I've made a password reset option. Users can fill in their emailaddress and an email will be sent to the addres. The email contains an URL where the user can fill in a new password. Some validation and sanitazion is done and submitted to the database.
In both my forms I have an input field with display:none. If this field has a value, an error will be returned on submitting the form. I've made this to prevent robots from filling in the form.
The first form where the user fills in their emailaddress submits without any errors. However when I fill in a new password and submit, I get the error message linked with the input field with display:none.
The weird thing is that this only happens on one computer. I've tested this on one computer with Firefox and Safari, worked perfectly. On the other computer Safari works fine, Firefox returns the error. I've checked for automatically information that could be filled in, but found nothing.
My code:
if(!empty($_POST['email'])) {
echo "Failure.
Click here to return.";
}
<form action="password_lost.php?t=<?php echo $_GET['t'] . "&e=" . $_GET['e']; ?>" method="POST">
<input type="text" class="email" style="display:none;" name="email" value="" />
<input type="password" name="password" size="30">
<input type="submit" name="reset" value="Submit" />
</form>
$_GET['t'] = a token
$_GET['e'] = the emailaddress
How is it possible that this only happens with one browser, with only one form.
try clearing your browsers cache and setting autocomplete to off.
Firefox:
For passwords, go to Edit > Preferences > Privacy & Security > Passwords and uncheck the option to remember passwords. Note that passwords can be stored in an encrypted format.
I don't know why browsers behave differently here, but why don't you add autocomplete="off" ? Like so:
<input type="text" class="email" style="display:none;" name="email" value="" autocomplete="off" />
Try changing this line
if(!empty($_POST['email'])) {
To this:
if($_POST['email']) {
Also I would do print_r($_POST) so you can see what is being submitted by the form. See if what is being submitted changes based on browser and PC.
Related
I am trying to fetch some data from one device.
Problem is that this device doesnt have snmp, event telnet doesnt have. Only web.
Web auth form made from one text input field and submit button. So there is no username and password. Only password and submit.
From page source i can see that there is also a java script in .
My idea is to do login, fetch information from page and parse it(no problems with parsing, have exp with this).
But what is confusing for me is how to paste password and "press" submit button and then fetch response.
HTML code of page:
Form where should be placed password, for example 1234
<input id="psw_id" type="password" maxlength="15" size="20" name="q" value="">
Then there is a submit button
<input type="submit" value="" name="q" class="w_bok">
And one strange element is
<input id="hpsw_id" type="hidden" name="pA" value="1C755EC55250421A">
And script in
function DoHash()
{
var psw = document.getElementById('psw_id');
var hpsw = document.getElementById('hpsw_id');
var nonce = hpsw.value;
hpsw.value = MD5(nonce.concat(psw.value));
psw.value = '';
return true;
}
I see in firefox console POST message
POSThttp://10.168.168.144/CONTROL.HTM
And following values
q=&q=&pA=8142bb8f7976bfacaef515001405fa9f
Can somebody help me with making php curl query for login and fetching information from CONTROL.HTM?
I am attemping to create a PHP login system using MySQLi.
However I have created an HTML Form:
<form action="register_manager.php" method="post">
<p>Please fill all fields!</p>
<input type="text" name="username" value="<?PHP print $getuser; ?>" maxlength="15" /><br />
<input type="password" name="password" placeholder="Password" maxlength="15" />
<input type="password" name="confirmpassword" placeholder="Confirm Password" /><br />
<input type="text" name="email" placeholder="E-Mail Address" />
<p style="margin: 0; padding: 0;">
(Use a vaid a valid E-Mail Address for activation!)
</p>
<p>
Already got an account?
</p>
<input type="submit" name="regsubmit" value="Register"/><br />
<?PHP echo '<p>'.$errormsg.'</p>'; ?>
</form>
Once I click submit, it redirects me to the registration_manager.php page, which is not what I want it to do. I am new to PHP so I am not aware on why it is doing this, instead of registering the user.
This is the register_manager.php file:
http://pastebin.com/cvbA6L6P
The action specified in your form is register_manager.php so whenever you hit the submit button you will get redirected there. Also, in the link you provided of the source code of register_manager.php, you're generating error messages, depending on the case, but never printing them on the page so the user can see what is wrong, unless of course the html form you provided is included in the register_manager.php. Finally, when testing make sure you fill all the requirements set by the if statements in you register_manager.php file, i.e. pass all wanted fields (username, email (which must be longer than 7 chars, containing the '#' and '.' characters), password, password confirmation). Hope this solves your question!
What you are describing is normal. The browser will send a POST request to the URL defined as action. So you need to render the form there as well. You can either abstract the form out and reuse it in both files or do the initial form rendering and the processing in one file by checking if $_POST['regsubmit'] is set (if it is not set you are rendering the form initially).
Submit button will activate the request of the webpage specified in the attribute action, passing the information inside the form by the method selected. In your example, the information is passed to register_manager.php using POST method.
To retrieve the information passed, you could use the arrays $_POST and $_GET depending the method used. In your example:
<?php
print $_POST['password'];
print $_POST['confirmpassword'];
print $_POST['email'];
?>
I have this form:
<form name="form2" method="post" action="http://1.1.101.1/reg.php">
<input id="field12" type="text" value="{$username}" name="username" maxlength="32" placeholder="Username" required="required" />
<input id="field22" type="text" value="{$password}" name="password" maxlength="32" placeholder="Password" required="required" />
<input name="checkbox" type="hidden" id="checkbox" value="checkbox" />
<input type="hidden" name="url" value=""/><br/>
<input type="submit" value="Connect to WiFi" name="button1" /><br/>
</form>
the action is a external url.
