Html form seems to be submitting to the wrong place?

Question

Recently, for no 'apparent' reason, my login form started to redirect to my website's 404 page, and I don't see the cause anywhere.

 <?php echo '<form action="http://' . $_SERVER['SERVER_NAME'] . '/login" method="post">'; ?>
 <li><input type="text" name="username" placeholder="Username"></li>
 <li><input type="password" name="password" placeholder="Password"></li>
 <li><input type="submit" value="Login"></li>
 </form>

Yet for some reason, it still redirects to the 404 page, when <?php echo'http://' . $_SERVER['SERVER_NAME'] . '/login is the exact same page. Apart from when the user is successfully logged in, there is no other redirecting, which goes to a different page. I just don't see what's causing this, can anyone else work out why?

EDIT: My .htaccess is

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?page=$1

Authentication code:

<?php
if(empty($_POST) === false) {
   $username = $_POST['username'];
   $password = $_POST['password'];

   if(empty($username) === true || empty($password) === true) {
      $errors[] = 'You need to enter a username and password.';
   } else if (user_exists($username) === false) {
      $errors[] = 'We can\'t find that username. Have you registered?';
   } else if (user_active($username) === false) {
      $errors[] = 'You haven\'t activated your account!';
   } else if(strlen($password) > 32 ) {
        $errors[] = 'Password to long.';
   }
     $login = login($username, $password);
     if($login === false){
       $errors[] = 'That username/password combination is incorrect.';
     }else{
        $_SESSION['user_id'] = $login;
        header('Location: ' . $_SERVER['SERVER_NAME'] . '/?msg=1');
        exit();

     }
   }
if(empty($errors)===false){
?>
    <h1>We tried to log you in, but....</h1>
<?php
     print_r($errors);
} ?>

Have you recently modified any rewriterules in your .htaccess file? — Oldskool, Nov 24 '12 at 21:05
please be more specific! Can you also write the result when the page is displayed what is shown in the source code? — Subho Halder, Nov 24 '12 at 21:06
You should probably be using HTTP_HOST not SERVER_NAME. See this http://stackoverflow.com/questions/2297403/http-host-vs-server-name — Popnoodles, Nov 24 '12 at 21:11
@Oldskool No, though I have edited it to show my .htaccess as well — ChocCookieRaider, Nov 24 '12 at 21:11
Is is me, or it is possible to submit a value without initiating a name `name="submit"` — samayo, Nov 24 '12 at 21:14

score 0 · Accepted Answer · 2012-11-24T21:41:02.773

0

Can you leave out the $_SERVER[] arrays and use static url, just for debugging? like:

<form method="POST" action="url.php">
<li><input type="text" name="username" placeholder="Username"></li>
<li><input type="password" name="password" placeholder="Password"></li>
<li><input type="submit" value="Login" name="submit"></li>
</form>

and:

 header('Location: url.php?msg=1');

If it is giving you a 404 Error, it must be either from this or your .htaccess Debug it this way and let us know.

edited Nov 24 '12 at 21:41

answered Nov 24 '12 at 21:06

The submit hasn't done anything, though when I tried using your SERVER_SELF, it just submits everything to http://login/ – ChocCookieRaider Nov 24 '12 at 21:17
Well show us the login authentication code, it could be where the problem is lying. – Nov 24 '12 at 21:20
You say it must be a .htaccess bug, but when I change the 404 page, it goes to the updated 404 page, so somewhere there must be a redirect? – ChocCookieRaider Nov 24 '12 at 21:49
What is the url like for the 404 page – Nov 24 '12 at 21:51
I've created login.php on the web root, with the authentication code, and made the form submit to there, I still get redirected to the 404. – ChocCookieRaider Nov 24 '12 at 21:53
the delete the .htaccess and try again. – Nov 24 '12 at 21:56
I've found the cause. The redirect when you've logged in was missing http://, causing it to go to an unexisting page, going to the 404 page. Sorted now, tyvm! – ChocCookieRaider Nov 24 '12 at 21:56
No problem. That is why it is good to debug with static url first. – Nov 24 '12 at 21:57

score 0 · Answer 2 · answered Nov 24 '12 at 21:09

There's many possible reasons why. Here's some troubleshooting tips:

<?php echo '<form action="http://' . $_SERVER['SERVER_NAME'] . '/login" method="post">'; ?>

Clearly there is something wrong with the url that's being filled into the action of the form:

The "page" in the code above is login in your action. Is it a page, or a directory, or do you have rewrites on? Should the url point to login.php or login.html instead of just login?
When you view source of the rendered page in your browser, what do you see in the action of the form? Is it a legitimate url? If you copy/paste the url into your browser, what do you get?
When using forms like this, any reason you wouldn't just have the action be /login? Server variables should not be relied upon like this, and since you're going to the same url, why not remove the complexity and just go with /login as the action?
Are you using url rewrites? Have the rules changed, or has an htaccess file been modified/moved?

With 1. The actual page is in the directory called pages, but the file is called login.html and this also ties in with 4.m because when you go to /login, .htaccess rewrites it as index.php?page=login which then in turn includes the login page along with the header and footer. Change the action to just /login still has the same effect of going to the 404 page as well. And in the browser it is a legitimate url, going to the same page. — ChocCookieRaider, Nov 24 '12 at 21:22

Html form seems to be submitting to the wrong place?

2 Answers2