I am a very rookie php developer; and i decided create a user Login system.
For the system, i want use captcha system. My problem is that when i click the button "Send" i can't send the data of the form (two textbox: username and mail address).
For make it work; i created a method that recive the data of the form, this data is send like: method_name($POST["username"],$POST["mail"]);
i want to know if this is correct or it will have some security problem or maybe something else.
thanks.
pd: sorry for my english...is not good.
this is the index page
<?php
require_once('recaptchalib.php');
require_once('home.php');
$publickey = "foo";
$privatekey = "bar";
$error = null;
if ($_POST['action'] == "register") {
$re_ip = $_SERVER["REMOTE_ADDR"];
$re_challenge = $_POST["recaptcha_challenge_field"];
$re_response = $_POST["recaptcha_response_field"];
$resp = recaptcha_check_answer($privatekey, $re_ip, $re_challenge, $re_response);
if ($resp->is_valid) {
// procesar registro
hello($_POST["username"],$_POST["usermail"]);
exit;
} else {
$error = $resp->error;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>reCAPTCHA Demo</title>
<style type="text/css">
body {
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
font-size: 12px;
color: #333;
line-height: 18px;
}
.casilla {
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
font-size: 11px;
color: #333;
padding: 2px 4px;
width: 298px;
margin-left: 3px;
}
h3 {
color: #03C;
font-size: 16px;
}
</style>
<link rel="stylesheet" href="stylesheets/css3buttons.css" media="screen"/>
</head>
<body>
<h3>Registro</h3>
<form method="post">
<label for="username">Usuario</label><br />
<input name="username" type="text" class="casilla" id="username" /><br />
<label for="usermail">Email</label><br />
<input name="usermail" type="text" class="casilla" id="usermail" /><br />
<label for="usercheck">Verificación</label><br />
<?php echo recaptcha_get_html($publickey, $error); ?>
<input type="hidden" name="action" value="register" />
<button type="submit" name="btsend" value="Enviar">Iniciar Sesión</button>
</form>
</body>
</html>
**and this is other page**
<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
</head>
<body>
<?php
function hello($var1,$var2)
{
$mailFilter = "^(([a-zA-Z0-9_\-\.]+)#([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5}){1,25})+([;.](([a-zA-Z0-9_\-\.]+)#([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5}){1,25})+)*$";
echo"HELLO WORLD\n".$var1."---".$var2;
if (preg_match($mailFilter, $var2)) {
echo "A match was found.";
} else {
echo "correo valido.";
}
}
?>
</body>
</html>
If the form cannot be sent, then I would assume because the form declaration lacks the action= URL. Normally you would write:
<form method="POST" action="index.php">
The second thing is the email regex. It misses the typical valid characters, but also doesn't use correct PCRE delimiters. Rather use this instead of a manual preg_match $mailFilter:
if (filter_var($var2, FILTER_VALIDATE_EMAIL)) {
Related
in my test page I have three links which assign a different web address to a variable called $link
.buttonpush {
height: 25px;
width: 200px;
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
font-weight: bold;
color: #333;
border: 2px solid #CCC;
}
.butdiv {
position: absolute;
left: 20px;
top: 30px;
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>index</title>
<link href="css/phptest.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="butdiv">
<div class="buttonpush"><a href="show.php
?link=http://www.google.co.uk/">Button one</a></div>
<div class="buttonpush"><a href="show.php
?link=http://www.blue-seahorse.com/">Button two</a></div>
<div class="buttonpush"><a href="show.php
?link=http://www.blue-seahorse.com/">Button three</a></div>
</div>
</body>
</html>
I need to make the result page display the required web site within the object tag
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>show</title>
</head>
<body>
<?php
$link = $_GET['link'];
?>
<object data="echo htmlspecialchars '$link';" width="1000" height="720">
<embed src="echo htmlspecialchars '$link';" width="1000" height="720" /> Error: Embedded data could not be displayed.
</object>
</body>
</html>
Although the correct web address is passed to the show.php page, it doesn't display the webpage being called. I've used a similar code to pass specific variable strings to a form before, but I failed in my attempt to achieve this result.
