Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am developing a site in PHP that allows users to sign up and enter in some information, and I would like to give each user a unique URL. When the user logs in to his profile, I want JUST the username to be passed to the URL (like www.mysite.com/profile.php?user=username) in order to rewrite it later. However, I'm using the $_POST method, and I'm concerned if I use $_GET while logging in the password will be passed to the URL as well. What should I do?
There shouldn't really be a problem doing this. You could simply use a POST method that points to a URL with a GET parameter.
So you make a POST request to:
www.mysite.com/profile.php?user={$username}
This way the user variable in the URL doesn't need to be used in the authentication.
Consider this for a simplistic example:
<form method="post" action="/profile.php?username=hasan">
<input type="text" name="username" value="hasan" />
<input type="text" name="password" value="********" />
</form>
The URL you are posting to doesn't have to be hard coded either - you could always dynamically add the user name before submitting the form.
On the link to or redirection you can add
Link to the profile
and after you read it (in php file) with $_GET['user']
Since the authentication presumably happens in a separate script, e.g. login.php, it's just a matter of appending the username to the profile URL when redirecting upon successful login.
header('Location: profile.php?username='.$username);
Lix's answer is best and is what you should be doing, but assuming you don't have a login.php and for some strange reason want to go straight to profile.php?user to login, you can use this javascript:
<script type="text/javascript">
$(document).ready(function() {
$("#theForm").submit(function() {
$(this).attr("action", $(this).attr("action") + $("#usernameInput").val());
return true;
});
});
</script>
And your form looks something like:
<form action="http://www.mysite.com/profile.php?user=" method="post" id="theForm">
<input type="text" name="usernameInput" id="usernameInput">
<input type="password" name="passwordInput" id="passwordInput">
<input type="submit" name="submit" value="Login">
</form>
And then your action will change to the inputted username upon submit. But still, you should have an intermediary login.php that redirects to profile.php?user.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
It is possible to hide get value from url (rozgaarexpress.com/profile.php?id=22) using .Htaccess.I want to hide ?id=22.
Then URL Looks like rozgaarexpress.com/profile.php
My first page demo.php
I am just passing this url
HTACCESS
second page profile.php
<?php
$id=$_GET['id'];
echo $id;
?>
You can't hide the ID parameter, even if you use .htaccess to achieve that. I mean you can do it but you will be able to use a single ID when accessing profile.php page which I don't think is the case you want.
You can do it by using sessions like:
demo.php
session_start();
$_SESSION['id'] = 22;
echo 'My profile';
profile.php
session_start();
echo $_SESSION['id'];
im sure you asked this question to find a way to avoiding show ID to public.
you can use session in this case like this:
<?php
session_start();
$_SESSION['session_name']=$id; // Set the value of the id you want to pass.
?>
and in profile.php page you need this:
<?php
session_start();
$id = $_SESSION['session_name'];
?>
or you can use JQuery.post to pass your data.
I would rather take the desired profile ID from the Client. This allows the end-user the option to open two different profiles from the same page:
<script type="text/javascript">
function setInputAndSubmit(input) {
var form=document.getElementById("skfrom");
var inputEl=document.getElementById("LANG");
inputEl.value = input;
form.submit();
} </script>
<form id="skfrom" name="myform" action="http://rozgaarexpress.com/profile.php" method="POST">
<div align="center">
First ID
<br>
Another ID
<br><br>
Same ID
<br><br>
You can even receive input from users and send it together with the ID.
<input type="text" size="25" value="Some other field you want visible">
<input type="hidden" id="LANG" name="Language" value="English">
</div>
</form>
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I have to create a website with the sole purpose of connecting to a MySQL database and displaying its information in a graphical user interface.
So far everything is working well. My problem, however, is setting up some sort of log in system to get the user's $username and $password.
While the website is being developed for LAN use I would rather not put a username and password in HTML or PHP for security reasons.
