Submit form post to login
Question
I have the following HTML file where the user will enter their username and password and click on the submit button.
<form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
<div id="main_body" class="full-width">
<label>Username:</label>
<input type = "text"
id = "usernameLogin"
name="pat_username">
<label>Password:</label>
<input type = "password"
id = "passwordLogin"
name="pat_password">
<input type="submit" onclick="click_button_login()" value="Login" name="submit" id="submit"/>
</div>
</form>
The PHP file should they connect to my database and check whether the users details entered are corrent. The database connection is there as I have tested this before. Once the user clicks on the submit button this error appears: Cannot POST /http-services/emulator-webserver/ripple/userapp/x/C/xampp/htdocs/xampp/glove_project_php/www/userlogin.php
<?php
if(isset($_POST["submit"])){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
$newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
$result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
if (mysqli_num_rows($result)) {
header("Location: mainmenu.html");
}
else
{
header("Location: index.html");
}
$conn->close();
}
?>
Is there a different way of calling this PHP file to work on an emulator? This code works perfectly on localhost.
2 answers
solution1
0 2016-04-01 19:21:46
Why are you checking if $_POST["submit"] exists in the $_POST superglobal? I believe you should be checking if the variables you sent are set:
change:
if(isset($_POST["submit"]))
to:
if ((isset($_POST["pat_username"]))&&(isset($_POST["pat_password"])))
and let me know if the error persists.
solution2
0 2016-04-01 20:10:37
Your form, you should working on security and eliminating auto submission, this eliminates auto submission as form contains SESSION_ID() which are unique on web browsing session.
<Form Name ="form1" Method ="POST" ACTION = "userlogin.php" id="form1">
<div id="main_body" class="full-width">
<br>
<br>
<label>Username:</label>
<input type = "text"
id = "usernameLogin"
name="pat_username"> <br>
<br> <label>Password:</label>
<input type = "password"
id = "passwordLogin"
name="pat_password"> <br><button value="<?php echo session_id() ?>" type="submit" name="login_check">Login</button>
</div>
</Form>
//your login check page, there is so much of security risk. Password should be encrypted. Please use SALT , hash/md5/sha for encryption . And also for the query use sprintf as like this its just an example though
##SPRINTF EXAMPLE CODE
//$query = sprintf('SELECT * FROM TABLE WHERE username = "%s" AND password = "%s"',mysql_real_escape_string($username),mysql_real_escape_string($password));
#### EXAMPLE END HERE##
<?php
if(isset($_POST["login_check"]) && $_POST['login_check']==session_id()){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "dbname";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']);
$newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);
$result = $conn->query("SELECT * FROM tablename WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");
if (mysqli_num_rows($result)) {
header("Location: mainmenu.html");
}
else
{
header("Location: index.html");
}
$conn->close();
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.