post method in form doesn't work |
post method in form doesn't work |
DrragoGangsta |
Jan 17 2016, 12:56 PM
Post
#1
|
Group: Members Posts: 4 Joined: 17-January 16 Member No.: 23,913 |
I got this Code:
CODE <?php $control = 0; session_start(); if (!isset($_SESSION["username"]) && !isset($_GET["page"])) { $control = 0; } if ($_GET["page"] == "log") { $user = $_GET["user"]; $password = $_GET["password"]; if ($user == "Example" && $password == "12345") { $_SESSION["username"] = $user; $control = 1; } else { $control = 2; } } ?> <html> <head> <link href="css/style.css" rel="stylesheet" type="text/css"/> <link href="css/index.css" rel="stylesheet" type="text/css"/> <title>Login</title> <?php if ($control == 1) { ?> <meta http-equiv="refresh" content="3; URL=seite2.php"> <?php } ?> </head> <body> <?php if ($control == 0) { ?> <div class="login"> <h1>Login</h1> <form method="post" action="index.php?page=log"> <input type="text" name="user" placeholder="Username" required="required"/> <input type="password" name="password" placeholder="Password" required="required"/> <button type="submit" class="btn btn-primary btn-block btn-large">Login</button> </form> </div> <?php } if ($control == 1) { ?> <p>Login successful, you will be redirected...</p> <?php } if ($control == 2) { ?> <p>Wrong username or password, <a href="index.php">try again</a>.</p> <?php } ?> </body> </html> but it doesn't matter what I enter as username and password, $user and $password are always null, I don't have any idea why, can you help me? |
CharlesEF |
Jan 17 2016, 02:13 PM
Post
#2
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values.
|
DrragoGangsta |
Jan 17 2016, 02:30 PM
Post
#3
|
Group: Members Posts: 4 Joined: 17-January 16 Member No.: 23,913 |
This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values. When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong? |
CharlesEF |
Jan 17 2016, 03:02 PM
Post
#4
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values. When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong? In theory, yes it should. But as I said it is overly complicated. It can be done much easier. Example, it looks like you use the query string 'page=log' only to test if the submit button was clicked. That's not needed at all. Tell you what, post your HTML login form only, no PHP or anything extra, just the login form. Then I can show you a much better way to do things. |
DrragoGangsta |
Jan 17 2016, 03:05 PM
Post
#5
|
Group: Members Posts: 4 Joined: 17-January 16 Member No.: 23,913 |
This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values. When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong? In theory, yes it should. But as I said it is overly complicated. It can be done much easier. Example, it looks like you use the query string 'page=log' only to test if the submit button was clicked. That's not needed at all. Tell you what, post your HTML login form only, no PHP or anything extra, just the login form. Then I can show you a much better way to do things. You mean this?: CODE <form method="post" action="index.php?page=log"> <input type="text" name="user" placeholder="Username" required="required" autocomplete="off"/> <input type="password" name="password" placeholder="Password" required="required"/> <button type="submit" class="login_btn">Login</button> </form> Actually I just wanted to get a Loginform with a Button, two input-boxes and an Error- and Success-Message. This post has been edited by DrragoGangsta: Jan 17 2016, 03:17 PM |
CharlesEF |
Jan 17 2016, 03:59 PM
Post
#6
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
I think this does what you want. If this is for a web site then more work needs to be done. User name and password would most likely come from a database of users. If login was successful then you would redirect to another page. $_POST values would need to be validated to guard against SQL injection attacks, etc...
CODE <?php if(isset($_POST['submit'])) { $user = $_POST["user"]; $password = $_POST["password"]; if ($user == "Example" && $password == "12345") { $status = '<h4 class="success">You have successfully logged in.</h4>'; } else { $status = '<h4 class="error">User and Password don\'t match.</h4>'; } } ?> <!DOCTYPE HTML> <html> <head> <title>Login Sample</title> <style> .error { color: #FF0000; } .success { color: #008000; } </style> </head> <body> <?php if(isset($status)) echo($status);?> <form method="post" action="<?php echo(htmlspecialchars($_SERVER['REQUEST_URI']));?>" accept-charset="UTF-8"> <input type="text" name="user" placeholder="Username" required="required" autocomplete="off"> <input type="password" name="password" placeholder="Password" required="required"> <button type="submit" class="login_btn" name="submit">Login</button> </form> </body> </html> Study the code and ask any questions for things you don't understand. |
DrragoGangsta |
Jan 17 2016, 04:07 PM
Post
#7
|
Group: Members Posts: 4 Joined: 17-January 16 Member No.: 23,913 |
thank you verry much, I study the code tomorrow (I live in Germany, it's time to sleep here ) If I got questions, I'm gonna ask
|
CharlesEF |
Jan 17 2016, 05:24 PM
Post
#8
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
thank you verry much, I study the code tomorrow (I live in Germany, it's time to sleep here ) If I got questions, I'm gonna ask Not a problem, ask questions when you are ready. Here is another version, it doesn't use the required attribute, in case the browser doesn't support it. Server side validation should be done anyway, even if the browser does support it. CODE <?php $errors = array(); function validateForm($errors) { $valid = true; if($_POST["user"] == '') { $errors['user'] = "Username can't be blank."; $valid = false; } if($_POST["password"] == '') { $errors['password'] = "Password can't be blank."; $valid = false; } return $valid; } if(isset($_POST['submit'])) { if(validateForm(&$errors)) { $user = $_POST["user"]; $password = $_POST["password"]; if($user == "Example" && $password == "12345") { $status = '<h4 class="success">You have successfully logged in.</h4>'; } else { $status = '<h4 class="error">Username and Password don\'t match.</h4>'; } } } ?> <!DOCTYPE HTML> <html> <head> <title>Login Sample</title> <style> .error { color: #FF0000; } .success { color: #008000; } </style> </head> <body> <?php if(isset($status)) echo($status);?> <form method="post" action="<?php echo(htmlspecialchars($_SERVER['REQUEST_URI']));?>" accept-charset="UTF-8"> <input type="text" name="user" placeholder="Username" autocomplete="off" value="<?php if(isset($_POST['user'])) echo($_POST['user']);?>"> <span class="error"><?php if(isset($errors) && array_key_exists('user', $errors)) echo($errors['user']);?></span><br> <input type="password" name="password" placeholder="Password" value="<?php if(isset($_POST['password'])) echo($_POST['password']);?>"> <span class="error"><?php if(isset($errors) && array_key_exists('password', $errors)) echo($errors['password']);?></span><br> <button type="submit" class="login_btn" name="submit">Login</button> </form> </body> </html> This post has been edited by CharlesEF: Jan 17 2016, 05:26 PM |
CharlesEF |
Jan 18 2016, 06:15 AM
Post
#9
|
Programming Fanatic Group: Members Posts: 1,981 Joined: 27-April 13 From: Edinburg, Texas Member No.: 19,088 |
Oh yeah, you can put the required attribute back in the 2 HTML elements. They provide client side verification and you should still have server side verification also.
|
Lo-Fi Version | Time is now: 29th March 2024 - 06:07 AM |