I have a database and a login form and want to write a php script that validates the login.
How are the types' data access and used?
For example, how do I access the input entered from the user in these elements.
<p><input type="text" name="login" value="" placeholder="Username or Email"></p>
<p><input type="password" name="password" value="" placeholder="Password"></p>
I want to use the login and password for validation. How can these be passed to a php script?
EDIT: I set the action to
<form method="post" action="loginVerification.php">
and when I enter the fields and submit the values, my OS wants to save the loginVerification.php. When I save it I dont get the echo.
I have this in the php file
<?php
echo $_POST['login'];
echo $_POST['password'];
How do I write the logs to a file in php, or is there a way to do runtime verification for php?
Edit 2:
<div class="container">
<section class="login">
<h1>Login</h1>
<form method="post" action="loginVerification.php">
<p><input type="text" name="login" value="" placeholder="Username or Email"></p>
<p><input type="password" name="password" value="" placeholder="Password"></p>
<p class="remember_me">
<label>
<input type="checkbox" name="remember_me" id="remember_me">
Remember me on this computer
</label>
</p>
<p class="submit"><input type="submit" name="commit" value="Login"></p>
</form>
</section>
<section class="login-help">
<p>Lost password? Click here to reset it.</p>
</section>
If your form method is post, these variables would be accessible through $_POST['login'] and $_POST['password'].
These fields should be part of a <form> element, such as the following:
<form method="POST" action="process.php">
<!-- input elements here -->
<input type="submit" />
</form>
Submitting the form will pass your data to your action location. In this case, to a script on the server called "process.php". Assuming your method is POST, from within process.php you could access your input fields via the $_POST global array:
<?php
// Show value of <input type="text" name="foo" />
echo $_POST['foo'];
?>
There are two ways to get the data from HTML forms :
POST
HTML form tag :
<form method="post" action="some.php">
<input type="text" name="username" size="20"/>
<input type="password" name="password" size="20"/>
</form>
To access the values of fiedls in some.php you can use the $_POST super global.
eg: $_POST['username']
GET
HTML form tag :
<form method="get" action="some.php">
<input type="text" name="username" size="20"/>
<input type="password" name="password" size="20"/>
</form>
To access the values of fiedls in some.php you can use the $_GET super global.
eg: $_GET['username']
Now to create a login system you need to create a database of username and password :
username | password
----------------------
abc | passcode!##
xyz | passco#$%^^
For signing-in you can use session to keep the user logged in across several pages (web application). In the login script check whether the user is valid by looking into the table and set some value for a session's variable using the $_SESSION super global. You can access that variable in any page of your web application, for that the session needs to be started in every page using :
session_start()
function. On each and every page, the session's variable must be checked for its value, if it is valid show the page else land the user to the login page.
Here you can find information on sessions : http://php.net/manual/en/ref.session.php
Form input values are passed via POST typically. From your PHP, you access those values using the $_POST superglobal like this:
$login = $_POST['login'];
$password = $_POST['password'];
The array key in the $_POST array is what you set name to in your HTML element like name="login".
When using this value, be aware that it comes straight from your user and should not be trusted. If you don't filter it prior to using it with database operations, you run the very real risk of becoming a victim of SQL injection leading to your site being compromised.
in your php file try this
echo $_REQUEST['login'];
echo $_REQUEST['password'];
Related
I have a form for asking information about courses , every course has it page, but the information page is one for all.
The form should be something like that:
<form action="#" method="POST">
<label for="name">Name</label>
<input name="name" type="text">
<label for="email">Email</label>
<input name="email" type="email">
<input type="hidden" id="code" value="<?php echo $course_code; ?>">
<input id="submit" type="submit" value="Invia" />
</form>
I wish to change the var $course code according to the referrer page. (With a $_GET var)
I tried "Shortcode Exec PHP" plugin to execute php in wp pages, but doesnt work.
When you POST the form, the variable won't be set in $_GET but in $_POST. It's either one or the other, so if you want to read the $_GET var, you must also use GET on the form, like this:
<form action="#" method="GET">
<label for="name">Name</label>
...
