i want to give my users the option to login to my cakephp domain from my maindomain (which is not a cakephp application)
for this purpose i have created the following:
<header>
<h2 id="loginHeader">Login</h2>
</header>
<form id="bloglic-login" action="http://www.myCakeApplication.com/cake2/index.php/users/login" method="post" name="blogliclogin">
<input id="UserEmail" type="text" placeholder="Email" name="data[User][username]" value="" >
<input id="UserPassword" type="password" placeholder="Password" name="data[User][password]" value=""/>
<a class="forgot" href="http://system.bloglic.com/users/forgot_password">Forgot your password?</a>
<button class="signup" id="button-signup" type="submit">Submit</button>
</form>
</section>
Now as you can see this form should access my usersController and the action login with a post request.
However when i click submit i get a cakephp error saying the request has blackholed.
Now i think the reason for this is that my form is not following the cake convention. But how can i avoid this error and make my users able to login?
im using Cakephp version 2.3. I am also using ACL to administrate my users
The blackhole is from the Security Component. To answer your question, read the "Disabling Security Component for Specific Actions" section.
Or (I'm not sure), you might be able to submit from another site if you disable CSRF protection (worth a try)
Related
I'm learning Laravel. The current stable version is, as far as I'm aware, 5.8. I'm following tutorials and really liking the framework, but it gets a bit troublesome when these tutorials get to the point where they introduce how forms are incorporated. All of those tutorials use LaravelCollective forms, which is no longer working as of 5.8 and it is an abandoned project so I'd prefer not to use it anyway.
But this leaves me confused as to what the best practices are for using forms with Laravel. I've had some goes at creating forms, but... most of it is just HTML with hardly any Laravel "in there", if that makes sense. The only Laravel bit here is the form action, where it points to the store function in the TodosController. See below, for a file called create.blade.php.
#extends('layouts.app')
#section('content')
<h1>Create Todo</h1>
<form action="{{action('TodosController#store')}}" method="post">
#csrf
<div class="form-group">
<label for="text">Text</label>
<input type="text" name="text" class="form-control" placeholder="Enter title"/>
</div>
<div class="form-group">
<label for="body">Body</label>
<textarea class="form-control" name="body" id="body" rows="10" placeholder="Enter details"></textarea>
</div>
<div class="form-group">
<label for="due">Due date</label>
<input type="text" name="due" class="form-control" placeholder="Enter due date"/>
</div>
<input type="submit" value="Submit" class="btn btn-primary">
</form>
#endsection
This works fine, but I just feel like I'm not utilising blade properly here at all. Any pointers would be greatly appreciated.
Actually, you're using more laravel there than just the form action. The #csrf stands for Cross-site request forgery and it's the laravel way to protect you against that, as said in the docs:
Laravel automatically generates a CSRF "token" for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.
Anytime you define a HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request. You may use the #csrf Blade directive to generate the token field:
When you have a PUT, PATCH OR DELETE form you should use the blade directive #method to inform wich action laravel should use:
HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form. The value sent with the _method field will be used as the HTTP request method:
You can achieve that, simply using:
<form action="/foo/bar" method="POST">
#method('PUT')
#csrf
</form>
Besides that, i think you're using laravel/blade just fine. Make sure you read the docs for more info.
Good luck!
What you have is a good point to start from, however another good place to take a look at is the boilerplate registration form (this is not from the official Laravel project page because the boilerplates are optionally introduced and are not in the official repo by default).
There are a few improvements you can do based on this:
<div class="form-group">
<label for="text">{{__('Text')}}</label>
<input type="text" name="text" class="form-control{{ $errors->has('text') ? ' is-invalid' : '' }}" value="{{ old('text') }}"placeholder="Enter title"/>
</div>
The extras:
__('Text') will automatically translate Text based on the selected locale and available language assets.
{{ $errors->has('text') ? ' is-invalid' : '' }} will "decorate" the field with the bootstrap-4 error style if serverside validation failed (and therefore passed the $errors variable to the view)
{{ old('text') }} will pre-fill the input with the value that was previously filled in case the form failed validation and the user was redirected back to the same page.
This will help improve the user experience, however keep in mind these are all server-side tools (because Laravel is a server-side framework) so it's probably a better user experience to also add client-side checks and validation.
I am implementing a simple newsletter form using PHP and CodeIgniter as part of a big project.
My HTML code is as follows.
<form method="POST" action='http://sit.com/index.php/Users/subscribenews'>
<div class="input-group">
<input type="email" id="pkemailid" name="pkemailid">
<span class="input-group-btn">
<button class="btn btn-lg btn-primary" type="submit"> Go
</button>
</span>
</div><!-- /input-group -->
</form>
In my Controller, I am handling the value as
$emailid = $this->input->post('pkemailid');
When I do a var_dump of the $_POST variable, I get the following
array(0) { }
The biggest problem is that I am able to run this correctly on my WAMP Server on localhost but it does not work on the hosted server.