How would I go about writing code to ask the user for a password and username on my index page, have it used for all of the other pages on my site, and ultimately have it forgotten when the user closes my website? At the moment I only know HTML, CSS, and some very naive PHP.
in a nutshell:
login.php
<?php
session_start();
function hhb_tohtml($str)
{
return htmlentities($str, ENT_QUOTES | ENT_HTML401 | ENT_SUBSTITUTE | ENT_DISALLOWED, 'UTF-8', true);
}
$accounts=array(
//username =>password
'smith'=>'smell',
'admin'=>'password',
'guest'=>'guestpass'
);
if(array_key_exists('submit',$_POST)){
if(!array_key_exists('username',$_POST)){
$username='';
} else
{
$username=$_POST['username'];
}
if(!array_key_exists('password',$_POST)){
$password='';
}else {
$password=$_POST['password'];
}
if(!array_key_exists($username,$accounts)){
die('This username does not exist.');
}
if($accounts[$username]!==$password){
die('wrong password!');
}
$_SESSION['logged_in']=true;
$_SESSION['username']=$username;
die('you have logged in as: '.hhb_tohtml($username));
}
?>
<!DOCTYPE html>
<html>
<head><title></title></head>
<body>
<form action="?" method="post">
Username: <input type="text" name="username" /><br>
Password: <input type="password" name="password" /><br>
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
and in other places, like controlpanel.php:
session_start();
if(!isset($_SESSION['logged_in'])){die('you need to login first!');}
the session id will be stored in a cookie, thanks to session_start(), and the server will remember whether or not this session id is logged in.
As far as I understand you would be able to use the standard type of login using a session. There are many tutorials to show you how to achieve this and there are many different ways to get to the outcome. It all depends on your skills, level of safety and database requirements, to name a few.
You should start by having a look at a tutorial like this which makes use of a session http://www.formget.com/login-form-in-php/ this will give you the "forget password" functionality. Unless a user saves the password using their browser.
Just in case the tutorial above is not to your liking here a a few more:
http://www.homeandlearn.co.uk/php/php14p2.html
http://www.phpeasystep.com/phptu/6.html
and my personal favorite http://www.tutorialspoint.com/php/php_login_example.htm
I hope you find something to help you, if you have any issues implementing one of these examples please post a question with your code for someone to help you resolve it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Sorry I am asking a question that has been asked before but in spite of reading all of them, I am still confused what to do.
What exactly I have to do to implement the remember me feature in my website I am building as my final year project. Is calling the function "setcookie()" alone sufficient?
setCookie() is all you need.
You can use it like this:
$cookie_value = 'MyUsername';
$cookie_expire = time() + 60*60*24*365;// 365 days
$cookie_path = '/';
setcookie('remember_me',$cookie_value, $cookie_expire, $cookie_path);
On the next pageload, you can fetch the remember_me cookie value with:
$_COOKIE['remember_me'];
But the 'next pageload' part is important because PHP cookies cannot be set and also read in the same browser action.
In the most simple way possible. The way I would bring this all together for demonstration for your project is have a php page with an html <form> that posts to itself.
Your filename would be something like my_form.php
inside it would be:
<?php
// If we received a username from the form, remember it for a year.
if( $_POST['username'] ):
setcookie('remember_me',$_POST['username'], time()+60*60*24*365, '/');
endif;
?>
<?php
// Display a message if the user is remembered.
if( isset($_COOKIE['remember_me']) ):
echo '<h2>Welcome back, '.$_COOKIE['remember_me'].'!</h2>';
endif;
?>
<form action="" method="post">
<input name="username" type="text" placeholder="Your Username" value="<?php echo $_COOKIE['remember_me'] ?>" required />
<button type="submit">Remember me</button>
</form>
This form submits to itself. If you see the username you just entered in the welcome message, then it is remembering you.
