I'm building my first PHP website (attempting to, anyway!), and I'm trying to create a contact form whose contents are submitted to me via email. I've got the email part down, but I'm having trouble getting the form ("contact.php") to accept data. It automatically refreshes as soon as I type a character in any field. Here's the relevant code:
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
This works fine when tested independent from the rest of the site. However, here's the context:
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<?php include 'header.php'; ?>
<?php
$id = $_GET['id'];
switch($id)
{
case 'main':
include 'storeinfo.php';
break;
case 'shop':
include 'inventory.php';
break;
case 'cart':
include 'cart.php';
break;
case 'contact':
include 'contact.php';
break;
default:
include 'error.php';
}
?>
<?php include 'footer.php'; ?>
</body>
</html>
"contact.php" works fine when displayed as a separate page, but won't accept any input when accessed as an include file. If I try to enter data in any of the fields, the page immediately refreshes after I type the first character, and the data is lost.
If anyone could point me in the right direction, I would really appreciate it!
EDIT
Disabling Javascript didn't work. I cleared my cache and restarted my browser (Firefox) just to be sure. While I'm working on that voodoo priest, here's the page source for index.php?id=contact:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Main</title>
<link rel="stylesheet" type="text/css" href="styles.css" />
</head>
<body>
<div>
<p><img src='headerimg.png' class='header'/></p><a href='index.php?id=main'>
<img src='mainbutton.png' class='nav1'</a><a href='index.php?id=shop'>
<img src='shopbutton.png' class='nav2'</a><a href='index.php?id=cart'>
<img src='cartbutton.png' class='nav2'</a><a href='index.php?id=contact'>
<img src='contactbutton.png' class='nav2'</a>
</div>
<div class="contactform">
<form name="contactform" method="post" action="contact-receiver.php">
<fieldset><legend><strong>Required Information</strong></legend>
First Name: <input type="text" name="firstName" size="35" maxlength="30"/>
Last Name: <input type="text" name="lastName" size="35" maxlength="30"/>
Email: <input type="text" name="emailAddress" size="60" maxlength="55"/>
</fieldset>
<input type="submit" value="Submit"/>
<input type="reset" value="Reset"/>
</form>
</div>
<div id = "footer">
<p>©2012</p>
</div>
</body>
</html>
It sounds like a Javascript-related problem.
Check and make sure you're not including any scripts which try to autocomplete, as being misconfigured might cause it to send a request upon key up which would cause the behavior you're mentioning.
An easy way to test this is to disable JavaScript in your browser and see if the issue continues. If it does, it means you have ghosts in your computer and should see a voodoo priest. If the issue doesn't persist, it means it's an issue with some JavaScript on your site.
Posting some contents of header.php will help, as well. OR, you could simply post the complete HTML page source once - that is, visit your index.php?id=contact page, hit view source, and show that here.
Related
Hey i'm having a problem where I cannot seem to get the value of an input using PHP, I have a form in HTML and another file named "handle.php" which i prints the value of username but when I submit It directs me to the file "handle.php" and does not print anything, just shows the script.
I tried doing the script inside the HTML but I got the same result, nothing happened so I thought maybe I need to make a function and then call it onclick but it didn't do anything eventually I made a separate file named "handle.php" and in the form I did "action="handle.php" which lead to the first problem.
HTML:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title> Hide/Show Password Login Form</title>
<meta name="viewport" content="initial-scale=1.0, width=device-width" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css">
<link rel="stylesheet" href="./style.css">
</head>
<body>
<div class="login_form">
<section class="login-wrapper">
<div class="logo">
<img src="logo.png" alt=""></a>
</div>
<form id="login" method="post" action="handle.php">
<label for="username">User Name</label>
<input required name="login[username]" type="text" autocapitalize="off" autocorrect="off" />
<label for="password">Password</label>
<input class="password" required name="login[password]" type="password" />
<div class="hide-show">
<span>Show</span>
</div>
<button type="submit">Sign In</button>
</form>
</section>
</div>
</body>
</html>
handle.php:
<?php
echo $_POST['login[username]'];
?>
By using this name="login[password]" you can get the values in PHP as:
print($_POST['login']['password']);
One more solution, store input array in a variable like:
$post = $_POST['login'];
then, use like:
echo $post['password']
$_POST['login']; will return a php array with all keys you used in your form. So you get the username key of this array like this:
echo $_POST['login']['username'];
first try to print only $_POST then you see what is you get in request.
always help to you for following this method. debug step by step then get the data into array.
