<form action="final_change_pwd.php" method="post">
<table cellpadding="5" cellspacing="20">
<tr>
<td> Current Password: </td>
<td> <input type="text" name="txtoldpwd" /> </td>
</tr>
<tr>
<td> New Password: </td>
<td> <input type="text" name="txtnewpwd" /> </td>
</tr>
<tr>
<td> Confirm Password: </td>
<td> <input type="text" name="txtnewpwd" /> </td>
</tr>
<tr>
<td colspan="2"> <input type="submit" name="submit" value="Change Password" /> </td>
</tr>
</table>
</form>
// This is the form I have and I need a script to figure out what the process of changing password should be...!
// Anyone there to help me???
Fix the name of the input field for Confirm Password as it is the same as New Password. Also send the user ID along in the form as a hidden field.
Process would be to:
check the userid and current password. if they match:
check if new password matches the conformation.
then save it to db.
the process itself is not the hard part though, securing everything is. try to encrypt values before you post it (javascripts available that do this), and salt them afterwards. check if the new password meets possible password requirements (also javascript, before you post it) like at least 6 chars long, has a number in it etc, and even checking if the new password and conformation match can be done before you post anything using javascript.
As advice though, maybe you should consider not doing this yourself at all, because it will never be as secure as it should be.
There are plenty of resources online like this site that can walk you through what you need to do: http://www.plus2net.com/php_tutorial/php_change_password.php
Related
I'm trying to create an auto-response script for work which will display the form fields as required, such as Name, Username, and Password. Once I select Submit, I want the script to remove the form, and display the output with the corresponding response in its stead without having to post it to another page. Ultimately having a form.php and a result.php for each individual scenario that I want will be too cluttered, hence why I'm trying to accomplish this. Thus far for the form, I have:
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<table width="100%" cellpadding="10" cellspacing="0">
<tr>
<td style="width:33%">
</td>
<td style="width:33%"> </td>
<td style="width:33%"> </td>
</tr>
<tr>
<td colspan="3" style="width:99%">
<label>Name</label><span class="req">*</span>
<span id="reqName" style="color:Red;display:none;"> </span>
<br />
<input type="text" name="name">
</td>
</tr>
<tr>
<td colspan="3" style="width:99%">
<label>Username</label><span class="req">*</span>
<span id="reqProblem" style="color:Red;display:none;"> </span>
<br />
<input type="text" name="username">
</td>
</tr>
<tr>
<td colspan="3" style="width:99%">
<label for="txtProblem">Password</label><span class="req">*</span>
<span id="reqProblem" style="color:Red;display:none;"> </span>
<br />
<input type="text" name="password">
</td>
</tr>
<tr>
<td colspan="3" style="width:99%">
<br />
<input type="submit" name="submit" value="Submit">
</td>
</tr>
</table>
</form>
For the PHP I have:
<?php
if(isset($_POST['submit'])) {
echo "<h4>Response</h4>";
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
echo "<p>Hello, $name <br />
Your Login Information is as follows:
Username: $username
Password: $password.
</p>";
}
?>
So to sum up, I want to completely remove everything before the PHP isset and replace it with the corresponding result.
In the present form what happens is that your HTML is sent off to the browser (or at least some invisible buffer on its way to the browser) and is out of your control once you've gotten to the part of your script that controls form processing.
So you've got two choices. One is to leave it generally in the state you have it but use output buffering with ob_start() and related functions - which I really don't recommend in this case - or just re-arrange the order of your code.
In general the most common design pattern for these one-page self-processing forms is to have your processing logic at the very top, and the output of form or success/failure message be conditional on the results.
To implement this take your PHP code and move it to the top of the file. At the end of your present POST code, if the post was successful then you output your message but nothing else. If it isn't successful, or if there has not yet been any post, THEN you output the form html. Something along these lines:
<?php
if($no_post_or_failure)
{
// output html
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
...
<?php
} // aaaand we're done!
?>
And that's about it. I hope that made sense :)
Just change your PHP:
<?php
if(isset($_POST['submit'])) {
echo "<h4>Response</h4>";
$username = $_POST['username'];
$password = $_POST['password'];
$name = $_POST['name'];
echo "<p>Hello, $name <br />
Your Login Information is as follows:
Username: $username
Password: $password.
Back
</p>";
}else{
?>
//YOUR HTML FORM GOES HERE
<?php
}
So I am at my wits end. Out of the more complex issues, this is the one that has just stumped me. I'm not sure if it's a HTML issue or a PHP issue, anymore. I've tried everything I could think up, and just nothing.
Ok so I need to pull a specific name out of a dynamically created table, the Weapon’s Name to be exact.
So User clicks the button “Delete weapon” and that weapon would be deleted. The query is fine; my issue is getting this name. If there was just one weapon and this wasn’t dynamic I would just go for the specific field name. That’s PHP 101.
