I have a simple form
<form id="myform" action="formprocess.php" method="POST">
username:<input type="text" name="username">
password:<input type="password" name="password">
<?php if($_COOKIE("login-attempt")>"4"){
require_once "recaptchalib.php";
echo recaptcha_get_html($publickey, $error);
}?>
<input type="submit" value="Sign in" id="signIn" name="signIn""/>
</form>
the problem is that is captcha(recaptcha_response_field) is also posted to formprocess.php page, I want that this captcha(recaptcha_response_field) value should be checked here if it is right than the value of username and password should be posed to formprocess.php else reload this page with the error. how can i do this.?
Well, the easiest thing to do in my eyes would be to validate the CAPTCHA at the beginning of formprocess.php, and if it wouldn't work then die('CAPTCHA failed), otherwise run the script. I.E:
function verifyCAPTCHA(){
//function that verifies the captcha...
}
if (!verifyCaptcha()){
die('CAPTCHA Failed')
}
//the rest of your formprocess.php
But, if you insist on seperating formprocess.php from the CAPTCHA validation, then you can instead change the form action attribute to something like action='captchaValidate.php'.
captchaValidate.php would then look like:
function verifyCAPTCHA(){
//function that verifies the captcha...
}
if (!verifyCaptcha()){
die('CAPTCHA Failed')
}else{
require('formprocess.php')
}
When you say you'd like to validate the CAPTCHA 'here', perhaps you mean to say that you'd like to send an AJAX request, in which you should check out https://developers.google.com/recaptcha/docs/display and their AJAX API. You could dynamically call either one of my proposed solutions this way. Also take a look at How to do a post request for my reCaptcha ajax api?
Related
Im new to coding and I really need help. I have a PHP form that I want to redirect to another PHP file after hitting submit and all the required fields are answered correctly. The redirecting is not working without jeopardizing the form file. Sorry for dumb question but please help and If you could also tell me where to put the code, I've tried:
< ?php header("Location: http://www.redirect.to.url.com/"); ?>
but then It redirects immediately as you enter the form page.
you can use onsubmit Event it makes you able to submit the inputs or not, check this code:
<form action="/action_page.php" onsubmit="return myFunction()">
Enter name: <input type="text" name="fname">
<input type="submit" value="Submit">
</form>
<script>
function myFunction() {
//your code or process
return true; //if fields are answered
return false; //if fields are notanswered
}
</script>
I didn't understand you well what yo mean by fields must be are answered.You mean correct or not empty? if not empty u can use required attribute
<form action="/action_page.php" onsubmit="return myFunction()">
Username: <input type="text" name="usrname" required>
<input type="submit">
</form>
if not you can check if fileds correct by checjing them by js and don't forget to return true so the php file can run.
Hope this help if not post your code
I have this form:
<form name="form2" method="post" action="http://1.1.101.1/reg.php">
<input id="field12" type="text" value="{$username}" name="username" maxlength="32" placeholder="Username" required="required" />
<input id="field22" type="text" value="{$password}" name="password" maxlength="32" placeholder="Password" required="required" />
<input name="checkbox" type="hidden" id="checkbox" value="checkbox" />
<input type="hidden" name="url" value=""/><br/>
<input type="submit" value="Connect to WiFi" name="button1" /><br/>
</form>
the action is a external url.
How can i check in my php when the button submit is posted (name = button1) before it goes to that url.
Right now i have this but its not working becasuse it goes directly to the action url from the form.
if ($_SERVER['REQUEST_METHOD'] == "post") {
var_dump($_POST);
exit;
}
You can't.
The only way to validate it without using client side code is to submit the form to your own server side code.
You then won't be able to reliably redirect the request while maintaining POST.
You have basically two options the way I see it.
If it's not necessary for the user to see the output of the external script, you could do the posting yourself from your backend. I.e. change the action of your form to your own script and do something like the following:
Validation the fields
If validation OK, POST the data to the external URL via CURL (or similar)
If POST to external URL went OK, redirect to wherever the user should end up in the end
If the user must end up at this external URL, you could do it in two steps. First have your form action set to your own server side validation. If it passes, give the user a confirmation page with a form containing the same data which would then post it to the external URL. The fields should probably be hidden/read-only on this page to prevent them from being changed before the final submit.
This last method is definitely possible to mess with since it's easy to first use valid values, and then change the data in the HTML before doing the final submit. So if security is important here, you're stuck with the first option.
