I'm trying to make a registration page for an Openfire XMPP server. The easiest route seems to be to use the user service plugin to register accounts, which lets you register users with HTTP requests.
Essentially, I need to make HTTP requests like
http://hostname:9090/plugins/userService/userservice?type=add&secret=passcode&username=kafka&password=drowssap&name=franz&email=franz#kafka.com
Which will register user kafka with password drowssap, name franz, etc.
So it seems to me the best method would be to create an HTML form which collects the user information, then makes the HTTP request. This seems simple enough, but I'm not sure where the best place to start is. PHP? Python? Wget? Lynx? I'm not quite sure how to use those from within an HTML form.
Thanks.
Don't EVER include sensible data that way. That's a GET request. You need a POST request (which doesn't include data in the URL).
Your HTML should be like:
<form action="saveData.php" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<!-- other inputs here -->
<input type="submit" value="Create user" />
</form>
That form sends POST data to the saveData.php script. That script should process the parameters and redirect to another page.
<?php
// Here process the data the way you want (using data inside $_POST array, i.e. $_POST['username'], $_POST['password'], etc...
// Usually you'd want to save to a database
// When done, redirect to "success" page
header("Location: success.php");
?>
Your success.php page can contain anything:
<?php
echo "User created successfully!";
?>
Related
I'm trying to create a cookie for a web page. The cookie value will vary based on the users name. Does PHP have an input type function? I just want to add an input field to the page an then the PHP will use that to define the users name for the page. I have the create cookie code, just can't figure out how to get the name from the screen and insert it to the cookie code. Appreciate any suggestions. This is on a WP website.
Not natively because php does not execute in browser, it executes on your server, but it can be used to write an HTML input.
The syntax would look something like this:
echo '<input type="text" name="myinput">';
or
?>
<input type="text" name="myinput">
<?php
You would then use a form post, CURL, or AJAX function to send the data back to the server where a second PHP script would process the input.
That said, it would help to post your create cookie code, since you may not even need to send it back to the server, but just handle it all in the browser using Javascript in which case your submit button only needs to pass the input to a Javascript function instead of posting it.
Is this something you are looking for?
Here it just takes the value user input from the browser and set it as a cookie
<?php
if(isset($_POST['name']) && !empty($_POST['name'])){
setcookie('setcookie_name',$_POST['name']); // setting cookie
}
?>
<form action="" method="post">
<input name="name" value="" placeholder="Enter your name" />
<input name="submit" type="submit" value="Submit"/>
</form>
Hello I have a web page where users can view and edit their application information. I have an Edit button. When a user clicks on this button it takes him to an edit page. Here is my code:
<form name="form3" method="post" action="pages/application_edit.php?id=<?php echo "$id[0]";?>&pwd=<?php echo "$pwd";?>">
<input type="submit" name="Submit" value="Edit Application" class="button">
</form>`
After a click the user sees this URL:`http://website.com/pages/application_edit.php?id=1&password=Flower1
How can I hide the password from the URL?
Instead of sending the values as $_GET values, send them as $_POST values to that PHP page.
<form method="POST" action="pages/application_edit.php"> // no need for the URL query string
In the PHP file
<?php
$user_id = $_POST['id']; // similar to how you'd use $_GET
....
Although the way you're approaching this is wrong, you shouldn't be passing these values between pages. At the very least your username/id should be stored as a session variable and information should be accessed when required from a database.
Either way, that's how you can send them without having them "visible".
It seems you lack session control routines.
You should manage all private options of your application (the ones you are able to perform only - and just only - when you are logged in) inside a session to avoid exposing user credentials.
You can start learning about it here.
Also, consider encrypting your HTTP requests using SSL certificate.
Right now I have a form actioning to itself. There is some code the checks if the user is meant to be there. Is there a way to stop the script from running certain sections of code if it was actioned to itself after pressing submit.
I was thinking about using a SESSION variable to check against but I've gotten all muddle in my head :p
Any ideas?
Sure. If you're self-submitting form actions, just check if $_POST is empty (assuming you're POST'ing to your form)
if (!empty($_POST))
{
...