Very important! The setcookie() call in PHP must be the first thing in your my_form.php file. Otherwise setcookie() will not work if any output has happened to the web-browser before you call the setcookie() function.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
UPDATE [13.10.16]
So coming back to one of my previous questions on stackoverflow that has low reputation and for reasons I can see why, I wanted to update it and make it much more relevant.
When I wrote this question I wanted to create a login system from a basic html form, it is a much more complicate process.
For anyone seeing this question I would recommend that you use a PHP framework that does all the handling for you. I would suggest using Laravel as it has all the framework you need for a simple login system and much more without the need of lots of PHP which would be needed for the example below.
Original Question
How do I create a login form with HTMl, PHP, and MySQL?
I created a form as seen below:
<form id="login">
<h2 id="logintxt">Log In</h2>
<h1 id="username">User Name:</h1>
<input name="Username" type="text" value="" maxlength="20" id="usernamebox" />
<h1 id="password">Password:</h1>
<input name="Password" type="password" id="passwordtxt" />
<h1 id="forgot">Forgot Password</h1>
<h1 id="register">Register</h1>
<div id="submit">
<img src="login.gif" width="100" height="40" />
</form>
I have seen tutorials when having a form navigate to another page to login however I do not like this is there any way around it?
My MySQl data is:
Host: localhost
Username: root
Password: root
Database: the_tech
Thanks
[UPDATE]
Here is my full html page. http://pastebin.com/NvgzT0Xu
From this what is required to create a html page login? Preferably without leaving the page.
I tried adding this (http://pastebin.com/1HcZGsUS) to the top of my page however it did not work. I was following this (https://www.scirra.com/tutorials/525/simple-login-using-a-mysql-database) tutorial.
Thanks
You need a backend php file to connect with the database and query it. TO avoid moving to another page (Front end), you can use ajax and connect to the php file via javascript.
You can follow this tutorial : http://php-dev-zone.blogspot.in/2013/07/login-form-using-ajax-and-jquery.html
First you need a form with this parameters arround the input-fields and a button.
<form method="post" action="checklogin.php">
<h2 id="logintxt">Log In</h2>
<h1 id="username">User Name:</h1>
<input name="Username" type="text" value="" maxlength="20" id="usernamebox" />
<h1 id="password">Password:</h1>
<input name="Password" type="password" id="passwordtxt" />
<h1 id="forgot">Forgot Password</h1>
<h1 id="register">Register</h1>
<img src="login.gif" width="100" height="40" />
<input type="submit" value="Login">
</form>
And then you need Php to check if the username and password was correct. When you don't like to go to an other page after login, what you want instead? Should the index page check it by itself?
Then you could check if the $_POST of the input fields isset. If yes, connect to the database an look if username and password is right. If no $_POST isset, Show the Loginform. I think there are many examples looking to Google.
I am trying to be able to log-in to a PHP webpage with the credentials in the URL.
Example:
http://www.mywebsite.com/logon.php?logon=user&password=password
The URL above inserts user and password into the text fields but does not submit the page and continue.
How do I submit a page via URL?
Is it possible? If not, sorry for the question.
There are two versions of the answer, here: how to do what you asked, and how to do what you actually want. Chances are you don't actually want to do it the way you asked, because passing the password in the URL field is a super-bad idea. To answer the question as asked, it goes like this:
To read the values out of the URL string, you can use the $_GET array. To print what logon is passed, do:
echo($_REQUEST[logon]);
To submit the data in the first place, you'll need to use a form. There are other methods, but this is the most basic. Something like this:
<form action="logon.php" method="get">
<input name="logon">
<input name="password">
<input type=submit value="Login">
</form>
That being said, better practice would be to pass the password through the POST parameter, which at least isn't visible in the addressbar. To do this, simply substitute:
<form action="logon.php" method="post">
<input name="logon">
<input name="password">
<input type=submit value="Login">
</form>
It depends on how the website's login system is designed:
The form: The names of the username and password fields need to be the same as in your url
The PHP: Most forms use a HTTP POST method to send their data to their server. What you are doing is sending data using a HTTP GET method.