I'm making a html form and need people to validate that they are who they say they are. How I'm planning on doing this is with a password field. From which the password will be sent to them by email. So only one password is eneugh, so no need for dozens of different passwords.
The HTML
<form action="contact.php" method="post">
<!--entire form here-->
<input type="password" name="pwd" placeholder="Password" required />
<input type="submit" value="submit" id="button"/>
</form>
So my question is:
How do I select what the password is (I think in contact.php, not sure)
How do I process the password in contact.php
Thanks in advance!
Your form sends data to the page contact.php
Here's what to write in contact.php so you'll get the value from the input:
<?php
if (isset($_POST['pwd']))
{
//comparing the user input with the good password
if ($_POST['pwd'] == 'THE_GOOD_PASSWORD_GOES_HERE')
{
echo 'Password is good';
}
else
{
echo 'Wrong password';
}
}
?>
Replace THE_GOOD_PASSWORD_GOES_HERE with your password.
Also, please consider reading this
Related
So what I want to do it kind of like a login form, but rather than it being individual users, it's more of a password locked page.
Here's sort of what I have for php
<?php
$user = $_POST['user'];
if($user == "placeholder")
{
include("randomfile.html");
}
else
{
if(isset($_POST))
{?>
<form id="login" method="POST">
User <input type="text" name="user" id="userID"></input><br/>
<input type="submit" name="submit" value="Go"></input>
</form>
<?}
}
?>
and it's basically doing what I want it to do, but if you were to go back (like use the go back button in the browser) it doesn't get rid of that submitted text (in this case, it would be "placeholder").
Any suggestions of any other way to do this, maybe easier or more basic because I just started with php, and is it possible so that if you enter "placeholder" and submit it, then go back, it doesn't have the User field already filled out with what you previously submitted?
<form id="login" method="POST" autocomplete="off">
That work for all the form, I think is the easiest. Ref: form:autocomplete
So for a web application, I need to code a New User form using HTML/PHP/MySQL.
The requirements for the user form include:
Posts to itself
Has a user name, password, and a confirm password text field
Has a reset button that resets all fields
If the two password fields don't match, report error, reset form, and keep the user name
If the user name is already taken, report error and reset everything
If everything is okay, hash and salt the password, add data to database, report success, and reset form
I'm working on #3 and #4 currently. This is what I have so far (sorry if the code is hard to read):
<form name="form" method="post" action="NewUser.php">
User Name: <input name="userName" type="text" id="userName" value="<?php echo $_POST["userName"]; ?>"> <br>
Password: <input type="password" name="password" id="password"> <br>
Confirm: <input type="password" name="passwordConfirm" id="passwordConfirm">
<?php
if ($_POST["password"] != $_POST["passwordConfirm"]) {
echo "Error: Passwords do not match.";
}
?> <br>
<input type="submit" name="submit" id="submit" value="Submit">
<input type="reset" name="reset" id="reset" value="Reset">
</form>
Now, as you can see, since the default value for userName changes, the reset button doesn't actually blank out the text field if the user fails the password check and then tries to reset the form.
Apart from future issues I'm probably going to run in to implementing the rest of the requirements, how would I fix this issue I'm currently having?
The <input type="reset"> resets the form to the state it was when it was loaded.
Either you stick with PHP, then you need to change the type to submit and check by if (isset($_POST["reset"])) if the user wanted to reset the form.
Or you use Javascript: <input type="reset" onclick="document.getElementById('username').value='';" />
you must have two files ..
index.html
savedata.php
now you can send Form Data from index.html to savadata.php via jQuery , AJAX .
Just Follow these steps .
Add this Script into your index.html which have already created .
<script>
jQuery(function(){
$('form').submit(function(e) {
e.preventDefault();
var username = $("#userName").val();
var password = $("#password").val();
var cPassword = $("#passwordConfirm").val();
// i am validating confirm password on client side but don't do it for security reasons
if(password == cPassword) {
// now send the Form Data to Server Side to save theme
$.post('savadata.php', {
username:username,
password:password
} , function(responce){
if(responce == '1') {
// form submitted successfully
// clear form fields
$("#userName").val('');
$("#password").val('');
$("#passwordConfirm").val('');
alert('Data Saved...');
} else {
alert('there is an error to save data');
}
})
} else {
alert('Confirm password not matched');
}
}
});
</script>
and the savedata.php will recive the Data in $_POST array
you can treat theme like this .