}
When I do PHP I use an input-element in my form template, like this:
<input type="submit" name="submit" id="submit" value="Login" /></td>
... and in the PHP page, I check if the POST was self-submitted like so:
// if page is not submitted to itself echo the form
if (!isset($_POST['submit']))
{
...
}
This is not secure though. If you want to reap the full benefits of self-submitting, you should try to counter Cross-site request forgery (XSRF) by challenging the client with a random token, and asking the client to repeat it.
Like embedded a hidden input in your form something like this:
<input type="hidden" name="nonce" value="<? echo $NONCE_VALUE; ?>" />
I'm trying to get a POST response from a url and I can not get the response to print to my html page instead it just redirects me to the url in the action with the response.
Is there a way to grab the response with html? php?
Code of html page i'm using
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</head><body></body></html>
Note: The url in the action will only show the response and nothing else is shown on the page.
Let's see if I can give this a try, because you seem to be a bit confused about how an HTML form works.
First and foremost, your website looks like so, correct?
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</head><body></body></html>
One thing to point out before we explain an HTML form, is that you have your form in the <head> of the webpage. Any element which is supposed to be seen by the user (or anything that you want to appear within the browser's main viewing area) should be in the <body>. Failure to do this puts the browser into a "quirks mode", where it actually doesn't know what you're talking about and it makes its best guess to try and build the website that it thinks you wanted. Mind you that modern browsers are very good guessers, but you should still re-write it as:
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<form
method="post"
action="http://poster.decaptcher.com/"
enctype="multipart/form-data">
<input type="hidden" name="function" value="login">
<input type="text" name="username" value="client">
<input type="text" name="password" value="qwerty">
<input type="file" name="upload">
<input type="text" name="upload_to" value="0">
<input type="text" name="upload_type" value="0">
<input type="submit" value="Send">
</form>
</body>
</html>
As far as explaining the <form> tag... When you submit a form in HTML, it actually loads the other website. It doesn't secretly send data in the background, it will take you away from the page you're viewing and take you to the page that you are sending the data to. At first this may sound silly. Why should it take you away from the page you're viewing just to send the data to another website? If you wanted to be redirected after sending the data, you'd redirect them there after sending the data.
The reason it's done this way is to greatly simplify the HTTP protocol. Whenever you load any website, you send and HTTP request. This request contains butt-loads of information. Among this information is:
Your IP address
What browser you're using
The page you were last visiting
How you accessed this page (clicked a link or typed the URL into the address bar)
The page you want to view (is it index.html or mysite.html?)
Any cookies related to that server
Any POST information (extra information which the server may or may not have asked for)
Every time the server receives one of these requests, it looks at all of the information and decides what to do. Usually a server will just look at the page you want to view and send it to you. Sometimes the page you want to view will need some extra work before it's ready to show, though. For instance, if a page ends in .php then it will search through the page for <?php, and everything after that point will be executed as a script. Only the output of the script is sent to the person who requested the page, not the script itself.
If you were to send your POST information to a website, wait 10 minutes, THEN go to the website, it would have no way of remembering that it was you who sent the post information before or what information you sent. Web servers have a very short attention span. For that reason if you sent a form to log into a website, then waited 10 minutes, then tried to view a member's only page- it would forget that you were logged in. For this reason it sends you the page as you're submitting the form. It does it while it still remembers that you're logged in, before it has a chance to forget. There's a good chance that the page it sends you will include a cookie which you can use to remind the server you were logged in next time you request a page.
If this made sense, then you should understand what happens when you submit a form. It doesn't just take your information and give it to the server. It sends that information to the server as part of an entire request, then the server sends you back a webpage and your browser displays that webpage. There is really only one way to send data to a server without redirecting you to that server afterwards. There are multiple ways to do this trick, however. You have to send a "dummy request", requesting a webpage with certain POST data, but ignoring the webpage that's returned.
In your example, you wanted to send data to http://poster.decaptcher.com. To do this without redirecting the user to http://poster.decaptcher.com, your easiest solution would be to use javascript and AJAX. Javascript has certain functions that allow you to send an HTTP request without reloading the page, then you let the javascript determine what to do with the page that's returned.
