarea>
<input type="submit" value="Send" />
</form>
I managed to enter the login and to the page where is the message send form but in that html code you can see that there is a hidden random hash value which changes after every reload. I want to get that correctly and post in the form. Only then my message will be sent. Please don't say that it's IMPOSSIBLE. It is possible. One of my classmate succeeded in it but he is not helping me.
Please try to help me.
This looks like CSRF protection. The usual implementation for this is to store the token in a cookie (or server session if a session token cookie is used) and then compare it to the token in the form.
You need to:
request the HTML document containing the form
store the cookies you get at the same time (assuming that they come with the form)
parse the html to get the token from the input
make the request to pm.php including the token and the cookie
i am using php and this is my form
<form method="POST" action="www.welcome.php"style="clear:both">
<legend>Login</legend>
Username: <input type="text" name="username" size="20" id="username" class="content" /><br>
Password: <input type="text" name="password" size="20" id="password" class="content" /><br>
<input type="submit" value="Login" name="submit" class="content" />
<input type="reset" value="Reset" class="content" />
<div id="login_response"></div>
</form>
however, i want the redirected page url to be
www.welcome.php?username=xxxx
provided i logged in with xxxx
i want the redirected page url to be www.welcome.php?username=xxxx
for the form's action you don't need it. Just leave your form as is.
if you want to redirect a user after the form processing (as you have to anyway), just add an entered username to the URL in the Location header:
header("Location: welcome.php?username=".$_POST['username']);
exit;
As posted in the second comment, form method="GET" will send the user over to this URL: www.welcome.com/?username=xxxx&password=yyyyyy
However, assuming you do not want the URL to have the password in the querystring (bad idea!) then you will have to submit the form with Javascript, in order to pass the username in the querystring and the password in the post variables. Specifically, your submit button should have an onclick event that calls a Javascript function, which then reads the value of the username and appends it to the action URL, then submits the whole form with the POST method.
I can't think of a reason why you would want the username to be in the querystring instead of the post variables though.
In MB The Developer's answer, the www.welcome.com?username=xxxx URL is hardcoded, which doesn't seem that useful, but if you are talking about a failed login going back to the login page ("redirected?") then MB's example could be extended with something like this:
<form method="POST" action="www.welcome.com?username=<?php print($_GET['username']); ?>"style="clear:both">
Also I think you will want your password field to be type="password" instead of type="text".
I know it is php global variable but I'm not sure, what it do?
I also read from official php site, but did not understand.
You may want to read up on the basics of PHP. Try reading some starter tutorials.
$_POST is a variable used to grab data sent through a web form.
Here's a simple page describing $_POST and how to use it from W3Schools: PHP $_POST Function
Basically:
Use HTML like this on your first page:
<form action="submit.php" method="post">
Email: <input type="text" name="emailaddress" /> <input type="submit" value="Subscribe" />
</form>
Then on submit.php use something like this:
<?
echo "You subscribed with the email address:";
echo $_POST['emailaddress'];
?>
There are generally 2 ways of sending an HTTP request to a server:
GET
POST
Say you have a <form> on a page.
<form method="post">
<input type="text" name="yourName" />
<input type="submit" />
</form>
Notice the "method" attribute of the form is set to "post". So in the PHP script that receives this HTTP request, $_POST[ 'yourName' ] will have the value when this form is submitted.
If you had used the GET method in your form:
<form method="get">
<input type="text" name="yourName" />
<input type="submit" />
</form>
Then $_GET['yourName'] will have the value sent in by the form.
$_REQUEST['yourName'] contains all the variables that were posted, whether they were sent by GET or POST.
It's used to store CGI input via a POST sent to your page.
Example:
Your page contains:
<form action="welcome.php" method="post">
Name: <input type="text" name="fname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>
One the user submits the values input into the form, you can access those variables through $_POST using the names you provided for the input tags.
Welcome <?php echo $_POST["fname"]; ?>!<br />
You are <?php echo $_POST["age"]; ?> years old.
You can capture post values from forms:
Example:
<form method="POST">
<input type="text" name="txtName" value="Test" />
</form>
To get this you'll use:
$_POST["txtName"];
It contains data sent by HTTP post, this is most often from a HTML FORM.
<form action="page.php" method="post">
<input type="text" name="email" ...>
...
</form>
Will be accessible by
$_POST["email"]
It contains the data submitted via the POST method, and only the POST method, versus data submitted via the GET method. The $_REQUEST superglobal variable contains both $_POST and $_GET data.
