Note : The question is not as simple as the title suggests. However since I could not think of anything better, i typed what i think is closest to my problem.
I have an html page(lets call it firstpage) which has 2 forms( since form processing is via php, it is basically a php page). The php code for the page is as here . One form is for a registered user to login and one form is for the registration of a new user. Following multiple online tutorials I followed the procedure of submitting the form to the page itself using method="post" action="<?php echo $_SERVER['PHP_SELF']?>" . However since Im doing this for both the forms, i now have following issues:
1.The php file which checks various constraints of a new user during registration is executed as soon as i load firstpage which should ideally be executed only when the user fills up the form and clicks on register. Due to this a bunch of php messges strings are always displayed on loading firstpage
2.I do not know how to redirect to the homepage which is the page that should appear when a new registration is successfully completed and also when a registered user is logged in. Any help will be REALLY helpfull. php script for to check for a registered user is here
For the conditions 1 & 2, Follow this
1.
Replace your if statement from
if (($_SERVER['REQUEST_METHOD'] == 'POST') && (!empty($_POST['action']))):
to
if (($_SERVER['REQUEST_METHOD'] == 'POST') && isset($_POST['action']) && (!empty($_POST['action']))):
//Assuming $_POST['action'] is the name of your submit button.
2.
Make use of the header to redirect to certain page
Something like this
if(isset( $_SESSION['userid'] ))
{
$message = 'Users is already logged in';
header("location:profile.php");
exit;
}
As for 1. the usual way to go around this is having boolean variables to keep track of the validity of each field (say, isEmailValid) that are by default set to true until the form was submitted.
$isEmailValid = true;
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$isEmailValid = false;
function verifyEmail($email);
}
As for your 2nd question, after all checks are done and you stored the record of the new user into the database you could do just
header('Location: index.php');
exit();
Related
Say I have a form on example.com/contact that processes on example.com/submitted. In theory anyone can currently access example.com/submitted directly although this isn't ideal because of the message displayed. There's this question from 7 years ago but the answers in that don't work.
Theoretically the contents of the form page don't matter as long as it was posted. I don't want to have to echo out the contents of the submitted page as it is complete. I just need something simple like if the referrer wasn't example.com/form or POST method.
All I need is to only allow access to example.com/submitted if the user has actually submitted something. I've tried PHP and htaccess methods (PHP preferred) but nothing I've found has worked. Processing on the same page would remove this issue but the submitted page contains entirely different content.
Any advice would be appreciated as I can't find anywhere with a working answer.
Have the action of your form on example.com/contact point to example.org/submitted so that the form contents get posted to your submitted page.
Then, on your submitted page, check the method, and redirect to to contact on GET (or better, everything that isn't POST):
if ($_SERVER['REQUEST_METHOD'] !== 'POST')
header("Location: http://example.com/contact");
else if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST)) {
// validate input
// save to your CSV
// display `submitted` page
}
You can accomplish a check on both the refferer and the request method by doing so:
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['HTTP_REFERER'] == "http://example.com/form") {
// Your code
}
Try this:
contact.php
session_start();
...
$_SESSION['form-submitted'] = 0;
if(isset($_POST['submit'])){//use your button value
//do your stuff
$_SESSION['form-submitted'] = 1;
//redirect to submitted file
}
submitted.php
if(isset($_SESSION['form-submitted']) && $_SESSION['form-submitted'] == 1){
//show content
} else {
//redirect to contact page
}
This will allow you to catch the get requests and check if the form was not submitted.
Have you tried this one yet ?
if (!isset($_POST)) {
header("Location: http://example.com/contact");
}
I'm pretty new to programming and gotta do a project for school. My task is to wrinte a ticketsystem with login etc. in PHP.
Since my groupmates aren't to helpful at all i decided to just code the loginsystem and create a .php which loads content dynamicly.
For normal links things went smooth so far but the loginsystem + the dynamic system gives me headache already.
Whenever i hit the login button (even when I don't enter any logindata at all) I endup in the frontpage(home.php) with the header tellin me that I'm on the "user.php".
I don't get any errors or anything, there seems to be just soem logical errors which i don't get :-(
can anybody help me with this?
http://pastebin.com/5XMSje07
Add exit() under all of your header() redirects
What's your directory structure looking like?
It seems like you don't have a check for empty fields when the post comes in. There should be something along the lines of the following in your login function when the post is read in:
if($_POST['Login'] == null || $_POST['Password'] == null)
{
return false;
}
else
{
//do the login check with the sql call to match username and pw
}
Redirects should be used more sparingly than you appear to have done
In your login script, you have:
if(!isset($usergroup))
{
login();
} else {
logout($usergroup);
}
This is all very well if you assigned $usergroup from a $SESSION value, which you haven't done. This page will therefore always show the login form.