Try :
<object data="<?php echo htmlspecialchars($link); ?>" width="1000" height="720">
<embed src="<?php echo htmlspecialchars($link); ?>" width="1000" height="720" /> Error: Embedded data could not be displayed.
</object>
In order to use php variable it has to be inside <?php ?>
I have a login script which is working fine on the production server hosted on shared hosting (Windows8 server).
The same script when tried on the local server(not connected to internet) which is WindowsXP and UniServ (like XAMPP OR WAMP). It just gives a blank screen.
So I tried testing a few scripts if there is any issue in Apache / Mysql / PHP. All 3 are working fine on Uniserv.
I tried checking the configuration for session path, all that is fine.
Not sure what else needs to be checked if the same files have to work on local server. Need help.
Please check the below login script:
<?php // accesscontrol.php
include_once 'common.php';
include_once 'db2.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Test - Login</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<head>
<style type="text/css">
<!--
.style1 {
font-size: 16px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
body {
background-color: #D7F0FF;
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
-->
</style>
</head>
<body>
<h1 class="style1"> <br><br>Testing Login Required </h1>
<span class="style3"><br>
You <strong>must login to access this area </strong>of the site. <br>
<br>
If you are not a registered user, please contact your Admin
to sign up for instant access!</span>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<span class="style3">User ID:
<input type="text" name="uid" size="12" />
<br>
<br />
Password:</span>
<input type="password" name="pwd" SIZE="12" />
<br>
<br />
<input type="submit" value="Login" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("exceltron");
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact you#example.com.');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<style type="text/css">
<!--
.style1 {
font-size: 16px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
<body>
<br/>
<br/>
<h1 class="style1"> Access Denied </h1>
<p class="style3">Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
here. To access, please contact our Admin !</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
$_SESSION['user'] = mysql_result($result,0,'userid');
?>
db.php:
<?php // db2.php this is only for accesscontrol.php
$dbhost = 'localhost';
$dbuser = 'exceltron';
$dbpass = '********';
function dbConnect($db='') {
global $dbhost, $dbuser, $dbpass;
$dbcnx = #mysql_connect($dbhost, $dbuser, $dbpass)
or die('The site database appears to be down.');
if ($db!='' and !#mysql_select_db($db))
die('The site database is unavailable.');
return $dbcnx;
}
?>
common.php
<?php // common.php
function error($msg) {
?>
<html>
<head>
<script language="JavaScript">
<!--
alert("<?=$msg?>");
history.back();
//-->
</script>
</head>
<body>
</body>
</html>
<?
exit;
}
?>
Turn error reporting on and look into error logs and check phpinfo() whats interesting there.
I have a php file which checks for login and password from users database, it works fine.
But I am unable to validate the exact error to display if the user does not exist or password incorrect to the user and go back to previous page after error, help me how to display these errors.
<?php // access.php
include_once 'common.php';
include_once 'db.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<head>
<style type="text/css">
<!--
.style1 {
font-size: 16px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
<body>
<h1 class="style1"> <br><br> Login Required </h1>
<span class="style3"><br>
You <strong>must login to access this area </strong>of the site. <br>
<br>
If you are not a registered user, please contact your Admin
to sign up for instant access!</span>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
<span class="style3">User ID:
<input type="text" name="uid" size="12" />
<br>
<br />
Password:</span>
<input type="password" name="pwd" SIZE="12" />
<br>
<br />
<input type="submit" value="Login" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("svga");
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact you#example.com.');
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
<style type="text/css">
<!--
.style1 {
font-size: 16px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.style3 {
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
-->
</style>
</head>
<body>
<br/>
<br/>
<h1 class="style1"> Access Denied </h1>
<p class="style3">Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
here. To access, please contact our Admin !</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
$_SESSION['user'] = mysql_result($result,0,'userid');
?>
simply put
if(mysql_num_rows($result)==0) {
header('location:your_page.php');
}
this will redirect you to the page and assuming that you have defined error() method, just
echo error();
For some reason my CSS is not formatting my div tags into the correct spots on the page. It works on all my other pages but this one has a lot more PHP in it than normal and I am wondering if that is the problem.
