Help - Search - Members - Calendar
Full Version: post method in form doesn't work
HTMLHelp Forums > Programming > Server-side Scripting
DrragoGangsta
I got this Code:
CODE
<?php
$control = 0;
session_start();
if (!isset($_SESSION["username"]) && !isset($_GET["page"])) {
    $control = 0;
}
if ($_GET["page"] == "log") {
    $user = $_GET["user"];
    $password = $_GET["password"];
    if ($user == "Example" && $password == "12345") {
        $_SESSION["username"] = $user;
        $control = 1;
    } else {
        $control = 2;
    }
}
?>
<html>
<head>
    <link href="css/style.css" rel="stylesheet" type="text/css"/>
    <link href="css/index.css" rel="stylesheet" type="text/css"/>

    <title>Login</title>
    <?php
    if ($control == 1) {
    ?>
        <meta http-equiv="refresh" content="3; URL=seite2.php">
    <?php
    }
    ?>
</head>
<body>
<?php
if ($control == 0) {
?>
    <div class="login">
        <h1>Login</h1>
        <form method="post" action="index.php?page=log">
            <input type="text" name="user" placeholder="Username" required="required"/>
            <input type="password" name="password" placeholder="Password" required="required"/>
            <button type="submit" class="btn btn-primary btn-block btn-large">Login</button>
        </form>
    </div>
<?php
}
if ($control == 1) {
?>
    <p>Login successful, you will be redirected...</p>
<?php
}
if ($control == 2) {
?>
    <p>Wrong username or password, <a href="index.php">try again</a>.</p>
<?php
}
?>
</body>
</html>

but it doesn't matter what I enter as username and password, $user and $password are always null, I don't have any idea why, can you help me?
CharlesEF
This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values.
DrragoGangsta
QUOTE(CharlesEF @ Jan 17 2016, 02:13 PM) *

This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values.

When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong?
CharlesEF
QUOTE(DrragoGangsta @ Jan 17 2016, 01:30 PM) *

QUOTE(CharlesEF @ Jan 17 2016, 02:13 PM) *

This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values.

When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong?

In theory, yes it should. But as I said it is overly complicated. It can be done much easier. Example, it looks like you use the query string 'page=log' only to test if the submit button was clicked. That's not needed at all. Tell you what, post your HTML login form only, no PHP or anything extra, just the login form. Then I can show you a much better way to do things.
DrragoGangsta
QUOTE(CharlesEF @ Jan 17 2016, 03:02 PM) *

QUOTE(DrragoGangsta @ Jan 17 2016, 01:30 PM) *

QUOTE(CharlesEF @ Jan 17 2016, 02:13 PM) *

This is a bad design IMHO. You are not testing to check if the submit button was clicked so your code runs when the page is loaded. And, of course everything will be blank at that time. And what's with the '$control' variable? Seems overly complicated to me. Plus you never read the values of '$_POST["user "]' and '$_POST["password "]'. Your method is POST not GET. $_GET will read the query string while $_POST will read the posted values.

When I load the site it's blank, yes, but when I click the submit button it should reload the script and work or am I wrong?

In theory, yes it should. But as I said it is overly complicated. It can be done much easier. Example, it looks like you use the query string 'page=log' only to test if the submit button was clicked. That's not needed at all. Tell you what, post your HTML login form only, no PHP or anything extra, just the login form. Then I can show you a much better way to do things.

You mean this?:
CODE
<form method="post" action="index.php?page=log">
            <input type="text" name="user" placeholder="Username" required="required" autocomplete="off"/>
            <input type="password" name="password" placeholder="Password" required="required"/>
            <button type="submit" class="login_btn">Login</button>
        </form>

Actually I just wanted to get a Loginform with a Button, two input-boxes and an Error- and Success-Message.
CharlesEF
I think this does what you want. If this is for a web site then more work needs to be done. User name and password would most likely come from a database of users. If login was successful then you would redirect to another page. $_POST values would need to be validated to guard against SQL injection attacks, etc...
CODE
<?php
if(isset($_POST['submit']))
{
$user = $_POST["user"];
$password = $_POST["password"];
if ($user == "Example" && $password == "12345")
{
  $status = '<h4 class="success">You have successfully logged in.</h4>';
}
else
{
  $status = '<h4 class="error">User and Password don\'t match.</h4>';
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login Sample</title>
<style>
.error
{
  color: #FF0000;
}
.success
{
  color: #008000;
}
</style>
</head>
<body>
<?php if(isset($status)) echo($status);?>
<form method="post" action="<?php echo(htmlspecialchars($_SERVER['REQUEST_URI']));?>" accept-charset="UTF-8">
  <input type="text" name="user" placeholder="Username" required="required" autocomplete="off">
  <input type="password" name="password" placeholder="Password" required="required">
  <button type="submit" class="login_btn" name="submit">Login</button>
</form>
</body>
</html>

Study the code and ask any questions for things you don't understand.
DrragoGangsta
thank you verry much, I study the code tomorrow (I live in Germany, it's time to sleep here wink.gif) If I got questions, I'm gonna ask
CharlesEF
QUOTE(DrragoGangsta @ Jan 17 2016, 03:07 PM) *

thank you verry much, I study the code tomorrow (I live in Germany, it's time to sleep here wink.gif) If I got questions, I'm gonna ask

Not a problem, ask questions when you are ready. Here is another version, it doesn't use the required attribute, in case the browser doesn't support it. Server side validation should be done anyway, even if the browser does support it.
CODE
<?php
$errors = array();

function validateForm($errors)
{
$valid = true;
if($_POST["user"] == '')
{
  $errors['user'] = "Username can't be blank.";
  $valid = false;
}
if($_POST["password"] == '')
{
  $errors['password'] = "Password can't be blank.";
  $valid = false;
}
return $valid;
}

if(isset($_POST['submit']))
{
if(validateForm(&$errors))
{
  $user = $_POST["user"];
  $password = $_POST["password"];
  if($user == "Example" && $password == "12345")
  {
   $status = '<h4 class="success">You have successfully logged in.</h4>';
  }
  else
  {
   $status = '<h4 class="error">Username and Password don\'t match.</h4>';
  }
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Login Sample</title>
<style>
.error
{
  color: #FF0000;
}
.success
{
  color: #008000;
}
</style>
</head>
<body>
<?php if(isset($status)) echo($status);?>
<form method="post" action="<?php echo(htmlspecialchars($_SERVER['REQUEST_URI']));?>" accept-charset="UTF-8">
  <input type="text" name="user" placeholder="Username" autocomplete="off" value="<?php if(isset($_POST['user'])) echo($_POST['user']);?>">
  <span class="error"><?php if(isset($errors) && array_key_exists('user', $errors)) echo($errors['user']);?></span><br>
  <input type="password" name="password" placeholder="Password" value="<?php if(isset($_POST['password'])) echo($_POST['password']);?>">
  <span class="error"><?php if(isset($errors) && array_key_exists('password', $errors)) echo($errors['password']);?></span><br>
  <button type="submit" class="login_btn" name="submit">Login</button>
</form>
</body>
</html>
CharlesEF
Oh yeah, you can put the required attribute back in the 2 HTML elements. They provide client side verification and you should still have server side verification also.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.