Confirm Password? - php

New to all this so forgive my ignorance. I am trying to figure out how to add a "confirm your password" field to my form. Using PHP and mySQL. Is this entered in the html form code, and how can you set it to auto check that the password and confirm password fields match.


Just get both the password and confirm password fields in the form submit PHP and test for equality:
if ($_POST["password"] === $_POST["confirm_password"]) {
// success!
}
else {
// failed :(
}
where password and confirm_password are the IDs of the HTML text inputs for the passwords.


What you're trying to do is form validation. It's a good idea do validate on the client side (using javascript) so you have a faster response for your user on the interface, and on your server side (since your user can have javascript disabled - and because you should never blindly trust in user input. Read Should you do validation on your server side for some more information about this subject).
You just need to compare the two posted values. If correct, insert in database. If not, dont do anything and returns a message to the user saying that the password is incorrect.
I can't give more details since you didn't provide enough or detailed information of your php environment (frameworks used, libs used, etc).


you can check it in JavaScript using
<html><title></title><head>
<script>
function validate(){
if(!document.getElementById("password").value==document.getElementById("confirm_password").value)alert("Passwords do no match");
return document.getElementById("password").value==document.getElementById("confirm_password").value;
return false;
}
</script>
</head>
<body>
<form onSubmit="return validate()" action="nextPage.php">
Password: <input type="text" id="password" name="password" /><br/>
Reenter Password: <input type="text" id="confirm_password" name="confirm_password" />
<input type="submit" value="submit"/>
</form>
</body>
</html>
And on sever side you need to check it again in case client do not have JavaScript Enabled,
if($_GET['password']==$_GET['confirm_password'])
You have to use $_POST instead of $_GET in case of POST method


I updated the code, there is missing colon on form submit.
<html>
<title></title>
<head>
<script>
function validate(){
var a = document.getElementById("password").value;
var b = document.getElementById("confirm_password").value;
if (a!=b) {
alert("Passwords do no match");
return false;
}
}
</script>
</head>
<body>
<form onSubmit="return validate();" ">
Password: <input type="text" id="password" name="password" /><br/>
Re-enter Password: <input type="text" id="confirm_password" name="confirm_password" />
<input type="submit" value="submit"/>
</form>
</body>
</html>


Are you using some kind of framework? If not it should be as simple as checking after save that both fields are set and that $confirmationPassword == $passWord. Then apply whatever validation you need to the password before storing it in SQL.

Related

Password protected form with HTML and PHP

I'm making a html form and need people to validate that they are who they say they are. How I'm planning on doing this is with a password field. From which the password will be sent to them by email. So only one password is eneugh, so no need for dozens of different passwords.
The HTML
<form action="contact.php" method="post">
<!--entire form here-->
<input type="password" name="pwd" placeholder="Password" required />
<input type="submit" value="submit" id="button"/>
</form>
So my question is:
How do I select what the password is (I think in contact.php, not sure)
How do I process the password in contact.php
Thanks in advance!

Your form sends data to the page contact.php
Here's what to write in contact.php so you'll get the value from the input:
<?php
if (isset($_POST['pwd']))
{
//comparing the user input with the good password
if ($_POST['pwd'] == 'THE_GOOD_PASSWORD_GOES_HERE')
{
echo 'Password is good';
}
else
{
echo 'Wrong password';
}
}
?>
Replace THE_GOOD_PASSWORD_GOES_HERE with your password.
Also, please consider reading this

GET and POST Method in same form

So i want to use the GET method and POST method on the same form. The GET to send the details from the form to the url bar and the post for a isset if statement to check if the form has been submitted. I would like to be able to do this. But if you can find another way of doing it please tell me
HTML
<form method="post">
<p>Username:</p><input type="text" name="Username">
<p>Password:</p><input type="password" name="Password">
<p>Post:</p><input type="text" name="Post" value=""><br><input type="submit"
value="submit" name="submited">
</form>
PHP
if (isset($_POST['submited'])){
$Username=$_GET["Username"];
$Password=$_GET["Password"];
$Post=$_GET["Post"];
$Password=md5($Password);
if(blah=blah){
echo "blah";
}
}

Change
isset($_POST['submited'])
to
isset($_GET['submited'])
But it is a really bad idea to send password using GET.

