I'm still new and trying to learn php. I have a form and everytime I run it I get an error displaying that the variable were not set when they should be. I'm definately missing something. Kindly explain what why is the variable $_POST['login_button'] not set the first time i run the page?
Code can be found below:
<?php
require 'connect.inc.php';
if (isset($_POST['login_button']) && isset($_POST['username']) && isset($_POST['password'])){
$login_button = $_POST['login_button'];
$username = $_POST['username'] ;
$password = $_POST['password'];
$password_hash = md5($_POST['password']);
if(!empty($username)&&!empty($password)){
$sql = "SELECT `id` FROM `golden_acres_username` WHERE `uname`='$username' AND '".$password_hash."'";
if($sql_run = mysql_query($sql)){
$query_num_rows = mysql_num_rows($sql_run);
}
if($query_num_rows==0){
echo'User name and password are incorrect';
}
else if($query_num_rows==1)
{
echo 'Username and password are correct';
}
}
else
{
echo 'Please fill in user name and password';
}
}
else
{
echo'Fields are not set';
}
?>
<form class="home_logon_area" action="test.php" method="POST">
Username:
<input type="text" name="username" />
Password:
<input type="password" type="password" name="password"/>
<input type="submit" name="login_button">
</form>
Thanks in advance,
Joseph
$_POST contains the result of submitting a form. If no form has been submitted yet, it will not contain anything.
Your script is working just fine; remove echo 'Fields are not set';, or use that line for code that should only run when the form hasn't been submitted yet.
The $_POST variable is set by the server to capture the data content sent by the browser as part of the form POST action. When the page is initially loaded, the browser has only executed/requested a GET call for the content of the page without sending the POST request.
Hope that helps!
This is simple to understand ;-)
First time the phpscript is executed to get the Form
So there will be no information at all (the visitor is new and have not seen the form before)
Then the User fills the form and press Submit button
The form is linked to the same side so the same phpscript gets executed again
Now you have the Formular values transmitted and you can acess them over $_POST
For more information look at php.net
Remove last else from your code and update the form with this one
<form class="home_logon_area" action="test.php" method="POST">
Username:
<input type="text" name="username" required />
Password:
<input type="password" type="password" name="password" required/>
<input type="submit" name="login_button">
</form>
Related
I am writing a new PHP website, and have written a form, and the PHP code to handle the variables and the DB.
Trouble is, it won't even submit the form! Usually when you submit, if you hit F5 it will ask if you want to 'send again', it doesn't even do that. Something is clearly wrong, and I am a little rusty - but I thought I was ok with basic forms.
<?php
$username = isset($_POST['username']) ? $_POST['username'] : null;
echo "here: $username";
if(!isset($_SESSION['username'])) {
$_SESSION['username'] = $username;
} elseif (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
}
?>
<form method="post" action="/signup2/" name="signuprocess">
<input type="text" name="username">
<input type="submit" value="Sign Up">
</form>
After submitting, the $username doesn't appear after "here:".
What I am doing that's a bit silly??
I have tried to post the code on here, but it sees it as spam, as it is a sign up form.
What can I post to show the code, without it being seen as such?
When you "hit" F5 and the browser asks you to 'send again' is because you previously did a POST request. Otherwise, if your last request was, for example, a GET, the browser is not going to ask you anything. It will simply refresh the page.
try something like this
<?php
$username = $_POST['username'] ?? null;
echo "here: $username";
?>
<form method="post" action="" name="signuprocess">
<input type="text" name="username" value="<?php echo $username ?>">
<input type="submit" value="Sign Up">
</form>
I am trying to create php multipage forms, and I use PHP sessions for this purpose.
However, when there is an error in user input and I want the form to ask user to fill in the form again with correct inputs, the forms field will not hold the data that the user has already put in so the user has to start things all over again.
How to make forms sticky with php session?