Interestingly, if I change the POST to GET, then it starts working.
this line
<input type="email" id="pkemailid" name="pkemailid">
try changing it to
<input type="text" id="pkemailid" name="pkemailid">
type="email" is html 5 only and i don't know for certain -- but codeigniter might not support html 5 form values.
===== edit
so my suggestion when you are at the hair pulling questioning reality stage of trying to find a bug - get a fresh new copy of codeigniter, install on your server, make sure you get the welcome page.
now make the simplest form possible and echo something out from the controller method to make sure that you are submitting the form to the correct method. Next add a hidden form field with a value, and echo out that value from your method.
If all that works, then its not your server you have bug in your original code. And if it doesn't work then you have an issue with the server.
I am currently developing a login form for my website. Whenever I use it with chrome, I am not being asked to save my password. However, it works in other browsers (Tested with Edge, Firefox and Internet Explorer).
This is my login form:
<div id="login">
<div id="loginbox">
<h2>Login</h2>
<form action="./login.php" method="post">
<input type="text" name="username" placeholder="Username" id="loginform-usrname"><br>
<input type="password" name="password" placeholder="Password" id="loginform-passwd"><br>
<input style="display: none;" type="text" name="page" value="<?php echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] ?>">
<input type="submit" name="submit" value="Login" id="loginform-btn">
</form>
</div>
</div>
The form is submitted as a plain post form (without using any javascript).
Another thing worth mentioning is that the actual login script is running on a different page than the one, where the login form is located. However, in case the user types in the wrong password, the same form is displayed on the login page.
I could find out the reason for the problem: Right after the login, the php script redirected the user back to the last page.
However, the redirect instantly closed the dialog where the user has to choose whether chrome should remember the password.
I switched from an instant php redirect to a delayed redirect via javascript and it works now.
I want to implement a custom login module inside wordpress. In the home page, I have this form where the users could register and another form where the users can login to the website.
Is it a better Idea to write custom code inside wordpress to accomplish my goal?
What other alternative do you suggest to it ?
you might be interested in a blog post about building a customized login form, I recently wrote.
It describes how to include a custom login form in any template, how to change the custom output and how to handle redirects after successfull/failed/empty login.
The WordPress-API functions/hooks involved are:
wp_login_form, authenticate and wp_login_failed
Nothing is wrong with writing custom code if you need something specific to happen when a user logs in. Other than writing custom code also is that you could just get an already built plugin!
You can use this code to create a WordPress login form on any page.
<div id="login">
<form name="loginform" id="loginform" action="YOUR_WORDPRESS_FOLDER/wp-login.php" method="post">
<label>Username:<input type="text" name="log" id="log" value="" size="20" tabindex="1" /></label>
<label>Password: <input type="password" name="pwd" id="pwd" value="" size="20" tabindex="2" /></label>
<label class="submit">
<input type="submit" name="submit" id="submit" value="Login ยป" tabindex="3" />
<input type="hidden" name="redirect_to" value="wp-admin/" />
</form>
</div>
Writing custom code for Wordpress is a very common thing. It almost what's expected. Otherwise, you also have many themes and plugins where other people have written code you can use in your own Wordpress site.
Wordpress also has a internal way to Register new users:
If you enable this option under Settings > General, then your login page would have an option to register new users.
Otherwise, if you want to write your own login code, you can start reading around the WP docs, for example in the internal function
register_new_user.
Unless you are creating something complex or special, you can stick to the built-in registration, and also customize with with HTML & CSS as you wish.
I would like to make a button on my website that automatically logs me in on another website. I recon I can use either Javascript/jQuery or PHP/cURL to do this.
Which is the best way to go?
You may use either remote javascript or iFrame. Find more details here: http://kuza55.blogspot.com/2007/06/building-secure-single-sign-on-systems.html
Also checkout google's approach named SAML: http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html
It depends what the website is. JavaScript and jQuery alone cannot be used due to the cross-domain policy. You could perhaps use a combination of cURL and AJAX to achieve something similar.
I think you might need to provide a little more information about the site, and exactly why you'd want to do this...
I'm not sure if this is exactly what you're looking for, but one thing I have done in the past is to mimic the login form on the site you want to log in to.
For example lets say you want to log in to 'example.com'. In the source code for the login page of 'example.com' you will find the html code for the login form.
Example
<form name="blabla" action="action.php" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="sumbit" value="Login" />
</form>
Create a form on your site similar to the one you find in 'example.com'. If you want you can even hide the fields, include values to make it a one button login. The trick is making sure that the action has the actual url. For example if the form says 'action.php' for 'example.com' you would put 'http://example.com/action.php'
Example
<form name="blabla" action="http://example.com/action.php" method="post">
<input type="hidden" name="username" value="testuser" />
<input type="hidden" name="password" value="testpass" />
<input type="sumbit" value="Login" />
<form>
This will log you in to the site in most cases. If you don't want to leave your own site you can set a 'target' for the form to an iframe or something.