Kinda bad practice, but you could force it by sending parameters in URL:
Setting like action="index.php?data=123" should do the work:
<form method="post" action="index.php?name=a&surname=b"> //Here we go
<p>Username:</p><input type="text" name="Username">
<p>Password:</p><input type="password" name="Password">
<p>Post:</p><input type="text" name="Post" value="">
<br>
<input type="submit" value="submit" name="submited">
</form>

in your form you can change it's action -- so action="?var1=something&var2=example"
It could be done with javascript; example:
<!doctype html>
<html>
<head>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$('form').submit(function() {
$('form').attr('action','?Username=' + $('input[name=Username]').val() + '&Password=' + $('input[name=Password]').val() + '&Post=' + $('input[name=Post]').val());
return true;
});
});
</script>
</head>
<body>
<form method="post">
<p>Username:</p><input type="text" name="Username">
<p>Password:</p><input type="password" name="Password">
<p>Post:</p><input type="text" name="Post" value=""><br><input type="submit"
value="submit" name="submited">
</form>
</body>
</html>

Personally I would POST the form to say my formprocess.php page, placing your
if(isset($_POST['submitted'])) {
//Code goes here, do checks/validation etc
}
Then once you've done what you needed to do with your code do a header (or meta redirect if you have already sent your headers) like so:
header('Location:http://www.mysite.com/index.php?value=formsubmitted&action=success');
So the value= and the action= could just be the values you want to pass back in the URL. You could also add some RewriteRule 's to your .htaccess to make these redirected URL's a bit prettier and better for SEO etc. Also if you do go down this route, make sure to set/define the redirection status i.e. 301 see below:
header("HTTP/1.1 301 Moved Permanently");

I think what everyone is wondering is why anyone would need to use $_GET if they are using $_POST.
i.e.:
if (isset($_POST['submited'])){
$Username=$_POST["Username"];
$Password=$_POST["Password"];
$Post=$_POST["Post"];
$Password=md5($Password);
if(blah=blah){
echo "blah";
}
}
... and if you want to check your parameters while developing just stick in...
print_r($_POST)
Is there any reason why you need to retrieve your form field data from a $_GET?

How to validate login form using JavaScript PHP and MariaDb?

I am starting to learn JavaScript today. I want to validate the user login form using JavaScript and MariaDB. I know how to connect to database using PHP, but if I have to do it through JavaScript, is that possible? I
I want to get the user's table using JavaScript. The user will get an error when, of course, their username/password does not match what they have on the database. I am really curious about this.
<form name="loginForm" id="loginForm" method="post" action="login.php" onsubmit="return validateLoginForm();">
Username: <input type="text" name="username">
Password: <input type="password" name="password"> <br/>
<input type="submit" name="login" value="Login"/>
</form>
If the user click the button, will connect to the table using JavaScript. But I dont know how to do it.
Thanks.

I am going to use jquery which is an excellent javascript framework.
Since you have no code to show, I will only post for you pseudo code to show you how you can validate a username and password using jquery,php and mariadb. The mysqli API in php will work with mariadb
HTML\Client side
<html>
<head>
<script src="jquery-1.X"></script>
<script>
$(document).ready(function(e){
var username=$("#username").val();
var password=$("#password").val();
$("#login").click(function(){
if(username=="" && password=="")
{
alert("username or password is blank");
e.preventDefault();//prevent the form from submitting.
}
})
})
</script>
</head>
<body>
<form name="loginForm" id="loginForm" method="post" action="login.php">
Username: <input type="text" name="username" id="username">
Password: <input type="password" name="password" id="password"> <br/>
<input type="submit" name="login" id="login" value="Login"/>
</form>
</body>
</html>
PHP Side - Login.php
<?php
include("conn.php");
$username=$_POST['username'];
$password=sha1($_POST['password']); //my passwords are hashed in the database using the sha1
$checklogin="SELECT * FROM users_tbl WHERE Username=? AND Password=?";
$query = $connection->prepare($checklogin);
$query->bind_param("ss",$username,$password);
$query->execute() or die($connection->error);
$count = $query->num_rows;
if($count==1)
{
while($row=$query->fetch_assoc)
{
$_SESSION['username']=$row['Username'];
}
header("Location:index.php")
}
?>
PHP Connection File - conn.php
<?php
//connect to database
$connection = new mysqli("localhost","user","password","mydatabase");
if(mysqli_connect_errno()){
printf("Connection failed: %s\n",mysqli_connect_error());
exit();
}
?>
Please not this is a very basic login script to give you a general understanding. You need to read up on jquery and PHP in detail.

PHP/HTML alert box?

I have a login/register element where users login and register in the same form. The form exists of email and password. The downside is if a user mistypes his/her email....since then a new user will be added unintentionally to mysql.
I would like an alert of some kind where users can click 'yes' or 'no' to create a new account.
Any ideas how to do this best?

