从onsubmit按钮调用html函数和php文件

Question

I have an html form in login.php where a user inputs a username and password. I then validate that they entered data in both fields with html function validateForm(). If this returns true I want to call check_user_pw.php file that validates that the username is valid and that their password has not expired against the database using OCI. If this returns true, I want to submit the form for login via $str_submit. I need the check_user_pw.php file to run after the user enters data in the form in order to query the database for the information they entered. Can you please tell me how to add the php file to the onsubmit button so that both the validateForm() and check_user_pw.php are executed prior to the form submitting? And, can I return a boolean value like a function from a php file or should I use a parameter to pass back to the login.php to determine if I submit the form or not?

login.php (partial code):

<?php  

<script>  
function validateForm()  
{  
var u=document.forms["LoginForm"]["ssousername"].value;  
var p=document.forms["LoginForm"]["password"].value;  
var x=new Boolean(true);  

if (u==null || u=="" || p==null || p=="")  
 {  
 alert("Username and password must be entered");  
 x=false;  
 }  
return x;  
}    
</script>  

<form action="<? php print($str_submit) ?>" onsubmit="return validateForm()" method="post" name="LoginForm" AutoComplete="off">  
<input type='hidden' name='site2pstoretoken' value='<?php print($str_token) ?>'>   
<input type='hidden' name='W_url' value='<?php print($str_submit) ?>'>  
<input type='hidden' name='subscribername' value='<?php print($subscribername) ?>'>  
<table id="logintab">  
<tr><td><font class="standard_div">User Name:</font></td><td><input type='text' name='ssousername' size='25' maxlength='30' value=''></td>  
<td><div class="notes_div">(not case sensitive)</div></td></tr>
<tr><td><div class="standard_div">Password:</div></td><td><input type='password' name='password' size='25' maxlength='30' value=''></td>  
<td><div class="notes_div">(case sensitive)</div></td></tr>   
</table>  
</form>  
<?  

check_user_pw.php:

<?php    
$ssousername = $_POST['ssousername'];   
$ssousername = strtoupper($ssousername);   

//Clear out variables  
unset($g_enabled_yn, $g_msg, $g_pw_last_chg, $pw_to_exp);  

$today = date('m/d/y');  
$today_p10 = date('m/d/y', strtotime('+' . 10 . ' days'));  //today + 10 days  

$c = ocilogon("a_imps", "*******", "test");  

//Check if user enabled.  
$s = ociparse($c, "begin a_imps.is_portal_user_enabled(:bv2, :bv3, :bv4); end;");  
ocibindbyname($s, ":bv2", $ssousername);     //input bind variable  
ocibindbyname($s, ":bv3", $g_enabled_yn,1);  //output bind variable  
ocibindbyname($s, ":bv4", $g_msg,300);       //output bind variable  
ociexecute($s);

 //Check pw expiration.  
$s = ociparse($c, "begin :bv := ods.get_last_pwchg(:bv2); end;");    
ocibindbyname($s, ":bv2", $ssousername);    //input bind variable  
ocibindbyname($s, ":bv",  $g_pw_last_chg, 8); //output bind variable    
ociexecute($s);  
ocilogoff($c);    

$ssousername = strtoupper($ssousername);  
GLOBAL $ret;  
$ret = true;  

if ($g_enabled_yn == "N")  //If account disabled, display message.-->  
{         
  ?>  
  <script>  
    alert("<? php print($g_msg) ?>");  
  </script>  

  <script>  <!--Clear history and go back to main page-->  
    var Backlen=history.length;    
    history.go(-Backlen);              
    window.location.href="http://imps-forms.main_page"  
  </script>   

  <?php          
  $ret = false;  
}  
else  

  if ($g_pw_last_chg != "" && $g_pw_last_chg != null)  
  { 
    //60 days from last chg pw date, pw will expire.  Change nbr below to 60  
    $pw_to_exp = date('m/d/y', strtotime($g_pw_last_chg. '+' . 80 . ' days'));  

    if ($pw_to_exp <= $today)  
    {  
       ?>       
       <script type="text/javascript">  
         alert("Your password expired on <?php echo $pw_to_exp; ?>");  
       </script>  

       <script>  <!--Clear history and go back to main page-->  
         var Backlen=history.length;    
         history.go(-Backlen);  
         window.location.href="http://imps-forms.main_page"  
       </script>  

       <?php  
       $ret = false;  
    }   
  }  
return $ret;  
?>  

Answer 1

Read about AJAX and maybe JSON. With this you can do that Task. But one can fake your Form so that none of your Javascripts will work. In this case you will have to validate the user on server side. Your approach in this form seems not right you should also read about security in forms and look at other login scripts first.