<?php
$request=$_POST['login'];
echo $request["username"];
echo $request["password"];
?>
Replace textbox name as username in html code and Change php code as echo $_POST['username']; in handle.php
In Html code,
<input required name="username" type="text" autocapitalize="off" autocorrect="off" />
In php code( handle.php),
echo $_POST['username'];
So i have a file with PHP and HTML in it. The HTML works fine but when i enter the PHP it does not render anything for some reason. See code for beter refrence.
Also logs don't really say anything about the issue.
This fails to do anything
<?php
echo $_POST['naam'];
die();
?>
<!DOCTYPE html>
<html>
<head>
<title>Scouts Permeke</title>
<link rel="stylesheet" type="text/css" href="siteStyle.css">
</head>
<body>
<H2>Login</H2>
<form action="login.php" method="POST">
<input name="naam" type="text" id="naam" class="form-control" placeholder="Gebruikersnaam"/><br>
<input name="psw" type="password" id="psw" class="form-control" placeholder="Passwoord"/><br>
<button type="submit">Login</button>
</form>
</body>
</html>
But this shows my HTML as intended.
<!DOCTYPE html>
<html>
<head>
<title>Scouts Permeke</title>
<link rel="stylesheet" type="text/css" href="siteStyle.css">
</head>
<body>
<H2>Login</H2>
<form action="login.php" method="POST">
<input name="naam" type="text" id="naam" class="form-control" placeholder="Gebruikersnaam"/><br>
<input name="psw" type="password" id="psw" class="form-control" placeholder="Passwoord"/><br>
<button type="submit">Login</button>
</form>
</body>
</html>
You need to check if the variable is actually set, otherwise it will always print out the content of $_POST['naam'] without bothering if the user already inputted data and pressed the Submit-button.
if(isset($_POST['naam'])) {
echo $_POST['naam'];
die();
}
That is because it is ignoring an error as the $_POST array doesn't have the "naam" variable and your php.ini for display error is off. In php, if the array doesn't contain the key it will throw error and in this the error is ignored because of the production settings. Also, this is the reason why the "die();" line is not interpreted. Please check if php.ini has or commented
display_errors: Off
and make it into
display_errors: On
Restart apache to getting the settings work.
You can also remove/comment the first line of code in PHP tag and see if die() is working. Please do let us know if this fixed your error.
I'm trying to save cookie using img tag. I used img tag in thankyou.php and wrote cookie related code in pixel.php file.
These three files are in the same directory(Folder Name: landing).
Here is index.php file code.
<html>
<head>
<title></title>
</head>
<body>
<form action="thankyou.php" method="GET">
<input type="text" name="name" placeholder="Name" required />
<input type="email" name="email" placeholder="email" required />
<input type="submit" value="Subscribe" />
</form>
</body>
</html>
Here is thankyou.php file code.
<html>
<head>
<title></title>
</head>
<body>
<h3>You've successfully subscribed for this campaign.</h3>
<img alt="" width="1" height="1" style="display:none" src="pixel.php?e=<?= $_GET['email'] ?>&c=book_bonus_video_1" />
</body>
</html>
Here is pixel.php file code.
$sCampaign = # $_GET['c'];
$sCampaign = urldecode($sCampaign);
$sEmail = # $_GET['e'];
$sEmail = urldecode($sEmail);
setcookie('campaign_' . $sCampaign,strtolower($sEmail),time()+60*60*24*365,'/');
header('Content-Type: image/gif');
die(base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw=='));
When I submit form(index.php), thankyou.php page is opened but cookie is not created. But when i write URL ( http://www.example.com/landing/pixel.php?e=user#email.com&c=book_bonus_video_1 ) in browser it creates cookie.
I don't know where is issue in my code.
Thanks in advance for guiding me.
when the user input a name to a form. how to display the name to another webpage?
so i have 2 webpage here it is
webpage 1:
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div>
</html>
webpage 2 :
<html>
<body>
<p> echo 'welcome! $_POST
</html>
huhuhu so whats next ? :( im kinda new to php please be gentle guys tnx
As an addition to the already existing answers: One very important thing to keep in mind is protection against Cross Site Scripting attacks. You must assume "All Input Is Evil!". Users might not only enter their name or something like that but also JavaScripts (XSS or even persistent XSS, if you save the inputs) or parts of SQL querys to perform an SQL injection.
Let's say your script accepts a variable called txtname from GET or POST (this is what $_REQUEST means). And you have this code:
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
One could build a link like this:
http://yourhost/yourscript.php?txtname=<script%20type="text/javascript">alert("This%20might%20also%20be%20an%20evil%20script!");</script>
Then one uses a URL shortening service to build a harmless looking link redirecting to the attacker's URL above, e.g.
http://short.xy/dfudf7
which will redirect the user to the evil JavaScript link above. Then your website will execute any JavaScript or embedd evil iframes or whatever an attacker wants. Your users / customers will only see your website in the address bar and will think all that comes from you although a hacker added malicious parts to the site they view.