Thanks
My code is as bellow
<?php
// Session starts here.
if (!isset($_SESSION)) session_start();
?>
<form action="registration.php" method="post">
<center><h8>Please create your user name and password</h8></center>
<div class="imgcontainer">
<img src="phone.gif" alt="Welcome" class="avatar">
</div>
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required value="<?php if(isset($_POST['username'])) echo $_POST['username'];?>">
<label><b>Password</b></label>
<input type="Password" placeholder="Enter Password" name="password" required>
<label><b>Confirm Password</b></label>
<input type="Password" placeholder="Confirm Password" name="confirm" required>
<span id="error" width=100%>
<!---- Initializing Session for errors --->
<?php
if (!empty($_SESSION['error'])) {
echo "<error>".$_SESSION['error']."</error>";
unset($_SESSION['error']);
}
if (isset($_POST['username'])){
$_SESSION['username'] = $_POST['username'];
echo $_SESSION['username'];
echo $_POST['username'];
}
?>
</span>
<br>
<input type="reset" value="Reset" />
<input type="submit" value="Next" />
</div>
and the registration php contains
<?php
if (!isset($_SESSION)) session_start();
// Checking first page values for empty,If it finds any blank field then redirected to first page.
if (isset($_POST['username']))
{
if (($_POST['password']) === ($_POST['confirm']))
{
foreach ($_POST as $key => $value)
{
$_SESSION['post'][$key] = $value;
}
}
else
{
$_SESSION['error'] = "Password does not match with Confirm Password.";
if (isset($_POST['username'])){
$_SESSION['username'] = $_POST['username'];
echo $_SESSION['username'];
echo $_POST['username'];
}
header("location: createlogin.php"); //redirecting to first page
}
}
Something like this:
<input name="var" value="<?= isset($_SESSION['var']) ? $_SESSION['var'] : null ?>" />
Try the other way around. Linking the form-action to the current page, and if all fields are valid; redirect it to the next page (registration.php). This way you'd still have all the post-data, you can process everything that needs to be saved in the session- and you can redirect after all of the logic is done.
My two cent would be keep the same page to validate the content and for the form.
You can include other PHP files from a single page depending on if the form is valid.
This way, you keep the same $_POST between both pages and don't need to store the posted data in a session variable.
Otherwise, if you want to keep the same architecture, you need to use the $_SESSION variables instead of the $_POST ones in your input value, such as the answer by delboy.
Replace:
<?php if(isset($_POST['username'])) echo $_POST['username'];?>
With:
<?php if(isset($_SESSION['username'])) echo htmlspecialchars($_SESSION['username']); ?>
^ Note: htmlspecialchars is used to prevent a reflected XSS if the users enters " as username.
The problem is, your data posted to registration.php, so you can't get the posted value in your original file. You are trying to use $SESSION but that's not recommended, and not right. Your whole solution is wrong.
Forget about session and separated files, put everything to registration.php file together.
You can check if user posted or not with $_SERVER['REQUEST_METHOD'] variable.
if($_SERVER['REQUEST_METHOD'] == 'POST'){
print 'Something just posted';
}
PS: Don't forget secure the password before you store it! :)
I would like to know how to take information from a form and enter it into a session. I can check for sessions, close sessions, but cannot see how to take information from a form (everyone of them use $username variables which is not what I want, I would like to have $_SESSION[user] = username (from form).Sorry to ask, but I have spent ages trying to find an example to work on
HTML Form is simple:
<?php
session_start();
?>
<form method="POST" action="authorise.php">
Username: <input type ="text" name="username"/><br/>
Password: <input type ="password" name="password"/><br/>
<input type="submit"/>
</form>
php authorisation:
session_start();
try
{
$dbh = new PDO("mysql:host=localhost;dbname=login_site","root","black$23");
}
catch (PDOException $e){
echo $e->getMessage();
}
$query = "SELECT * FROM users WHERE LOWER(username)=:username";
$stmt=$dbh->prepare($query);
$stmt->bindValue(':username',strtolower ($_POST['username']));
$stmt->execute();
if ($stmt->rowCount() == 1)
{
$row=$stmt->fetch(PDO::FETCH_ASSOC);
require('blowfish.php');
require('bcrypt.class.php');
//require('bcrypt.class2.php');
$bcrypt = new Bcrypt(4);
if($bcrypt->verify($_POST['password'],$row['password']))
{
echo"logged in!!";
header("Location: .");
}
}
?>
$_SESSION['username'] = $_POST['username'];
or
$_SESSION = $_POST;
if you want to use all of the information from the form... but I would not recommend that.