<?php
$username = $_POST['username'];
$password = md5($_POST['password']);
// Do what ever you want with savadata.php
// if Data Saved Successfuly echo '1'; javascript will take this flag as your data is saved.
?>
I'm still new and trying to learn php. I have a form and everytime I run it I get an error displaying that the variable were not set when they should be. I'm definately missing something. Kindly explain what why is the variable $_POST['login_button'] not set the first time i run the page?
Code can be found below:
<?php
require 'connect.inc.php';
if (isset($_POST['login_button']) && isset($_POST['username']) && isset($_POST['password'])){
$login_button = $_POST['login_button'];
$username = $_POST['username'] ;
$password = $_POST['password'];
$password_hash = md5($_POST['password']);
if(!empty($username)&&!empty($password)){
$sql = "SELECT `id` FROM `golden_acres_username` WHERE `uname`='$username' AND '".$password_hash."'";
if($sql_run = mysql_query($sql)){
$query_num_rows = mysql_num_rows($sql_run);
}
if($query_num_rows==0){
echo'User name and password are incorrect';
}
else if($query_num_rows==1)
{
echo 'Username and password are correct';
}
}
else
{
echo 'Please fill in user name and password';
}
}
else
{
echo'Fields are not set';
}
?>
<form class="home_logon_area" action="test.php" method="POST">
Username:
<input type="text" name="username" />
Password:
<input type="password" type="password" name="password"/>
<input type="submit" name="login_button">
</form>
Thanks in advance,
Joseph
$_POST contains the result of submitting a form. If no form has been submitted yet, it will not contain anything.
Your script is working just fine; remove echo 'Fields are not set';, or use that line for code that should only run when the form hasn't been submitted yet.
The $_POST variable is set by the server to capture the data content sent by the browser as part of the form POST action. When the page is initially loaded, the browser has only executed/requested a GET call for the content of the page without sending the POST request.
Hope that helps!
This is simple to understand ;-)
First time the phpscript is executed to get the Form
So there will be no information at all (the visitor is new and have not seen the form before)
Then the User fills the form and press Submit button
The form is linked to the same side so the same phpscript gets executed again
Now you have the Formular values transmitted and you can acess them over $_POST
For more information look at php.net
Remove last else from your code and update the form with this one
<form class="home_logon_area" action="test.php" method="POST">
Username:
<input type="text" name="username" required />
Password:
<input type="password" type="password" name="password" required/>
<input type="submit" name="login_button">
</form>
I am creating my own website just to get some experience. I've been working on it for 3 days and am at the point where I can sign up and sign in.
When signing in, if the combination of the username and password is not found in the database, my code displays an error message telling the user that either he didn't sign up yet or he is entering a wrong user email or password.
But, the message is displayed in a new page, instead of the sign in page.
I looked at some tutorials online, but didn't find a good explanation for it. Could someone please give me some advise?
I am using PHP for the database connection.
I just typed a very basic example:
<?php
//login.php
$msg = ''; //to store error messages
//check whether the user is submitting a form
if($_SERVER['REQUEST_METHOD'] == 'POST') //check if form being submitted via HTTP POST
{
//validate the POST variables submitted (ie. username and password)
//check the database for a match
if($matchfound == TRUE) //if found
{
//assign session variables and other user datas
//then redirect to the home page, since the user had successfully logged in
header('Location: index.php');
}
else
{
$msg = 'Error. No match found !'; //assign an error message
include('login_html.php'); //include the html code(ie. to display the login form and other html tags)
}
}
else //if user has not submitted the form, just display the html form
{
include('login_html.php');
}
//END of login.php
?>
login_html.php :
<html>
<body>
<?php if(!empty($msg)) echo $msg; ?> <!-- Display error message if any -->
<form action="login.php" method="post">
<input name = "username" type="text" />
<input name = "password" type="password" />
<input name = "submit" type="submit" value="Submit" />
</form>
</body>
</html>
This is not a complete code. But I just created it for you to understand how this can be done. :)
Good luck
Your opening form tag should look like this: <form action="" method="post">. The empty "action" attribute will cause the page to post back to itself. Just check the $_POST for username and password to determine whether to test for a match or just show the form.