Page
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
require("protect/serverInfo.php");
$myusername=$_POST[Email];
$mypassword=$_POST[Password];
$result = mysql_query("SELECT * FROM Customers WHERE Email='$myusername' AND Password=$mypassword");
$count=mysql_num_rows($result);
if($count==1){
while($row = mysql_fetch_array($result)){
?>
<div class="wrapper">
<div class="customerHead">';
<h1>
<?php echo $row['Customer'] ?>
</h1>
</div>
<div class="customerInfoMain">
Company: <?php echo $row['Company'] ?><br />
State: <?php echo $row['State'] ?>
</div>
<div class="customerCards">';
<img src="<?php echo $row['imagePathFront'] ?>" width="400px" height="303px" align="center" alt="" />
<img src="<?php echo $row['imagePathBack'] ?>" width="400px" height="303px" align="center" alt="" />
</div>
<div class="customerComments">';
<h5>Changes Made:</h5><br /> <?php echo $row['Comments'] ?>
</div>
</div>
<?php
}
}
else {
echo "Wrong Username or Password";
}
?>
</body>
</html
>
CSS
.customerCards{
top: 150px;
position: relative;
width: 425px;
border: 3px;
border-style:solid;
border-color: black;
background-color: silver;
z-index:1;
}
.customerInfoMain{
top: 200px;
position: relative;
width: 200px;
left: 520px;
border: 3px;
border-style:solid;
border-color: black;
background-color: silver;
z-index:2;
}
.customerComments{
position: relative;
width: 200px;
left: 580px;
border: 3px;
border-style:solid;
border-color: black;
background-color: silver;
z-index:2;
}
.wrapper{
position: absolute;
left: 50%;
width: 900px;
margin-left: -475px;
}
Source after page load
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
Wrong Username or Password
</body>
</html>
its because your wrapper just starting if there is user..
But what happend if you put your wrapper around the PHP, like:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="wrapper">
<?php
require("protect/serverInfo.php");
$myusername=$_POST[Email];
$mypassword=$_POST[Password];
$result = mysql_query("SELECT * FROM Customers WHERE Email='$myusername' AND Password=$mypassword");
$count=mysql_num_rows($result);
if($count==1){
while($row = mysql_fetch_array($result)){
?>
<div class="customerHead">';
<h1>
<?php echo $row['Customer'] ?>
</h1>
</div>
<div class="customerInfoMain">
Company: <?php echo $row['Company'] ?><br />
State: <?php echo $row['State'] ?>
</div>
<div class="customerCards">';
<img src="<?php echo $row['imagePathFront'] ?>" width="400px" height="303px" align="center" alt="" />
<img src="<?php echo $row['imagePathBack'] ?>" width="400px" height="303px" align="center" alt="" />
</div>
<div class="customerComments">';
<h5>Changes Made:</h5><br /> <?php echo $row['Comments'] ?>
</div>
<?php
}
}
else {
echo "Wrong Username or Password";
}
?>
</div>
</body>
</html>
"Then you should have a little bit of the CSS action?"