(this is what Fred commented on, but I couldn't expand upon that comment due to my low rep)
I was wrong to use "Shortcode Exec PHP" plugin.
I set a shortcode:
$course_name = $_GET['cn'];
$courses= array("courses1","courses2","couses3");
if (in_array($course_name, $courses)) {
echo $course_name:
}
and the in the wordpress page can be used the name of the shortcode
[couse_name]
Now its work!
You can just use $_REQUEST so it doesn't matter if its a POST or a GET from the form. But I wouldn't use GET from a form unless it was a search or something where the user could bookmark the url and see the result. Mostly use POST for all other instances.
HTML form...
<form method="post">
<label>Name<br>
<input type="text" name="name">
</label>
...
<input type="submit" value="Invia">
</form>
PHP page that handles the form...
<?php
// $_REQUEST will contain POST, GET & COOKIE
echo $_REQUEST['name'];
?>
Okay, so I programmed this code, referencing various websites. I'm trying to program a signup page for a website. How does the html form connects to the PHP/how do I connect it?
I know that one place I have messed up is the action="" in the form. Different websites have told me to put different things in, from the server name ("localhost"), to "" to the name of the file that the php is in (I want to do it in the same file as the form if that is possible, I tried both that and a separate file). What do I put in there so when submit is clicked, it gives the error messages on the same screen as the form, and when submit is clicked and there are no error messages, it continues? Where do I link the page it continues on to?
Also, tell me if any of my code is deprecated. I've been trying to check everything, but I could of missed something.
<?php
include 'connect.php';
//if submit is clicked
if (isset($_POST['submit'])) {
//then check if all fields are filled
if (!$_POST['username'] | !$_POST['password'] | !$_POST['firstname'] | !$_POST['MI'] | !$_POST['lastname'] | !$_POST['email'] | !$_POST['phonenumber'] | !$_POST['country'] ) {
die('You did not complete all of the required fields'); }
$usernamesquery = mysql_query("SELECT * FROM logins WHERE username='$usernametest'");
if(mysqli_stmt_num_rows($usernamesquery) > 0) {
die('This username is already taken.');
}
}
?>
<form action="????????" method="post">
Username: <input type="text" name="username" maxlength="30"><br>
Password: <input type="password" name="password" maxlength="30"><br>
First Name: <input type="text" name="firstname" maxlength="30"><br>
Middle Initial: <input type="password" name="MI" maxlength="30"><br>
Last Name: <input type="text" name="lastname" maxlength="30"><br>
Email: <input type="password" name="email" maxlength="50"><br>
Phone Number: <input type="text" name="phonenumber" maxlength="11"><br>
Country: <input type="password" name="country" maxlength="40"><br>
<input type="submit">
</form>
If you want it to direct to the same file, then just use:
<form action="" method="POST">
Also there is no $_POST["submit"] since you haven't given your submit button a name.
<input type="submit" name="submit">
Also, does $usernametest actually contain anything? Since you haven't given it a value in your code above.
The "action" is page with some script, that parse the form data and do the login.
For example: the form has action "login.php", that means after you submit the form, the data are sent to "login.php" where you can acces it via $_POST variable. If you have login logic and form in the same file, you don't have to set any action, it's ok if you do it like this
<form action="" method="POST">
More info here
If you want to submit the form to the same page (the URL you are allready on), you can just leave out the action from the <from> tag. Otherwise, you specify the URL (relative or absolute) the form needs to be submitted to.
So I'm trying to create this form and every time I try to create a dummy user it creates an empy one in the database.
