I would like to say that I've already read all the similar questions, but did not find the answer I need.
So, I have the HTML form on the remote host that consists of username, password and "rememberMe" checkbox:
<form method="POST" action="http://1.2.3.4:5000/webman/login.cgi">
<p><input type="text" name="username" value="" placeholder="Username or Email"></p>
<p><input type="password" name="passwd" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="rememberme" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
All I want to do is to submit data from one form to another one (another one - this is my Synology NAS Login form). But the problem is that if I write action="http://1.2.3.4:5000/webman/index.cgi", it does nothing (just sends me to the second login form).
But when I use action="http://1.2.3.4:5000/webman/login.cgi", it forwards me to the login.cgi page where only the following is displayed (with correct username & passwd)
{ "result" : "success", "success" : true }
BUT: if I change login.cgi to index.cgi in the browser, I go then to my desktop as I were logged in successfully via the default form.
So, on this basis, the question is:
How to send data to login.cgi, but redirect the user to .../index.cgi?
You need two forms. You can not have form in form. You need to copy data between forms with javascript. You can do that with this:
function copydata() {
document.form1.username.value = document.form2.username.value;
document.form1.passwd.value = document.form2.password.value;
return 1;
}
If I am getting this right you have login with two different actions. All you have to do is to apply this code once when secondary (submit for second form) submit button is clicked.
In the <form method="POST" action="http://1.2.3.4:5000/webman/login.cgi"> you need to add target="login_iframe" above to add the line <iframe id="login_iframe" name="login_iframe" width="0" height="0" frameborder="0" style="display: none;" ></iframe>.
Here is a script for redirecting the user after the verification. Notice that the script is only half working because there are no conditions "if the password is not correct then it should pop the inscription"
<script>
$(document).ready(function(){
$("#login_iframe").on("load", function(){
location.href = "https://the address of the page/";
});
})
</script>
You should change the redirection address.
Related
I am currently developing a login form for my website. Whenever I use it with chrome, I am not being asked to save my password. However, it works in other browsers (Tested with Edge, Firefox and Internet Explorer).
This is my login form:
<div id="login">
<div id="loginbox">
<h2>Login</h2>
<form action="./login.php" method="post">
<input type="text" name="username" placeholder="Username" id="loginform-usrname"><br>
<input type="password" name="password" placeholder="Password" id="loginform-passwd"><br>
<input style="display: none;" type="text" name="page" value="<?php echo $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'] ?>">
<input type="submit" name="submit" value="Login" id="loginform-btn">
</form>
</div>
</div>
The form is submitted as a plain post form (without using any javascript).
Another thing worth mentioning is that the actual login script is running on a different page than the one, where the login form is located. However, in case the user types in the wrong password, the same form is displayed on the login page.
I could find out the reason for the problem: Right after the login, the php script redirected the user back to the last page.
However, the redirect instantly closed the dialog where the user has to choose whether chrome should remember the password.
I switched from an instant php redirect to a delayed redirect via javascript and it works now.
I am attemping to create a PHP login system using MySQLi.
However I have created an HTML Form:
<form action="register_manager.php" method="post">
<p>Please fill all fields!</p>
<input type="text" name="username" value="<?PHP print $getuser; ?>" maxlength="15" /><br />
<input type="password" name="password" placeholder="Password" maxlength="15" />
<input type="password" name="confirmpassword" placeholder="Confirm Password" /><br />
<input type="text" name="email" placeholder="E-Mail Address" />
<p style="margin: 0; padding: 0;">
(Use a vaid a valid E-Mail Address for activation!)
</p>
<p>
Already got an account?
</p>
<input type="submit" name="regsubmit" value="Register"/><br />
<?PHP echo '<p>'.$errormsg.'</p>'; ?>
</form>
Once I click submit, it redirects me to the registration_manager.php page, which is not what I want it to do. I am new to PHP so I am not aware on why it is doing this, instead of registering the user.
This is the register_manager.php file:
http://pastebin.com/cvbA6L6P
The action specified in your form is register_manager.php so whenever you hit the submit button you will get redirected there. Also, in the link you provided of the source code of register_manager.php, you're generating error messages, depending on the case, but never printing them on the page so the user can see what is wrong, unless of course the html form you provided is included in the register_manager.php. Finally, when testing make sure you fill all the requirements set by the if statements in you register_manager.php file, i.e. pass all wanted fields (username, email (which must be longer than 7 chars, containing the '#' and '.' characters), password, password confirmation). Hope this solves your question!
What you are describing is normal. The browser will send a POST request to the URL defined as action. So you need to render the form there as well. You can either abstract the form out and reuse it in both files or do the initial form rendering and the processing in one file by checking if $_POST['regsubmit'] is set (if it is not set you are rendering the form initially).
Submit button will activate the request of the webpage specified in the attribute action, passing the information inside the form by the method selected. In your example, the information is passed to register_manager.php using POST method.