Try this
<?php
if(isset($_POST['button1'])){
//action
header('Refresh:3; url=http://1.1.101.1/reg.php');
}
?>
Right now I have a form actioning to itself. There is some code the checks if the user is meant to be there. Is there a way to stop the script from running certain sections of code if it was actioned to itself after pressing submit.
I was thinking about using a SESSION variable to check against but I've gotten all muddle in my head :p
Any ideas?
Sure. If you're self-submitting form actions, just check if $_POST is empty (assuming you're POST'ing to your form)
if (!empty($_POST))
{
...
}
When I do PHP I use an input-element in my form template, like this:
<input type="submit" name="submit" id="submit" value="Login" /></td>
... and in the PHP page, I check if the POST was self-submitted like so:
// if page is not submitted to itself echo the form
if (!isset($_POST['submit']))
{
...
}
This is not secure though. If you want to reap the full benefits of self-submitting, you should try to counter Cross-site request forgery (XSRF) by challenging the client with a random token, and asking the client to repeat it.
Like embedded a hidden input in your form something like this:
<input type="hidden" name="nonce" value="<? echo $NONCE_VALUE; ?>" />
I am trying to be able to log-in to a PHP webpage with the credentials in the URL.
Example:
http://www.mywebsite.com/logon.php?logon=user&password=password
The URL above inserts user and password into the text fields but does not submit the page and continue.
How do I submit a page via URL?
Is it possible? If not, sorry for the question.
There are two versions of the answer, here: how to do what you asked, and how to do what you actually want. Chances are you don't actually want to do it the way you asked, because passing the password in the URL field is a super-bad idea. To answer the question as asked, it goes like this:
To read the values out of the URL string, you can use the $_GET array. To print what logon is passed, do:
echo($_REQUEST[logon]);
To submit the data in the first place, you'll need to use a form. There are other methods, but this is the most basic. Something like this:
<form action="logon.php" method="get">
<input name="logon">
<input name="password">
<input type=submit value="Login">
</form>
That being said, better practice would be to pass the password through the POST parameter, which at least isn't visible in the addressbar. To do this, simply substitute:
<form action="logon.php" method="post">
<input name="logon">
<input name="password">
<input type=submit value="Login">
</form>
It depends on how the website's login system is designed:
The form: The names of the username and password fields need to be the same as in your url
The PHP: Most forms use a HTTP POST method to send their data to their server. What you are doing is sending data using a HTTP GET method.
I've created a form on my page and from the tutorials im following it says I have to have a second page with all the php processing in, is it not possible to keep the php on the same page and when the user hits submit the form is sent?
Why isnt this working on my process page? It doesnt echo anything :S
<?php
$kop = mysql_real_escape_string($_POST['severity']);
$loc = mysql_real_escape_string($_POST['location']};
$summary = mysql_real_escape_string($_POST['summary']);
$name = mysql_real_escape_string($_POST['name']);
$email = mysql_real_escape_string($_POST['email']);
echo $kop;
echo $loc;
echo $summary;
echo $name;
echo $email;
?>
You can check in the same file if the submit button is pressed. (http://pastebin.com/8FC1fFaf)
if (isset($_POST['submit']))
{
// Process Form
}
else
{
// Show Form
}
Regarding form checking, you can save the user input, and if one of their data is unvalid you can echo the old data back and show the form again.
edit: As PeeHaa stated, you need to leave the action blank though ;)
Yes it is possible. As adviced by Pekka, it's not really suggested to do so. But here is how it can be done.
Simply using the isset method to check if the form has been posted. So say in your form you have the follwing input:
<input type="text" name="age" />
At the top of your php script you can use the following to know if the form has been submitted and thus process it.
<?php if(isset($_POST["age"])) {
//do processing
} ?>
Hope this helps ;)
It is possible to let the same script process the form.
If you want to do this just leave the action blank.
However If you want to process the form without the page being reloaded you have to use Javascript.
is it not possible to keep the php on the same page and when the user hits submit the form is sent?
It sounds like you are describing AJAX. Example: http://www.elated.com/res/File/articles/development/javascript/jquery/slick-ajax-contact-form-jquery-php/
This is using the jQuery framework - there are a number of frameworks for doing this (such as YUI) which could do this equally as well. You could write this yourself to learn how it all works, but IHMO this would be reinventing the wheel. Here is a decent tutorial on creating AJAX forms with jQuery:
http://www.elated.com/articles/slick-ajax-contact-form-jquery-php/
<form name="myfrom" action="" method="post">
Username: <input type="text" name="user" id="username" />
<input type="submit" name="submit_form" value="Submit" />
</form>
<?php if($_POST['submit_form'] == "Submit"){
echo "do something";
}
?>