Here's the php code create.php:
<?php
session_start();
include ('connection.php');
$username = $_POST['usernamesignup'];
$email = $_POST['emailsignup'];
$password = $_POST['passwordsignup'];
mysql_query("INSERT INTO users (usernamesignup, passwordsignup, emailsignup)
VALUES ('$username', '$password', '$email')")or die (mysql_error());
header('Location: login.html');
mysql_close($db);
?>
And here's the part of the form Login.html:
<form action="create.php" autocomplete="on">
<h1> Sign up </h1>
<p><label for="usernamesignup" class="uname" data-icon="u">Your username</label>
<input id="usernamesignup" name="usernamesignup" required="required" type="text" placeholder="mysuperusername690" /></p>
<p><label for="emailsignup" class="youmail" data-icon="e" > Your email</label>
<input id="emailsignup" name="emailsignup" required="required" type="email" placeholder="mysupermail#mail.com"/></p>
<p><label for="passwordsignup" class="youpasswd" data-icon="p">Your password </label>
<input id="passwordsignup" name="passwordsignup" required="required" type="password" placeholder="eg. X8df!90EO"/></p>
<p><label for="passwordsignup_confirm" class="youpasswd" data-icon="p">Please confirm your password </label>
<input id="passwordsignup_confirm" name="passwordsignup_confirm" required="required" type="password" placeholder="eg. X8df!90EO"/></p>
<p class="signin button"><input type="submit" value="Sign up"/></p>
<p class="change_link">Already a member? Go and log in </p>
</form>
Any help would be greatly appreciated.
EDIT: The adding of method:"post" did the trick. Thank you very much to all of you for your fast response and the very valid advises on security and on how I should change to a more current form instead of what I used here.
You need to specify the form method to POST in your case. Try
<form action="create.php" autocomplete="on" method="POST">
You have to check if the values sent by your form are not null or with an empty string. And please be very careful your code is vulnerable to sql injections and hash your password in sha512 or something like that.
have a look to this function : http://php.net/manual/en/function.empty.php
and try to add this in your form :
<form action="create.php" autocomplete="on" method="post">
try adding this to your form tag
method='post'
Default method for form is GET, and you're trying to get your values from POST, so they're empty...
You should do:
$password = $_GET['password'];
// etc.
Or, if you don't know:
$password = $_REQUEST['password'];
// etc.
I recommend you to use a mysqli class. I've used this one myself in smaller projects: https://github.com/ajillion/PHP-MySQLi-Database-Class
You're missing "form validation" in your code. This prevents empty and malicious form submits if you integrate validation properly into your forms and backend code
A simple example of how to make sure data was entered in the specific fields, try this:
<?php
if (empty($_POST['usernamesignup']), empty($_POST['...']))
{
echo 'Not all required data was submitted';
}
else
{
// Process the form, all data was received
}
4. Have you considered using a php framework? Try something like Codeigniter or Laravel if you want something more advanced and usable.
Please consider including <form action="create.php" autocomplete="on" method="POST">
Please I beg you, Don't store raw password in database just use an encryption method.
And use PDO instead of mysql_*
see here: http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
I want to send a couple of form fields as a POST request to my PHP page, but I can't get it to work. Here is my code:
PHP login.php
<?php
if(!ISSET($_POST["username"]) && !ISSET($_POST["password"])) {
include "login.html";
}
else {
echo "hi";
}
?>
HTML login.html
<form action="login.php" method="post">
<label for="username">Username</label><input type="text" id="username"/>
<label for="password">Password</label>Password<input type="password" id="password"/>
<input type="submit" value="Submit"/>
</form>
Can anyone spot my mistake?
Your inputs do not have names. The id is used for client-side referencing, but it is the (non-unique) name attribute that is used to determine the key for a value when the data is submitted. A form control cannot be successful (i.e. in the form data) without a name.
You haven't included the name attribute in your html input elements. name attribute is used when passing form information to the webserver. id is primarily used for javascript based manipulation.
Username<input type="text" name="username"/>
Password<input type="password" name="password"/>
Is is possible to redirect a user on front end login to a post that they have created? If so how?
I have the form below on the front end which works great to log people in but doesn't quite achieve what I want.
I've created a front end registration process, that creates a new user and a post and fills in certain details into that post. On completion of that process they are sent to the post they just created, which then allows them to front end edit all the details. That works perfectly for first time registrants but I can't quite achieve what I want with people that have already registered and want to login.