To retrieve the information passed, you could use the arrays $_POST and $_GET depending the method used. In your example:
<?php
print $_POST['password'];
print $_POST['confirmpassword'];
print $_POST['email'];
?>
I have this form:
<form name="form2" method="post" action="http://1.1.101.1/reg.php">
<input id="field12" type="text" value="{$username}" name="username" maxlength="32" placeholder="Username" required="required" />
<input id="field22" type="text" value="{$password}" name="password" maxlength="32" placeholder="Password" required="required" />
<input name="checkbox" type="hidden" id="checkbox" value="checkbox" />
<input type="hidden" name="url" value=""/><br/>
<input type="submit" value="Connect to WiFi" name="button1" /><br/>
</form>
the action is a external url.
How can i check in my php when the button submit is posted (name = button1) before it goes to that url.
Right now i have this but its not working becasuse it goes directly to the action url from the form.
if ($_SERVER['REQUEST_METHOD'] == "post") {
var_dump($_POST);
exit;
}
You can't.
The only way to validate it without using client side code is to submit the form to your own server side code.
You then won't be able to reliably redirect the request while maintaining POST.
You have basically two options the way I see it.
If it's not necessary for the user to see the output of the external script, you could do the posting yourself from your backend. I.e. change the action of your form to your own script and do something like the following:
Validation the fields
If validation OK, POST the data to the external URL via CURL (or similar)
If POST to external URL went OK, redirect to wherever the user should end up in the end
If the user must end up at this external URL, you could do it in two steps. First have your form action set to your own server side validation. If it passes, give the user a confirmation page with a form containing the same data which would then post it to the external URL. The fields should probably be hidden/read-only on this page to prevent them from being changed before the final submit.
This last method is definitely possible to mess with since it's easy to first use valid values, and then change the data in the HTML before doing the final submit. So if security is important here, you're stuck with the first option.
Try this
<?php
if(isset($_POST['button1'])){
//action
header('Refresh:3; url=http://1.1.101.1/reg.php');
}
?>
I've made a password reset option. Users can fill in their emailaddress and an email will be sent to the addres. The email contains an URL where the user can fill in a new password. Some validation and sanitazion is done and submitted to the database.
In both my forms I have an input field with display:none. If this field has a value, an error will be returned on submitting the form. I've made this to prevent robots from filling in the form.
The first form where the user fills in their emailaddress submits without any errors. However when I fill in a new password and submit, I get the error message linked with the input field with display:none.
The weird thing is that this only happens on one computer. I've tested this on one computer with Firefox and Safari, worked perfectly. On the other computer Safari works fine, Firefox returns the error. I've checked for automatically information that could be filled in, but found nothing.
My code:
if(!empty($_POST['email'])) {
echo "Failure.
Click here to return.";
}
<form action="password_lost.php?t=<?php echo $_GET['t'] . "&e=" . $_GET['e']; ?>" method="POST">
<input type="text" class="email" style="display:none;" name="email" value="" />
<input type="password" name="password" size="30">
<input type="submit" name="reset" value="Submit" />
</form>
$_GET['t'] = a token
$_GET['e'] = the emailaddress
How is it possible that this only happens with one browser, with only one form.
try clearing your browsers cache and setting autocomplete to off.
Firefox:
For passwords, go to Edit > Preferences > Privacy & Security > Passwords and uncheck the option to remember passwords. Note that passwords can be stored in an encrypted format.
I don't know why browsers behave differently here, but why don't you add autocomplete="off" ? Like so:
<input type="text" class="email" style="display:none;" name="email" value="" autocomplete="off" />
Try changing this line
if(!empty($_POST['email'])) {
To this:
if($_POST['email']) {
Also I would do print_r($_POST) so you can see what is being submitted by the form. See if what is being submitted changes based on browser and PC.
i am using php and this is my form
<form method="POST" action="www.welcome.php"style="clear:both">
<legend>Login</legend>
Username: <input type="text" name="username" size="20" id="username" class="content" /><br>
Password: <input type="text" name="password" size="20" id="password" class="content" /><br>
<input type="submit" value="Login" name="submit" class="content" />
<input type="reset" value="Reset" class="content" />
<div id="login_response"></div>
</form>
however, i want the redirected page url to be
www.welcome.php?username=xxxx
provided i logged in with xxxx
i want the redirected page url to be www.welcome.php?username=xxxx
for the form's action you don't need it. Just leave your form as is.
if you want to redirect a user after the form processing (as you have to anyway), just add an entered username to the URL in the Location header:
header("Location: welcome.php?username=".$_POST['username']);
exit;
As posted in the second comment, form method="GET" will send the user over to this URL: www.welcome.com/?username=xxxx&password=yyyyyy
However, assuming you do not want the URL to have the password in the querystring (bad idea!) then you will have to submit the form with Javascript, in order to pass the username in the querystring and the password in the post variables. Specifically, your submit button should have an onclick event that calls a Javascript function, which then reads the value of the username and appends it to the action URL, then submits the whole form with the POST method.
I can't think of a reason why you would want the username to be in the querystring instead of the post variables though.
In MB The Developer's answer, the www.welcome.com?username=xxxx URL is hardcoded, which doesn't seem that useful, but if you are talking about a failed login going back to the login page ("redirected?") then MB's example could be extended with something like this:
<form method="POST" action="www.welcome.com?username=<?php print($_GET['username']); ?>"style="clear:both">
Also I think you will want your password field to be type="password" instead of type="text".