The key is to match the name= attribute from (for e.g.) <input> elements in the form, to the $_POST['varname'] values in the receiving PHP file. The name attribute becomes the variable's name once posted over to the PHP side. The contents of the field are the variable's value.
Then, to create a session variable from the POSTed value.
For example:
HTML:
<form method="POST" action="authorise.php">
Username: <input type ="text" name="username"/><br/>
Password: <input type ="password" name="password"/><br/>
<input type="submit" value="Submit" />
</form>
PHP:
<?php
$un = $_POST['username'];
$pw = $_POST['password'];
if ($pw == 'admin'){
$_SESSION['user'] = $un;
}
NOTE: Remember to sanitize anything a user types in.
How can I refresh a page with a form on submission pending the outcome of the submitted data and display a result.
e.g I have a page with a form:
<form action="" method="post">
<input type="name" value="" name="name" placeholder="Your Name" />
<input type="button" name="submit" value="submit form "/>
</form>
The engine that handles the form is external, but required in the page:
require_once 'form_engine.php';
form_engine.php checks the input,
$success = "true";
$errorMessage = " ";
$name = $_POST['name'];
if ( $name == '') {
$errorMessage = 'Please enter your name';
$success = false;
}
else (if $success = true) {
// do something with the data
}
The form page contains the result:
<form action="" method="post">
<input type="name" value="" name="name" placeholder="Your Name" />
<input type="button" name="submit" value="submit form "/>
</form>
<p><?php echo $errorMessage; ?></p>
Will the error message get displayed after the form is submitted incorrectly? Or do I have to use a session to store it?
You need something like this:
if (!isset($_POST['name']))
instead of
if ( $name == 'name')
UPDATE
Try this, it should give you the idea:
<?php
$errorMessage = false;
if (isset($_POST['submit'])) {
if (!isset($_POST['name']) || $_POST['name']=='') {
$errorMessage = 'Please enter your name';
}
else {
// do something with the data
echo "Success!!";
}
}
?>
<form method="post">
<input type="name" value="" name="name" placeholder="Your Name" />
<input type="submit" name="submit" />
</form>
<p><?php if ($errorMessage) echo $errorMessage; ?></p>
Note: leaving out the action attribute will just submit the form to the current page
Note 2: The PHP here could very well be stored in another page. Using require() is the same as putting the code directly into the page.
You can use redirect on php side:
header('Location: www.mysite.com/index.php');
You seem to be a little confused in terms of the exact process that occurs in terms of rendering a page, as do some of those commenting. You do not need to use sessions to solve this problem. There is no need to store anything server-side between page requests because the user's browser with retain everything that you need, at least for this situation. My guess is the others took you mentioning an "external engine" and thought that the form would be submitting away to a different site/page.
form loops
Below is a diagram showing a typical form request loop:
You do not have to do this, as coding is as much about personal preference to anything else, but typically people will design their form to submit back to the same URI that generated it — as you seem to be doing in your example, by leaving the action attribute blank. By doing this, as long as you embed everything you wish to pass back to the server side within the form — each time the user submits — that information will be resent and be available in PHP.
Obviously you need to be wary of what information might constitute as sensitive, as this data should only ever be written into markup if your requests are protected by HTTPS/SSL. You should also filter/escape any user input to prevent markup injection into your site. You can prevent many problems by using htmlentities, however this can cause issues depending on the values you are trying to capture from the user. Because you are using double quoted HTML attributes (the right way to do them ;) I have not set the ENT_QUOTES option.
back to the point
So in the above loop the user will be shown the form for the first time, and after any subsequent submit, which means that each time your PHP notices that there is an error you can just add your message into the page flow. The trick with this kind of system is what exactly do you do once the form is fully complete. To get out of the loop most people will use a header location call:
<?php
require_once 'form_engine.php';
$name = !empty($_POST['name']) ? trim($_POST['name']) : '';
$name = htmlentities($name);
if ( $success ) {
header('location: next-step.php');
exit;
}
?>
<form action="" method="post">
<input type="name" value="<?php echo $name; ?>" name="name" placeholder="Your Name" />
<input type="button" name="submit" value="submit form "/>
</form>
<?php
if ( $errorMessage ) {
echo "<p>$errorMessage</p>";
}
?>
form engine repairs
You should also rectify your form_engine.php as per my comments above and Shekhar Joshi's answer, although I would keep the header code outside of your engine logic, and leave that decision to the code that requires in the engine — as the above does.
may be, you are looking for this! the header() method.