When they fill in their details on the form below, I want it to redirect to the post they created when they registered, is this possible?
The users can only ever create ONE post... which is acting as a profile. So I want them to be able to log in and get redirected to their profile.
If it helps, the username is the same as the post title (the username is the persons company name, which is also the name of the post). E.g username = My Company. Post title = My Company.
<?php if (!(current_user_can('level_0'))){ ?>
<form action="<?php echo get_option('home'); ?>/wp-login.php" method="post" id="login-form">
<p style="color:black!IMPORTANT;">Please login.</p>
<!--[if !(IE)]><!-->
<input type="text" placeholder="Username" name="log" id="log" value="<?php echo wp_specialchars(stripslashes($user_login), 1) ?>" />
<!--<![endif]-->
<!--[if (gte IE 6)]>
<input type="text" name="log" id="log" value="Username" />
<![endif]-->
<!--[if !(IE)]><!-->
<input type="password" placeholder="Password" name="pwd" id="pwd" />
<!--<![endif]-->
<!--[if (gte IE 6)]>
<input type="password" value="Password" name="pwd" id="pwd" />
<![endif]-->
<p style="clear:both;width:115px;font-size:14px!IMPORTANT;float:left;">
<input style="width:14%!IMPORTANT;" name="rememberme" id="rememberme" type="checkbox" checked="checked" value="forever" /> Remember me
</p>
<input type="hidden" name="redirect_to" value="<?php echo $_SERVER['REQUEST_URI']; ?>" />
<p style="float:right;">
<a style="font-size:14px!IMPORTANT;" href="<?php echo get_option('home'); ?>/wp-login.php?action=lostpassword">Recover password</a>
</p>
<input style="margin-left:80px;float:left;" type="submit" name="submit" value="LOGIN" class="login-button" />
</form>
<div class="clear"></div>
<?php } else { ?>
<p>
You are currently logged in, would you like to logout?
</p>
<?php } ?>
I'm guessing the following...
I need to do something with the username (entered in the form above) then match that with the author of any posts, if that matches then send them to that page... all before the submission of the form above. This needs to be done before the hidden field, so it can enter the username field into the hidden input value.
Since a user can only have ONE post, surely you have a link or method to detect that, such as something stored in the database. What you can do is when testing if the credentials are correct, find the link and then override the redirect. You don't need to know the link and hide it before the user even logs in, it's not possible.
Example:
<?php
...get variables...;
if( isValidUser()){
$var = db->getUserPostId();
$redirect = "posts.php?pid=".$var;
header("Location: $redirect");
else
.. show error and go back..
?>
EDIT: javascript example
<script>
function onSubmit(){
document.forms["login"]["redirect_to"].value = document.forms["login"]["log"].value;
}
</script>
<form name="login" action="test.php" method="post" onsubmit="onSubmit()">
<input type="text" name="log">
<input type="password" placeholder="Password" name="pwd" id="pwd" />
<input type="hidden" name="redirect_to" value="start">
<input type="submit" name="submit" value="Login">
</form>
The example will change the value of the hidden field before the form is submitted. You can build the link however you wish, the example only takes the username.
Of course this is possible. You can get the current page's url using php's $_SERVER method. Here is a tutorial - PHP: How to Get the Current Page URL
Then you may pass this data into login form page using GET method, so that login page (containing login form) can catch this url. Then you may include this url data in the login form either as a hidden field, or as a part of the action's target php file (like <form method="post" action="target.php?targeturl=someurl.com/somepage") where the form's target script file can read this url. Then after processing login data, the processing script can redirect browser to the target url.
The easy way to solve your problem is that once the user redirected to a particular page e.g, edit post page, or edit profile page. You need to save the URL of the page by session.
$_SESSION['refpage'] = getPageUrl(); // this is your function that will return a current page url.
After the user logged-in, you check if the session $_SESSION['refpage'] is exist, if found then redirect him e.g redirect("location:".$_SESSION['refpage'])