Therefore, whenever you output something that comes directly or indirectly from a user input (regardless whether read by $_REQUEST or fetched from a database), you have to make sure, HTML special chars like < and > don't work any more! php offers the function htmlspecialchars to escape these dangerous characters. Then they are displayed just as text and do not function as HTML/JavaScript.
By the way, this is not a protection against SQL injections. If you plan to use a database later, you will also have to look for that. Also in this area there are functions to "demine" a user input before passing it to a database.
You are missing to close <form> tag, missing to add submit button, I have fixed your form and it should be like...
webpage.html
<form action="lol.php" method="post">
<div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" />
<input type="submit">
</div>
</form>
lol.php
<?php echo "Welcome!" .$_POST['txtname']; ?>
NOTE
You can also use $_REQUEST to print name..
<?php echo "Welcome!" .$_REQUEST['txtname']; ?>
Page : 1
<html>
<body>
<form action="lol.php" method="post" <div id="name">
<label for="txtname">name: </label> <br/>
<input type="text" name="txtname" value="" /> </div></form>
</html>
Page : 2
<?php
echo "Welcome ".$_POST['txtname'];
?>
You are missing to close <form> tag, missing to add submit button
webpage.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>webpage</title>
</head>
<body>
<form action="lol.php" method="post" name="form" id="form">
<div id="name">
<label for="txtname">name: </label>
<br/>
<input type="text" name="txtname" id="txtname" />
<input type="submit" name="submit" id="submit" value="Submit">
</div>
</form>
</body>
</html>
lol.php
<?php
if((isset($_REQUEST['submit']) && trim($_REQUEST['submit']) =='Submit'))
{
$txtname = addslashes(trim($_REQUEST['txtname']));
echo "Welcome ".$txtname;
}
?>
So I have a very simple login-form in html/php
login1.php
<?php include('settings.php'); ?>
<!DOCTYPE html>
<html>
<head>
<title>login</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form id="form1" name="form1" method="post" action="<?=$basehttp;?>/login_auth1.php">
<input name="ahd_username" type="text" id="ahd_username" size="35" maxlength="255" />
<input name="ahd_password" type="password" id="ahd_password" size="35" maxlength="35" />
<input type="submit" name="Submit" value="Login" />
</form>
</body>
</html>
login_auth1.php
<?php
include('settings.php');
print_r($_POST);
print_r(getallheaders());
if(isset($_POST['ahd_username']) && isset($_POST['ahd_password'])){
//database queries and stuff, send user elsewhere if login correct
}
?>
<!DOCTYPE html>
<html>
<head>
<title>login</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form id="form1" name="form1" method="post" action="<?=$basehttp;?>/login_auth1.php">
<input name="ahd_username" type="text" id="ahd_username" size="35" maxlength="255" />
<input name="ahd_password" type="password" id="ahd_password" size="35" maxlength="35" />
<input type="submit" name="Submit" value="Login" />
</form>
</body>
</html>
When running login1.php (in some) web browsers the POST in login_auth1.php will be empty. But when submiting the exact same form again from login_auth1.php it works just fine. What might be the cause of this error? How to debug further? FYI The server is running Varnish.
Link to output with headers for some calls can be found in this textfile.
Edit:
Have no hair left on my head now but I've figured out a way that "works". If I merge my loginfiles to a single file, put that file into a separate folder /login, removing the url in action tag completly (so it will be action="") and configure Varnish to
if (req.url ~ "/login"){
set req.backend = mybackend;
return (pass);
}
it will work. This feels like a really crappy "solution", especially the part with removing the string in the action tag but it's the only way that I've made it work. I've tried tons of different Varnish configurations, including return (pipe). Does anyone have any idea on how to get it to work properly? Or why this weird version above works?
A good and lasting practice, to replace your quick hack, is to not cache any post requests by:
if ( req.request == "POST" ) {
return (hit_for_pass);
}
Varnish' standard behaviour[1] (at least in 3.0, debian) is to pass POST request directly to backend:
sub vcl_recv {
#...
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
#...
}
So if default code is not reached (you call return(xxx) in your vcl_recv) you should take care of this kind of requests in your own VCL code, returning a pass or either a hit_for_pass as suggested by Clarence.
[1] https://www.varnish-cache.org/docs/3.0/reference/vcl.html#examples