$success = true;
$errorMessage = " ";
$name = $_POST['name'];
if(isset($_POST['name'])) {
if ( $_POST['name'] == '') {
$errorMessage = 'Please enter your name';
$success = false;
header('Location: www.something.com/some.php');
}
else if ($success == true) {
// do something with the data
}
}
I am creating my own website just to get some experience. I've been working on it for 3 days and am at the point where I can sign up and sign in.
When signing in, if the combination of the username and password is not found in the database, my code displays an error message telling the user that either he didn't sign up yet or he is entering a wrong user email or password.
But, the message is displayed in a new page, instead of the sign in page.
I looked at some tutorials online, but didn't find a good explanation for it. Could someone please give me some advise?
I am using PHP for the database connection.
I just typed a very basic example:
<?php
//login.php
$msg = ''; //to store error messages
//check whether the user is submitting a form
if($_SERVER['REQUEST_METHOD'] == 'POST') //check if form being submitted via HTTP POST
{
//validate the POST variables submitted (ie. username and password)
//check the database for a match
if($matchfound == TRUE) //if found
{
//assign session variables and other user datas
//then redirect to the home page, since the user had successfully logged in
header('Location: index.php');
}
else
{
$msg = 'Error. No match found !'; //assign an error message
include('login_html.php'); //include the html code(ie. to display the login form and other html tags)
}
}
else //if user has not submitted the form, just display the html form
{
include('login_html.php');
}
//END of login.php
?>
login_html.php :
<html>
<body>
<?php if(!empty($msg)) echo $msg; ?> <!-- Display error message if any -->
<form action="login.php" method="post">
<input name = "username" type="text" />
<input name = "password" type="password" />
<input name = "submit" type="submit" value="Submit" />
</form>
</body>
</html>
This is not a complete code. But I just created it for you to understand how this can be done. :)
Good luck
Your opening form tag should look like this: <form action="" method="post">. The empty "action" attribute will cause the page to post back to itself. Just check the $_POST for username and password to determine whether to test for a match or just show the form.
And please be sure to hash your passwords and sanitize your inputs!
you can do it without going to a new page.
<?php session_start(); ?>
<?php
if(isset($_POST) && isset ($_POST["admin_login"])){
$user_data_row = null;
$sql="SELECT * FROM table_name WHERE <table_name.field name>='".mysql_real_escape_string($_POST['email'])."'
and <table_name.field name='".mysql_real_escape_string($_POST['password'])."'
;
$result=mysql_query($sql);
$user_data_row=mysql_fetch_assoc($result);
if(is_array($user_data_row)){
$_SESSION['user_id'] = $user_data_row['id'];
header("Location: <your page name>");
}else{
$_SESSION['message'] = "Valid email and password required";
}
}
?>
<?php if(isset($_SESSION['message'])){
echo "<li>{$message}</li>";
?>
<form action="" method="post" id="customForm">
<label>Email:</label>
<input type="text" id="email" name="email">
<label>Password:</label>
<input type="password" id="password" name="password">
<input type="submit" value="Login" id="send" name="admin_login">
</form>
may be its helps you....
Basically what you need to do, is post the form to the same page.
Once you have that, at the type just check for the $_POST: if($_SERVER['REQUEST_METHOD'] == 'POST')
If it is a post, check the username and password and either show an error or redirect to the signed in page. After this, display the login form.
So, if it's an error, they'll get the error and then the login form. If it's not posted, they'll get just the login form, and if it's a valid login, they'll get redirected to the proper page before the login form is shown.