Split the code by purpose functionality and calculations are not meant to be in the same place, html should be rendered last. Keeping on working like this will bring you a lot of trouble. Things should be done like this:
loginProcess.php contains:
if(isset($_SESSION["user"]) {
$row = $_SESSION["user"];
}
include("loginPage.php");
?>
and this is longinPage.php (you can include either of them in which on you want). Either include loginPage.php at the end of loginProcess.php or include loginProcess.php at the begining of loginPage.php
so loginPage.php contains
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns="http://www.w3.org/1999/xhtml">
< head>
< meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
< title>Untitled 1
< link href="stylesheet.css" rel="stylesheet" type="text/css" />
< /head>
< body>
if(isset($_SESSION['user'])) {
< div class="wrapper">
< div class="customerHead">';
<h1><!---you know the row from before---/>
<?php echo $row['Customer'] ?>
</h1>
</div>
<div class="customerInfoMain">
Company: <?php echo $row['Company'] ?><br />
State: <?php echo $row['State'] ?>
</div>
<div class="customerCards">';
<img src="<?php echo $row['imagePathFront'] ?>" width="400px" height="303px" align="center" alt="" />
< a href ="something/<?php echo $row['imagePathBack'] ?>" target="_blank">
< img src="" width="400px" height="303px" align="center" alt="" />
</div>
<div class="customerComments">';
<h5>Changes Made:</h5><br /> <?php echo $row['Comments'] ?>
</div>
</div>
<?php
}
}
else {?>
<form action="/loginProcess.php" (or loginPage.php if loginPage includes the loginProcess) method="POST">
<input type="text" name="Email" value=""/>
<input type="password" name="Password" value=""/>
<input type="submit" value="login"/>
</form>
<?php}?>
?>
first the login form will be shown and the user will input his credentials, those credentials will be checked and if they are ok the SESSION['user'] is set (remeber you need a session start for that) now as long as the session persists you will not need to request for login all the time. Anyway, if you do not want for some reason to fully separate Database Concerns/Process Concerns/Viewing Concerns, at leas you must separate the Process from the Viewing(Keeping Database concerns in the processing area). Checkout some frameworks online or try to find a way to write code with a little more care, otherwise you will keep on having useless problems that waste your time.
I'm trying to implement this method of making a nice form upload:
www.kavoir.com/2009/02/styling-file-upload-select-input-control-input-typefile.html/
which is amazing and simple, but my only issue is that every time I select a file it's showing up as "C:\fakepath\filename". I'm on a mac and I cannot for the life of me figure out where this is coming from! Here's my code:
<?php
error_reporting(E_ALL ^ E_NOTICE);
ini_set('display_errors', '1');
if ($_POST['submit'] == "Submit") {
$temp_file = $_FILES['upload']['tmp_name']."/".$_FILES['upload']['name'];
$target_file = getcwd()."/uploads/".$_FILES['upload']['name'];
// if (!move_uploaded_file($temp_file,$target_file)) {
//
// }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>untitled</title>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
<style>
.upload {
position:relative;
width:250px;
height:135px;
border:1px solid #666;
padding:10px;
background:#DDD;
}
.loading {
background:rgba(50,50,50,0.8);
position:absolute;
top:0;
left:0;
width:250px;
height:135px;
}
.realupload {
position:absolute;
bottom:0;
right:0;
/* start of transparency styles */
opacity:0;
-moz-opacity:0;
filter:alpha(opacity:0);
/* end of transparency styles */
z-index:2; /* bring the real upload interactivity up front */
width:200px;
}
form .fakeupload {
/* background:url(uploadify/select.png) no-repeat 100% 50%;
*/ }
form .fakeupload input {
width:238px;
font-family:Arial,sans-serif;
padding:5px;
border:1px solid #666;
background:#FFF;
outline:none;
}
label {
width:120px;
height:30px;
}
label img {
cursor:pointer;
}
.upload a.cancel {
position:absolute;
top:10px;
right:10px;
}
</style>
</head>
<body>
<div class="upload">
<form name="file" method="post" action="test.php" enctype="multipart/form-data">
<label for="realupload"><img src="uploadify/select.png" /></label>
<div class="fakeupload">
<input type="text" name="fakeupload" /> <!-- browse button is here as background -->
</div>
<input type="file" name="upload" id="realupload" class="realupload" onchange="this.form.fakeupload.value = this.value;" />
<input id="submit" type="submit" name="submit" value="Submit" />
</form>
<a class="cancel" href="test.php"><img src="uploadify/cancel.png" /></a>
<div class="loading"></div>
</div>
<script>
$(document).ready( function() {
$('div.loading').fadeOut(0);
});
$('form input.submit').click( function() {
$('div.loading').fadeIn(400);
});
</script>
</body>
</html>
That's on the browser's security level. I've encountered this on Windows (IE), but surprisingly you're on a Mac. Try other browsers or change the security options of your current browser. Make it not too conservative.
Also, try using other site's upload forms.