I don't think having a login / registration form being the same form and same submit button is a good idea. If you really want, I think Amazon has something similar where you type in your username and then use a radio button to select "I'm a new customer" or "I have a password." They have to specify on login which they want, and then they click "Login" to either login or signup (depending on their selection.)
Doing it that way makes it more intentional for a user to either login or signup.

<html>
<head>
<script type="text/javascript">
function show_confirm()
{
var c=confirm("Do you want to create an account?");
if (c==true)
{
document.getElementById("frm1").setAttribute("action","create.php");
}
document.getElementById("frm1").submit();
}
</script>
</head>
<body>
<form id="frm1" action="login.php">
<label for="email">Email:</label>
<input type="text" name="email" />
<label for="password">Password:</label>
<input type="password" name="password" />
<input type="button" onclick="show_confirm()" value="Submit" />
</form>
</body>
</html>

How to do a ajax request for login

I have this in my PHP code, and it currently does the login request in the same login.php page but now i want to do it with Ajax. Basically I have this in the login.php
echo '<form method="post" ><div id="login" class="login">
<label for="login">User Name</label>
<input type="text" name="logInUsername" />
<label for="Password">Password</label>
<input type="password" name="logInPassword" />
<input type="submit" value="Submit" name="submitlogin" class="button" />
</div>';
I would like to still use this but have a login_request.php or something where i can send the username and password validated and then change the <div id=login> to say you are logged in!</div> I can do it the conventional way, with the form post .. but now I would like to try it with Ajax.
Any help will be much appreciated.
Regards

What have you tried so far? This is how I would start:
This should get you started:
HTML:
<form id="loginForm">
<div id="login" class="login">
<label for="login">User Name</label>
<input type="text" name="logInUsername" />
<label for="Password">Password</label>
<input type="password" name="logInPassword" />
<input type="button" value="Submit" id="submitlogin" class="button" />
</div>
</form>
jQuery:
$("#submitlogin").click(function() {
inputs = //grab then inputs of your form #loginform
$.ajax ({
url: "urltoyourloginphp.php",
data: inputs,
success: function() {
$("#login").html("You are now logged in!");
}
});
})

I wrote this a while ago, it's not quite a full ajax login (i.e. at the end it does still redirect you), but it may serve as a basis for a full ajax login. As a plus you actually don't need https (that was the whole point of this little project).
https://github.com/eberle1080/secure_http_login/blob/master/login.php
The high level steps go something like this:
Ask the server for a seed value (a salt) using an ajax request
Hash the password + seed using a sha1 sum
Ask the server to verify the username and salted + hashed password
If it's valid, the server sets a session cookie indicating that the user is logged in
The server responds to the ajax request with a success / fail message

jQuery has built in .post() and .serialize() methods for wrapping up a form.
$.post("login.php", $("#loginForm").serialize(), function(data) {
//pass information back in with data. if it's JSON, use $.parseJSON() to parse it.
alert('either logged in or errored');
);
You will also need to edit your form so it has an id, like: <form id="loginForm">...

I don't know PHP but will give you an example of how I would have done it with vbscript (classic asp) so you may try to adapt it to PHP as needed.
I, in my applications, don't use the form tag since I first used ajax. So, here we go:
login html page:
include jquery
<script type='text/javascript' src='your-jquery-url'></script>
<script type='text/javascript'>
function tryLogin() {
var inputs='userName='+$('logInUsername').val()+
'&userPassw='+$('logInPassword').val();
//notice that I changed your name= to id= in the form
//notice the '&' in the '&userPassw=
$.post('your-login-validation-page',inputs,function(data) {
eval('var json='+data);
if (json['success'] == 'true') {
$('#loginForm').html('<p>Congratulations! You\'ve been logged in successfully</p>')
} else {
alert(json['errorMessage']);
$('#logInUsername').focus();
}
});
}
</script>
<div id='loginForm' >
<label for="login">User Name</label>
<input type="text" id="logInUsername" />
<label for="Password">Password</label>
<input type="password" id="logInPassword" />
<button onClick='tryLogin(); ' >LOGIN</button>
</div>
login-validation-page
[in vbscript]
user = request.Form("userName")
passw = request.Form("userPassw")
"if is there this user" (coded as if there was a database look up...)
"if the password = passw" (coded as comparing the values)
response.write "{'sucess':'true'}"
else
response.write "{'success':'false','errorMessage':'wrong password'}"
end if
else
response.write "{'success':'false','errorMessage':'user not found'}"
end if
---> end of login-validation-page

Categories