How can i check in my php when the button submit is posted (name = button1) before it goes to that url.
Right now i have this but its not working becasuse it goes directly to the action url from the form.
if ($_SERVER['REQUEST_METHOD'] == "post") {
var_dump($_POST);
exit;
}
You can't.
The only way to validate it without using client side code is to submit the form to your own server side code.
You then won't be able to reliably redirect the request while maintaining POST.
You have basically two options the way I see it.
If it's not necessary for the user to see the output of the external script, you could do the posting yourself from your backend. I.e. change the action of your form to your own script and do something like the following:
Validation the fields
If validation OK, POST the data to the external URL via CURL (or similar)
If POST to external URL went OK, redirect to wherever the user should end up in the end
If the user must end up at this external URL, you could do it in two steps. First have your form action set to your own server side validation. If it passes, give the user a confirmation page with a form containing the same data which would then post it to the external URL. The fields should probably be hidden/read-only on this page to prevent them from being changed before the final submit.
This last method is definitely possible to mess with since it's easy to first use valid values, and then change the data in the HTML before doing the final submit. So if security is important here, you're stuck with the first option.
Try this
<?php
if(isset($_POST['button1'])){
//action
header('Refresh:3; url=http://1.1.101.1/reg.php');
}
?>
I have mysql table members with columns id, user, password, and verified
When a user logs in, using user and password (compared against members-db) they are presented with a form. The form gathers info to be manually checked by an admin.
Upon submitting the form, it will send an email to admin with all the details to manually confirm.
The problem that I am hitting is that admin wants the email to contain a link that will enable him to update the verified field in members table upon clicking. I need to send a previously stored variable with the form to do so. That way I have a link to the members table.
For example, If I store $user_id as the id of whichever row I need to update, and I could send it forward with the form, then I could just use the UPDATE feature WHERE id = $user_id
Here is my form ...
<form method="post" name="verify_form" action="../includes/verify.php">
Website for Online Verification: <input type="text" name="webpage" id="webpage" /><br />
Identification Number: <input type="text" name="number" id="number" /><br />
Expiration Date: <input type="text" name="expire" id="expire" /><br />
<input type="submit" value="Verify Me!" onclick="return vformhash(this.form, this.form.webpage, this.form.number, this.form.expire);" />
<input type="reset" value="Clear Form" />
</form>
Is there a way to send my previously captured $user_id to the verify.php page when user submits?
You could use a hidden field:
<input type="hidden" name="userid" value="<?php echo $user_id; ?>" >
You can use:
<input type='hidden' name='user' value=<?php echo $user_id; ?>>
inside the form.
You could send it in url like
$url = "verify.php?user_id=" . $ user_id;
And access it in verify.php page by
$ user_id = $_GET ['user_id'];
You can use hidden fields: <input type="hidden"....
If the information is sensitive, you should not put it in those hidden fields, but rather store it in the session or otherwise on your server. You can then use a hidden field to store a key that you can use to find those values again later.
If you would use regular session variables, without a key in the form, you might get the issue of finding the wrong value if the user has multiple forms open in multiple tabs.
Two options:
Change your for tag to pass the ID as a GET param :
action="../includes/verify.php?user_id=123"
-or-
Add a hidden field :
<input type="hidden" name="user_id" id="user_id" value="123" />
You will be able to access this value with either $_GET['user_id'] for option #1, or $_POST['user_id'] for option #2 within your PHP script.
When the user logs in, save their ID in a session value such as $_SESSION["userID"]. Then in verify.php you can access $_SESSION["userID"]. It's cleaner than passing the ID back and forth as parameters.
I would like to say that I've already read all the similar questions, but did not find the answer I need.
So, I have the HTML form on the remote host that consists of username, password and "rememberMe" checkbox:
<form method="POST" action="http://1.2.3.4:5000/webman/login.cgi">
<p><input type="text" name="username" value="" placeholder="Username or Email"></p>
<p><input type="password" name="passwd" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="rememberme" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
All I want to do is to submit data from one form to another one (another one - this is my Synology NAS Login form). But the problem is that if I write action="http://1.2.3.4:5000/webman/index.cgi", it does nothing (just sends me to the second login form).
But when I use action="http://1.2.3.4:5000/webman/login.cgi", it forwards me to the login.cgi page where only the following is displayed (with correct username & passwd)
{ "result" : "success", "success" : true }
BUT: if I change login.cgi to index.cgi in the browser, I go then to my desktop as I were logged in successfully via the default form.
So, on this basis, the question is:
How to send data to login.cgi, but redirect the user to .../index.cgi?
You need two forms. You can not have form in form. You need to copy data between forms with javascript. You can do that with this:
function copydata() {
document.form1.username.value = document.form2.username.value;
document.form1.passwd.value = document.form2.password.value;
return 1;
}
If I am getting this right you have login with two different actions. All you have to do is to apply this code once when secondary (submit for second form) submit button is clicked.
In the <form method="POST" action="http://1.2.3.4:5000/webman/login.cgi"> you need to add target="login_iframe" above to add the line <iframe id="login_iframe" name="login_iframe" width="0" height="0" frameborder="0" style="display: none;" ></iframe>.
Here is a script for redirecting the user after the verification. Notice that the script is only half working because there are no conditions "if the password is not correct then it should pop the inscription"
<script>
$(document).ready(function(){
$("#login_iframe").on("load", function(){
location.href = "https://the address of the page/";
});
})
</script>
You should change the redirection address.