When data is posted through a form to the server, you access it through the $_POST array:
<form method="post">
<p><input type="text" name="firstname" /></p>
<p><input type="submit" /></p>
</form>
--
<?php
if ($_POST)
print $_POST["name"];
?>
Not all data is sent through $_POST through. File uploads are done through $_FILES.
As defined by the Hypertext Transfer Protocol specifications, there are several types of requests that a client (web browser) can make to a resource (web server).
The two most common types of web requests are GET and POST. PHP automatically loads any client request data into the global arrays, $_GET and $_POST, based on the type of web request received. The type of request is transparent to the user of the web browser, and is simply based on what is going on in the page. In general however, any regular link you click produces a GET request, and any form you submit produces as POST request.
If you click a link that goes to "http://example.com/index.php?x=123&y=789", then index.php will have it's $_GET array populated with $_GET['x'] = '123' and $_GET['y'] = '789'.
If you submit a form that has the following structure:
<form action="http://example.com/index.php" method="post">
<input type="text" name="x">
</form>
Then the receiving script, index.php, will have it's $_POST array populated with $_POST['x'] = 'whatever you typed into the textbox named x';
There are two ways of sending data from a form to a web app, GET and POST.
GET sends the data as part of the URL string: http://www.example.com/get.html?fred=1&sam=2 is an example of what that would look like. There are some problems with using it for all processing, one of the biggest is that every browser has a different maximum length for the query string, so you may have your data truncated.
POST sends them separately from the URL. You avoid the short length limit, plus you can send binary or encrypted data with POST.
In the first example above, PHP can retrieve the values sent by $_GET['fred'] and $_GET['sam']. You would use $_POST instead if the form was POSTed.
If you're wondering which method you should use, start here
$_POST is used to retrieve values passed to your page via a POST request.
For example, your page uses a form to pass data to another page in your application. Your form would have
<form method="post">
to pass those values via POST.
It is matched by $_GET which perform the same function for GET requests.
If you want to be able to reference either GET/POST values, you can use $_REQUEST
It contains any values posted from a HTML form to this script.
How do you go about redirecting a browser and sending a HTTP POST request in PHP? A header("Location: file.php?foo=bar") of HTTP POST requests, if you will.
You can't - HTTP does not allow this - if you want to pass arguments via a redirect they have to be embedded into the URL as GET vars.
C.
This does not redirect the browser but it can perform a POST request.
Curl Manual
Curl POST Example
PHP POST Without Curl
To redirect the browser i'd suggest using Javascript.
An example form that does POST and redirect
<FORM action="http://somesite.com/prog/adduser" method="post">
<P>
<LABEL for="firstname">First name: </LABEL>
<INPUT type="text" id="firstname"><BR>
<LABEL for="lastname">Last name: </LABEL>
<INPUT type="text" id="lastname"><BR>
<LABEL for="email">email: </LABEL>
<INPUT type="text" id="email"><BR>
<INPUT type="radio" name="sex" value="Male"> Male<BR>
<INPUT type="radio" name="sex" value="Female"> Female<BR>
<INPUT type="submit" value="Send"> <INPUT type="reset">
</P>
</FORM>
I'm not sure why you would have any need for this, however it is not possible in any server-side language.
You could use a javascript library such as jQuery to request a page using a post request
I don't believe you can get a browser to POST data by redirecting it in the middle of a request. You're limited to GET. If you want a browser to POST something you need to construct a <form> and submit it. (Or use an AJAX request.)
PHP doesn't have anything like this. To fulfill your example, you can just simply say $_GET['foo'] = 'bar'; include("file.php"), however the URL given to the browser will not be changed.
Similar question: Code Translation: ASP.NET Server.Transfer in PHP
This question was asked here How do you POST to a page using the PHP header() function?.
Someone commented that if you already had the data why do you need to post it anywhere, why can't you just act on the data in that page?
If you need to transfer data when you redirect without showing data in the URL, you can use $_SESSION, first store data into session then redirect the page, after redirection get data from session and destroy the session data..
OK, if you need to transfer data to other site without showing in the URL, u have to use Javascript instead... like transfer data to payPal. just make a form and write a javascript code to submit the form automatically on page load. below is the sample code:
<form name="myform" action="handle-data.php">
Search: <input type='text' name='query' />
Search
</form>
<script type="text/javascript">
function submitform()
{
document.myform.submit();
}
</script>