This is generally used when you want to reload a part of a webpage without reloading the whole thing. For instance, if you have a chat program and you want to update the chat window without refreshing the entire page. The javascript would request a webpage which contains ONLY the new lines of chat, minus any <html>, <head>, or <body> tags. It then takes those lines and displays them in the chat window.
You can, however, use AJAX to request a page and then ignore what's returned instead of display it on the page. By doing this you will have sent the POST data but not redirect the user.
Another option is to send the request to a third website, which can then send its own dummy request. For instance, submit the form to a PHP page that you own. The PHP script can then tell your server to send a dummy request to http://poster.decaptcher.com and ignore the response, then you can send them a webpage containing whatever you want.
Now that I've described both of these processes in adequate detail, I'll leave it as an exercise to the reader to figure out exactly how to do these. =)
The page refresh on submitted form is the default behavior of HTML.
For people who need to display the response into the same page without refresh, they will want to use Ajax. Here is how it could be done with jQuery:
$('#the_form').submit(function (e) {
e.preventDefault();
the_form = $(this);
$('#response_container').load(
the_form.attr('action')
, the_form.serialize()
);
})
the action defines the redirect to that page. If you want to catch the response, make your own script and place it in between the two. This is a bad way of doing it though. We developers call it hack coding. lol.
Not quite sure what you want to do. If you want to show the POST content on the page, just do this:
print_r($_POST);
If you want to see what is getting POSTed to the action URL, and you don't have access to that URL, just use the HTTP Headers plugin for Firefox.
action should go to a PHP file belonging to you! ie - action="/ProcessMyForm.php"
On that file, simply use $_POST and those form elements are in there, indexed by name, in an associative array.
Also - it may have been accidental, but post parameters dont go up in the URL like get, they are "behind the scenes" (invisible to the user) and also capable of being far larger.
PS - if you want to go to that other site afterwards, use header("Redirect: other-website-here.com")
First of all, mention your question specifically. If you want to fetch data from a URL than you can't use the form method="post". If you want to fetch data from URL, you have to use method "get". Calling print_r($_GET) can be used to retrieve data from HTML page to controller page.
I am sending login status = fail, back to my login page.Here is my code-
header("location:index.php?login=fail");
but that is sending through URL like-
http://localhost/303/index.php?login=fail
is there any way to pass value without showing in URL? And how to get this value on the second page?
You are passing that value via a GET request, which is why it appears in the URL. In order to pass a value without showing it in the URL, you want to pass it via a POST request.
In order to do this you aren't going to want to "return" the value to your login page. Instead, whatever php form is handling the process of logging in the user after they click the "login" button, will decide what to show the user.
In PHP post variables can be accessed by the global $_POST object -
$_POST['username'];
Would get the value with the name "username" that you passed via POST:
<form method="post" action="checkLogin.php">
Username:
<input type="text" name="username" maxlength="25" />
Password:
</td><td><input type="password" name="password" />
<input type="submit" name="submit" value="Login">
</form>
In order to dynamically save and show errors to the user, you can store them in the session, for example have a file called "errors.php"
<?php
if (isset($_SESSION['errors']))
{
echo $_SESSION['errors'];
}
unset($_SESSION['errors'])
?>
And in your php that checks the login, do:
session_start();
$_SESSION['errors'] = "Invalid username or password.";
Then redirect to your login page (don't pass any variables) and on your form always have this field:
<?php include("errors.php"); ?>
If you didn't have any errors, it won't show anything and the login page will look normal.
Note: In any php form that you use a session_start(), it HAS TO BE THE FIRST THING in the form.
Other ways are to use session or hidden fields but you what you are doing is fine for the purpose. You can later retrieve the value like this:
if ($_GET['login'] === 'fail')
{
// failed.......
}
there are several ways to accomplish your task
Modern AJAX way. Form being sent using AJAX. No page reload until password is correct. Errors shown in place. Requres javascript.
Post/Redirect/Get pattern. Form being sent using regular POST. No redirect on errors, shown in place.
sessions, when we store an error in the session