$usergroup = $_SESSION['user'];
would be a start.
You also have multiple session_start calls, as it says in Highlander, "There can be only one".
Your code to detect whether someone has posted data to your script is inside the functions and probably should be inside the above test. Something like...
if (!isset($usergroup)) {
// have we recieved post data to login, if logged in set usergroup)
// if we have not logged in, show the login form
}
if (isset($usergroup) {
// show the logout form
}
I have a strange problem that does not set the user as logged in to the SESSION until a second click (although they are logged in)
So, I have a login dropdown that looks like this:
I send the user to the ACCOUNT-SELECTOR. PHP to determine the approprirate validation based on a business or individual account:
if (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'individual') {
include('ind_login.php');;
} elseif (isset($_POST['loginAccountType']) && $_POST['loginAccountType'] == 'business') {
include('bus_login.php');
} else {
include('error_login.php');
}
I have session_start(); on my account-selector.php page as well as my ind_login.php page. And, both are located at the very top of the page (before anything else).
Once I log in, this is my view:
As you can see, I am able to set and return the $_SESSION['Ind_ID'] on the ind_login.php page and VIEW YOUR PROFILE works (which is linked to the SESSION ID).
However, we still see a LOG IN button on the navigation when the code says this button should be set to display:none:
if(isset($_SESSION['Ind_ID'])) {
$accIndStyle = "visibility: visible;";
} else {
$accIndStyle = "display:none;";
}
I know this is the correct code as the button does become display: none for other buttons. However, if I log in a second time, or go to a different page with the session(start), the site will read the $_SESSION['Ind_ID'] as set and hide the Login button and replace it with a logout button.
Any help very much appreciated.
Put your session_start() on the top of your index.php file (That file which includes the others.)
seem like your page needs to be refreshed, or just throw an ajax call in there to update the button value according to session.
I have two forms for registration. I am saving the first form data in session. The problem is the user can access the second form without filling in the first form.
I want to restrict the user from accessing the second form directly.
You can check in second form that data in session are available or not. If not available then you can redirect him to first form
If you have any query fill free to ask.
So basically what you want is that a user cant acces the form, if there is no session? Correct? Cause if so, its a matter of making an if-else statement.
What i do is when i create the session, i make a session variable, for instance with, for instance the username. Then you retrieve that data on the next page in the second form
$UserName = $_SESSION['Username'];
And then you run an if else statement
if (!isset($_SESSION['Username']) || $_SESSION['Username'] == '')
{ echo "ERROR STATEMENT or Redirect back to first form";}
else
{ echo "your second form";}
Hope this helps you
Good evening Stack members,
I have no experience with that im about to ask so it may be a totally stupid idea.
We have a few different pages that ask for different bits of information
On each form we have the post to the next page , then we have php code to collect the information from the previous page and fill in the next page - we have bits of code on the second page that rely on the first page to be filled in else they will just stay blank.
What we were wondering is .. is that any way for us to deny requests via the web if someone went to page2.php it redirected to page1.php or just said access denied but yet allowed access if our form posted information to page 2
I'm sorry if this is quite messy and i do agree if you rate me down but im just a beginner and trying to figure this out for myself , I understand a lot of you are quite knowledgeable and would be grateful for any information at all
Thanks
So basically to recap
Page 1 > User fils in information > pass > page2.php
User tries to enter page2.php into their browser url window >> denied >> redirect
on page 1 put a hidden value in the form,
<input type="hidden" id="page" name="page" value="1" />
on page 2
if($_POST['page'] !='1'){
header('Location: http://www.example.com/page1.php');
exit();
}
You could also use sessions
At the top of page1.php:
<?php
session_start();
$_SESSION['last_page'] = 1;
// your code
At the top of page2.php:
<?php
session_start();
if(! isset($_SESSION['last_page']) && $_SESSION['last_page'] == 1){
header('Location: http://domain.com/page1.php');
exit(0);
}
// if you have more pages increment the last_page count
$_SESSION['last_page']++;
// your code
You can check the REQUEST_METHOD variable to make sure the user came to the page via a POST request, like so
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
//Your code goes here
}
Or alternatively, check to see if they came by an alternate method (e.g. GET) and acct accordingly
if ($_SERVER['REQUEST_METHOD'] != 'POST')
{
//send the user back to page one
header('Location: page1.php');
//don't allow the script to continue
die('access denied!');
}
//Your code goes here
Yes, it is. You just need to store a variable (probably in the current $session user array, or in a relative database table / file / whatever it happens to be) as a flag for the current $index of that form proccess.