PHP post sending

Question

I have a simple post form that is sending data from one page to the other, however when I press submit, the process.php says no username and password have been entered. I feel like I am missing something stupidly obvious. What am I doing wrong here?

Login.php

 <form action="login_process.php" method="POST"> 
        <h1>Login page</h1>
        <input name="username" type="text"><br>  
        <input name="password" type="password"><br>  
        <input type="submit" value="Log in">  
 </form>

login_process.php

    var_dump($_POST['username']);
    echo '<br>';
    if (!isset($_POST['username']) || !isset($_POST['password'])) {  
       echo 'U heeft geen gebruikersnaam of wachtwoord ingevoerd!'.'<br>';  
       echo 'username', $_POST['username']; 
       echo '<br>password', $_POST['password'];
       exit;  
    } else {
       $sql = "SELECT `username`,`password` FROM `users` WHERE `username` = '"  . $_POST['username'] . "' AND `password` = '" . $_POST['password'] . "'";
       echo 'Gebruikersnaam en wachtwoord goed ingevoerd.';
    }

I have just tested this and it works, are you sure that the files are in the same directory? — Can O' Spam, Feb 03 '16 at 10:10
SamSwift웃 Yeah I just downloaded and double checked it, they're in the same directory. Daan the var_dump gives me ''NULL'' — Sem Abraham, Feb 03 '16 at 10:13
@SemAbraham, instead of relocation, use `#` as the form action and `isset($_POST) { var_dump($_POST); }` on the Login.php page to check that values are being set, then you can see if it is a problem on the server, or on the form — Can O' Spam, Feb 03 '16 at 10:15
Alright it did dump the username and pass. So.. they're not being sent with the form? This is what it dumped: array(2) { ["username"]=> string(5) "admin" ["password"]=> string(5) "admin" } — Sem Abraham, Feb 03 '16 at 10:24
If i change the form action to GET everything works. But that's not really recommended with password handling :P — Sem Abraham, Feb 03 '16 at 10:40
if you use if (!isset($_POST['username']) || !isset($_POST['password'])) your program will never enter in this block because if you press submit $_POST['username'] will be set automatically but it will be null. Try using if ($_POST['username']=="" || $_POST['password']=="") instead. — Arjan Shrestha, Feb 03 '16 at 11:03

gaurav panwar · Answer 1 · 2016-02-03T11:51:26.340

1

I think this is what you need -

if ($_POST['username']=="" || $_POST['password']==""){
   echo 'U heeft geen gebruikersnaam of wachtwoord ingevoerd!'.'<br>';  
   echo 'username', $_POST['username']; 
   echo '<br>password', $_POST['password'];
   exit;  
} else {
   $sql = "SELECT `username`,`password` FROM `users` WHERE `username` = '"  . $_POST['username'] . "' AND `password` = '" . $_POST['password'] . "'";
   echo 'Gebruikersnaam en wachtwoord goed ingevoerd.';
}

But your code will have lot of security issues as someone can try to hack your application by inserting Programming logic in username and password .

The best way is - 1. Use strip_tags($input) - this will remove tags from inputs as username or passwords are not supposed to have tags ; 2. Do not store username password as it is in your DB as you are doing above , use encrypted form of text .

edited Feb 03 '16 at 11:51

answered Feb 03 '16 at 11:25

gaurav panwar

44
2
14

1

Encryption can be applied something like this - – gaurav panwar Feb 03 '16 at 11:27
My login_process page only has this in it currently: if(isset($_POST)) { var_dump($_POST); } and it still dumps NULL. So i'm not sure what's up with that, and i'm also aware the password storing is wrong, but I want to get this working first before I implement any security. – Sem Abraham Feb 03 '16 at 12:10
1

can you please just do this at the top of your php file and tell me what result you get - echo $_POST['username'] ; echo $_POST['password']; – gaurav panwar Feb 03 '16 at 12:23
1

And tell me results for this as well, Paste it at the top of your page- echo $_REQUEST['username'] ; echo $_REQUEST['password'] – gaurav panwar Feb 03 '16 at 12:25

score 0 · Accepted Answer · edited May 23 '17 at 12:23

0

Alright! Alot of the confusion came completely from my side. I had an .htaccess file in my root which was apparently blocking all POST data. I removed the .htaccess file to test and the POST data was being given to the login_process.php neatly.

See this post for more info: Seems like POST values are lost when .htaccess RewriteRule used. GET values are OK. How to fix?

edited May 23 '17 at 12:23

Community

1
1

answered Feb 03 '16 at 12:56

Sem Abraham

151
3
15

PHP post sending

2 Answers2