This is the loop it's being pulled from:
while ( $weapons = mysql_fetch_array($data)) {
echo '
<table width="780" border="1">
<tr>
<td colspan="2">weapon</td>
<td>AttackBonus</td>
<td>crit</td>
</tr>
<tr>
<td colspan="2">
<input type="text" name="weaponName'.$i.'" id="weaponName'.$i.'" size="10" value="'.$weapons["weaponsName"].'" />
<input type="hidden" name="weaponName" value="'.$weapons["weaponsName"].'"/>
</td>
<td>
<input type="text" name="attackBonus'.$i.'" id="attackBonus'.$i.'" size="10" value='.$weapons["weaponsAttackBonus"].' />
</td>
<td>
<input type="text" name="crit'.$i.'" id="crit'.$i.'" size="10" value='.$weapons["weaponsCritical"].' />
</td>
</tr>
<tr>
<td>type</td>
<td>range</td>
<td>ammunition</td>
<td>damage</td>
</tr>
<tr>
<td>
<input type="text" name="type'.$i.'" id="type'.$i.'" size="10" value='.$weapons["weaponsType"].' />
</td>
<td>
<input type="text" name="range'.$i.'" id="range'.$i.'" size="10" value='.$weapons["weaponsRange"].' />
</td>
<td>
<input type="text" name="ammunition'.$i.'" id="ammunition'.$i.'" size="10" value='.$weapons["weaponsAmmunition"].' />
</td>
<td>
<input type="text" name="damage'.$i.'" id="damage'.$i.'" size="10" value='.$weapons["weaponsDamaage"].' />
</td>
</tr>
<tr>
<td colspan="4">
<input type="submit" formaction="include/deleteweapon.php" formmethod="post" value="Delete Weapon"/>
</td>
</tr>
</table>
';
$i++;}
It’s probably something small, that’s how it’s always been my issue. I’ve tried a few different while loops. I’ve tried if statements with issets($_post[“weaponName0”], etc. I just don’t know.
Edit:
So I'm not very good with explaining what I need. The loop to display the information is fine, and yes the button needs to be there.
(I don't have enough rep to up load an image so here is the link)
http://farm9.staticflickr.com/8391/8468562067_0cd4158e35_b.jpg
This is what it looks like. I can not get the value of the weapon name. The output is fine here, it's when I need to delete that specific weapon, that I'm having issue with. I need that name. This is why I'm not sure if it's the HTML or the PHP. The button has to be iterated or whats the point? The mySQL is fine, that was the easy part.
I have an idea of what I can do, but in my opinion it's bad design and I think I would just have the same problem. I could add a check box for these fields to delete, and it'll be deleted after you try to save the character.
I'm not 100% sure I understand your problem, I believe in your HTML, you should do something like:
<input type="hidden" name="weaponName[<?php print $i; ?>]" value="The Name" />
In your PHP, you should be able to access the name given an index:
$index = 1; // Some arbitrary index
$weapon_name = $_POST['weaponName'][$index];
Alternatively, and what I would do: In your form's action, specify an id:
<form action="delete.php?id=<?php print $weaponId; ?>" action="post">
Then in your PHP, you can do:
$id = $_GET['id']; // This is the weapon ID
Then you can just pull the name directly from the database, using the ID.
It looks like you have a single delete button for each iteration of the loop. You should be able to set the name for deletion just as you set it as a label.
<input type=hidden name=weaponsName value=".$weapons['weaponsName'].">
<input type=submit ...>
$weaponsName = $_POST['weaponsName'];
You are using mysql_fetch_array instead of mysql_fetch_assoc, so you should use the field index, like this:
$weapons["weaponsName"] // This is wrong
$weapons[0] // This is the right approach
PS: You should not use the mysql extension....go for the mysqli or PDO ;)
Saludos.
So Im relatively new to PHP from ASP. And After converting alot of ASP code into PHP I have come across a problem where my PHP code seems unable to find the hidden variable I have set. It worked fine in ASP and was just wondering the best way to resolve this.
Start of the Form:
<form name="LogIn" action="login.php" method="post">
<td bgColor=#ffffff>
<table align="center" cellSpacing="2" cellPadding="2" border="0">
<tr>
<td> </td>
<td align="right"><font color="#4d71a1">User name:</font> </td>
<td><input name="UserName" size="25" type="Text" autocomplete="OFF"></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="right"><font color="#4d71a1">Password:</font> </td>
<td><input name="Password" size="25" type="Password" autocomplete="OFF"></td>
<td> </td>
</tr>
PHP script:
<?
if ($_POST["BtnPress"]=="Pressed")
{
if ($_POST["Username"]=="*****" && $_POST["password"]=="*********")
{
$_SESSION['AdminID']="1";
header("Location: "."index.php");
}
else
{
print "<font color=#ff0000>Sorry you cannot access this part of the site.</font>";
}
}
?>
then the rest of the form:
<tr>
<td align="center" colspan="4">
<input type="hidden" name="BtnPress" value="Pressed">
<input type="Submit" value="Log In" class="mybutton" onclick="return CheckForm();">
</td>
</tr>
</table>
</td>
</form>
The PHP seems unable to find the variable BtnPress, its a similar problem throughout alot of my translated ASP to PHP script. Sorry if it is a simple solution but can anyone tell me where I am going wrong?