And please be sure to hash your passwords and sanitize your inputs!
you can do it without going to a new page.
<?php session_start(); ?>
<?php
if(isset($_POST) && isset ($_POST["admin_login"])){
$user_data_row = null;
$sql="SELECT * FROM table_name WHERE <table_name.field name>='".mysql_real_escape_string($_POST['email'])."'
and <table_name.field name='".mysql_real_escape_string($_POST['password'])."'
;
$result=mysql_query($sql);
$user_data_row=mysql_fetch_assoc($result);
if(is_array($user_data_row)){
$_SESSION['user_id'] = $user_data_row['id'];
header("Location: <your page name>");
}else{
$_SESSION['message'] = "Valid email and password required";
}
}
?>
<?php if(isset($_SESSION['message'])){
echo "<li>{$message}</li>";
?>
<form action="" method="post" id="customForm">
<label>Email:</label>
<input type="text" id="email" name="email">
<label>Password:</label>
<input type="password" id="password" name="password">
<input type="submit" value="Login" id="send" name="admin_login">
</form>
may be its helps you....
Basically what you need to do, is post the form to the same page.
Once you have that, at the type just check for the $_POST: if($_SERVER['REQUEST_METHOD'] == 'POST')
If it is a post, check the username and password and either show an error or redirect to the signed in page. After this, display the login form.
So, if it's an error, they'll get the error and then the login form. If it's not posted, they'll get just the login form, and if it's a valid login, they'll get redirected to the proper page before the login form is shown.
New to all this so forgive my ignorance. I am trying to figure out how to add a "confirm your password" field to my form. Using PHP and mySQL. Is this entered in the html form code, and how can you set it to auto check that the password and confirm password fields match.
Just get both the password and confirm password fields in the form submit PHP and test for equality:
if ($_POST["password"] === $_POST["confirm_password"]) {
// success!
}
else {
// failed :(
}
where password and confirm_password are the IDs of the HTML text inputs for the passwords.
What you're trying to do is form validation. It's a good idea do validate on the client side (using javascript) so you have a faster response for your user on the interface, and on your server side (since your user can have javascript disabled - and because you should never blindly trust in user input. Read Should you do validation on your server side for some more information about this subject).
You just need to compare the two posted values. If correct, insert in database. If not, dont do anything and returns a message to the user saying that the password is incorrect.
I can't give more details since you didn't provide enough or detailed information of your php environment (frameworks used, libs used, etc).
you can check it in JavaScript using
<html><title></title><head>
<script>
function validate(){
if(!document.getElementById("password").value==document.getElementById("confirm_password").value)alert("Passwords do no match");
return document.getElementById("password").value==document.getElementById("confirm_password").value;
return false;
}
</script>
</head>
<body>
<form onSubmit="return validate()" action="nextPage.php">
Password: <input type="text" id="password" name="password" /><br/>
Reenter Password: <input type="text" id="confirm_password" name="confirm_password" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
And on sever side you need to check it again in case client do not have JavaScript Enabled,
if($_GET['password']==$_GET['confirm_password'])
You have to use $_POST instead of $_GET in case of POST method
I updated the code, there is missing colon on form submit.
<html>
<title></title>
<head>
<script>
function validate(){
var a = document.getElementById("password").value;
var b = document.getElementById("confirm_password").value;
if (a!=b) {
alert("Passwords do no match");
return false;
}
}
</script>
</head>
<body>
<form onSubmit="return validate();" ">
Password: <input type="text" id="password" name="password" /><br/>
Re-enter Password: <input type="text" id="confirm_password" name="confirm_password" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
Are you using some kind of framework? If not it should be as simple as checking after save that both fields are set and that $confirmationPassword == $passWord. Then apply whatever validation you need to the password before storing it in SQL.