if(isset($_POST['submit'])) doesn't work

Question

I know there are a lot of questions here with the same title and problem but I've checked all of my syntax and I really have no clue why this doesn't work anymore (some time ago, it did work).

<?php
include_once("../../database/db_connect.php");
include '../../chromephp-master/ChromePhp.php';
date_default_timezone_set('Europe/Amsterdam');

session_start();

ChromePhp::log('Start...');

if(!isset($_SESSION['username']) && !isset($_SESSION['password'])) {

    ChromePhp::log('Nothing in the SESSION.');

    if(isset($_POST['submit'])){
        ChromePhp::log('Lets have a look at the data...');
        (...)
        ChromePhp::log('Login successful!');

        header('Location: news.php');
    } else {
        ChromePhp::log('Empty form.');
    }

} else {
    header('Location: news.php');
}
?>

My form looks as follows:

<form method="post" action="site/users/login" >
    <input type="text" name="username" value="Gebruikersnaam" /><br /><br />
    <input type="password" name="pwrd" value="Wachtwoord" /><br /><br />
    <input type="submit" name="submit" value="&nbsp;Log in&nbsp;" />
</form>

The form is on the same page as the PHP code; I point the action to "site/users/login" because in the head of the HTML page, I set <base href="../../"> .

When I submit the form, the page reloads and the log says "Start...", then "Nothing in the SESSION." and finally "Empty form.".

What am I doing wrong? All help is appreciated!

EDIT: This is the content of my htaccess file:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

Answer 1

I think that it worked for you because you were logged in ( $_SESSION['username'] and $_SESSION['password'] were filled).

So, use data from $_POST to sign in user ( $_POST['username'] and $_POST['pwrd'] ).

Answer 2

There are several possible reasons why posted data does not arrive at your PHP page.

One could be that the .htaccess file has rules that are responsible for this effect. But after the contents were published in the question, it became clear that this was not the case.

Another could be that the script sends a redirection to (eventually) the same page, thereby losing the posted data. Once you mentioned in comments that you noticed that the browser reloaded the page right after submission, it became clear that this was the candidate cause to look for.

Redirection is typically done with this kind of code:

header("location: some-URL");

... and certainly when the argument contains a self-reference, like this:

header('Location: '.$_SERVER['PHP_SELF']);

The code you posted did not contain such statement, at least not one that explains the behaviour, but there are some included scripts:

• ../../database/db_connect.php
• ../../chromephp-master/ChromePhp.php

and also some dots ... , where we don't know what happens (includes could be there as well).

If any of these parts performs such a redirection, it could be at the cause of the problem. We can ignore ChromePhp which is a publicly available library and does not do such things.

So, at least db_connect.php but also all other included files (either directly or via other included files), should be scanned for code that redirects.

If you find such redirection, check if it is reasonable to keep that code -- as not all redirection is bad. But certainly self-redirections should be analysed: are they really necessary, knowing that any posted data will thereby be ignored?

So replace the causing header() statement(s) by more appropriate code and your problem should be solved.

As a side note: it is better not to put HTML entities inside a value attribute of an HTML element, like you have here:

 <input type="submit" name="submit" value="&nbsp;Log in&nbsp;" />

If you need the spacing, just enter plain spaces:

 <input type="submit" name="submit" value=" Log in " />

Answer 3

You have forgot '.php' after 'site/users/login'.

I have tried your code in simpler version and successed. The code like this:

<?php
    if( isset($_POST['submit']) ){
        echo $_POST['submit'];
    }
?>

<!DOCTYPE html>
<html>
<head>
    <title></title>
    <base href="../../">
</head>
<body>
    <form method="post" action="algorithm/debug_login.php" >
        <input type="text" name="username" value="Gebruikersnaam" /><br /><br />
        <input type="password" name="pwrd" value="Wachtwoord" /><br /><br />
        <input type="submit" name="submit" value="&nbsp;Log in&nbsp;" />
    </form>
</body>
</html>