You have name="Password" and $_POST["password"]
Password != password
Watch your case.
<form name="LogIn" action="login.php" method="post">
<td bgColor=#ffffff>
That is invalid HTML. A <td> element cannot be a child element of a <form>. Browsers are likely to error recover in ways that break your HTML (e.g. by moving the form, but not its contents, outside the table). Do use a validator.
And stuff that isn't likely to be the cause of the problem, but is likely to be the cause of other problems.
Don't use layout tables
Do use the label element
Do use CSS for presentation (you can style your label elements instead of using the obsolete font element
Do not use a hidden input to test if a form is submitted.
use:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// processing of $_POST
}
The name of the submit button should be "BtnPressed" not the hidden field.
What I would do would be to set the form action to ?id=submit or something like that, and then check "if $_GET['id'] == "submit" then process data.
<form action="login.php?do=submit">
.... <input .....
</form>
<?php
if($_GET['do'] == "submit"){
//process data
} ?>
I'm trying to verify that certain fields in my form are numeric and not text.
Where would I start ?
If the fields are numeric, then serialize, if not then send an empty string.
The reason I want to do this is because PHP sees the data for each variable as a string and not numeric.
this is my ajax request
$.ajax({
type: "POST",
url: "lib/calc.php",
data: $("#calcQuery").serialize(),
dataType: "html",
success: function(response)
{
$("#calcBox").html(response);
$("#calcBox").show();
clearForm("#calcQuery");
},
this is my form
<form id="calcQuery" class="ui-widget-shadow ui-corner-all" style="margin-top: 1em;">
<fieldset class="ui-corner-all" >
<table border="0" width="85%">
<tr>
<th><nobr><label for="curr_alloc">Current Space Allocation:</label></nobr></th>
<td align="right"><input type="text" size="5" name="curr_alloc" id="curr_alloc" /></td>
</tr>
<tr>
<td>
<table border="0" style="margin-left: .5em;">
<tr>
<td>
<input type="radio" name="curr_unit" value="KB" /><label>KB</label>
</td>
</tr>
<tr>
<td>
<input type="radio" name="curr_unit" value="MB" /><label>MB</label>
</td>
</tr>
<tr>
<td>
<input type="radio" name="curr_unit" value="GB" checked /><label>GB</label>
</td>
</tr>
<tr>
<td>
<input type="radio" name="curr_unit" value="TB" /><label>TB</label>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<th><nobr><label for="curr_percent">Current Usage Percentage:</label></nobr></th>
<td align="right"><input type="text" size="5" name="curr_percent" id="curr_percent" /></td>
</tr>
<tr>
<th><nobr><label for="desired_percent">Desired Usage Percentage:</label></nobr></th>
<td align="right"><input type="text" size="5" name="desired_percent" id="desired_percent" /></td>
</tr>
</table>
</fieldset>
</form>
You need to use the Validate plugin. It is quite easy to specify various rules on form submission.
Have you tried PHP's function is_numeric?
As Vincent Ramdhanie mentioned, the validate plugin is a good option.
However, there are a few things I'd like to clarify:
The reason I want to do this is because PHP sees the data for each variable as a string and not numeric.
The types of each field value will ALSO be string as far as the javascript/DOM on your page is concerned. Therefore, even if the user enters a number, it's really just a string. So in either case you will need to parse the string into a number (or let a library do it for you).
The second, important thing to remember is that you cannot rely on clientside validation as it is easily bypassed/broken. You should really be validating the data on the server side, as well as on the client side.
Update
In response to your comment, I am not very familiar with PHP, but a quick googling shows me that this should work:
$foo = "3.123";
$bar = (float) $foo;
As I mentioned, I'm not a PHP programmer so there may be a better way to do it, but that should work.
I think this will solve your probelm ,PHP have a good function named intval
[link] http://php.net/manual/en/function.intval.php
Suppose I have a application form which contain lot of boxes like email,username,age etc...I have connected this application form to database(mysql) through action="register.php" in application form...
NOw i want that in database,username and email id should be unique.Means no two users cant have same username or email id..
What I know to do This....
When you created tables in mysql then make these fields (username,email) unique(by primary key).Butif i submit the form with same username already in database then error msj will be showed on the next page something like this.username is priamry.....whatever..
Problem in this...
The error msj should be displayed on the onblur event of that textbox(username textbox and email textbox)..
How i can do this.Please explain with example For your ease i am giving code for application form...something lik ethis
applicationform.php
form name="form" action="register.php" method="GET" >
<tr>
<td>Username</td>
<td><input type="text" id="username" size="30" maxlength="35" value=""></td>
<td><div id="p1"></div></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" id="email" size="30" maxlength="30" value=""></td>
</tr>
<tr>
<td align="center" colspan="100"> <input type="submit" name="submit" value="Submit">
</td>
</tr>
I think you have to make an Ajax request when the blur event happens and check at the server side whether the the username exists or not.
This AutoCompleter tutorial should give you the right idea how to do this.