Html form action field is not executed

Question

This form is written to get login details from user & provide the details in the login page where the login.php file is executed.

<div id="log_btn">
<section id="form_before_launch">
<p style="font-family: Arial, Helvetica, sans-serif;">LogIn</p>
<form action="login.php" id="form" method="POST" onsubmit="return false">
    <div>
        <div>
            **<!-- Fields of Login page -->**
            <input type="text" id="username" name="uname" placeholder="Username" required />
        </div>
        <div>
            <input type="password" id="password" name="pass" placeholder="password" required />
        </div>
        **<!-- Captcha is Displayed in id="ip" & users enters the captcha in id "op" on Submit login page is executed -->**
        <div>
            <input type="text" id="ip" name="ip" />
            <br>
            <input type="text" id="op" name="op" />
        </div>
        <br><br><br>
        <div id="btn">
            <input type="submit" id="submit" value="Log In" />
        </div>
</form>
</div>

The login.php part if you need to see test the form is really sending the input result to the login.php

    <?php

$servername = "localhost";
$username   = "root";
$password   = "";
$dbname     = "Train";
$conn       = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $ip_uid  = $_POST['uname'];
    $ip_pass = $_POST['pass'];
    $ip      = $_POST['ip'];
    $op      = $_POST['op'];
}
function input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
$sql    = "SELECT user_name,pass FROM `Reg_User` WHERE user_name='$uid' AND pass='$pass'; ";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
    while ($row = mysqli_fetch_assoc($result)) {
        $user_name = $row["user_name"];
        $pass      = $row["pass"];
    }
}
if ($ip_uid == $user_name && $ip_pass == $pass) {
    $_COOKIE['$user_name'] = $user_name;
    echo " <script> alert('Successfully Logged IN');";
    header('Location: http://localhost/TrainProject/Landing_page.php');
} else {
    echo " <script> alert('Wrong Credentials Login failed');";
    header('Location: http://localhost/TrainProject/new_home.html');
}

?>

why is this tagged as php? there's no code for it; so where is it? and how are you accessing this as? — Funk Forty Niner, Apr 26 '17 at 17:48
I think there is something wrong in the login.php file the html error is solved by @David answer — Tejas Patil, Apr 26 '17 at 18:18

score 7 · Accepted Answer · answered Apr 26 '17 at 17:27

7

You're explicitly canceling the form submission:

onsubmit="return false"

If you want the form to submit, remove that.

answered Apr 26 '17 at 17:27

David

208,112
36
198
279

i removed onsubmit = "return false" still the same – Tejas Patil Apr 26 '17 at 17:34
@TejasPatil: Works for me: https://jsfiddle.net/1qntm17e/ Do you have code that reliably demonstrates the problem? – David Apr 26 '17 at 17:36
@David probably because of their missing "php". And Lord only knows "how" they're accessing that file. – Funk Forty Niner Apr 26 '17 at 17:48
OP"s AWOL. I posted a comment under the question; nothing. Well... I guess this one's an "unclear" for me. – Funk Forty Niner Apr 26 '17 at 17:56

score 1 · Answer 2 · edited Apr 26 '17 at 18:02

1

Change to

<div id="log_btn">
    <section id="form_before_launch">
    <p style="font-family: Arial, Helvetica, sans-serif;">LogIn</p>
    <form action="login.php" id="form" method="POST">
        <div>
            <div>
                **<!-- Fields of Login page -->**
                <input type="text" id="username" name="uname" placeholder="Username" required />
            </div>
            <div>
                <input type="password" id="password" name="pass" placeholder="password" required />
            </div>
            **<!-- Captcha is Displayed in id="ip" & users enters the captcha in id "op" on Submit login page is executed -->**
            <div>
                <input type="text" id="ip" name="ip" />
                <br>
                <input type="text" id="op" name="op" />
            </div>
            <br><br><br>
            <div id="btn">
                <input type="submit" id="submit" value="Log In" />
            </div>
    </form>
    </div>

your problem in the html has the paramter onsubmit="return false"

edited Apr 26 '17 at 18:02

Jay Blanchard

34,243
16
77
119

answered Apr 26 '17 at 17:33

Otávio Barreto

1,536
3
16
35

2

Why should the OP "change to" this code? A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Apr 26 '17 at 17:40
1

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 26 '17 at 17:58
1

**Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Apr 26 '17 at 17:58
1

Let's not teach/propagate sloppy and dangerous coding practices. If you post an answer without prepared statements [you may want to consider this before posting](http://meta.stackoverflow.com/q/344703/). Additionally [a more valuable answer comes from showing the OP the right method](https://meta.stackoverflow.com/a/290789/1011527). – Jay Blanchard Apr 26 '17 at 18:00
why down voted? It was his mysql code he edited the answer and added the mysql it's not my code. – Otávio Barreto Apr 26 '17 at 18:00
2

Because it looks like you edited the code. Seems the OP edited for you - incorrectly. – Jay Blanchard Apr 26 '17 at 18:02
Thank you for your advice on SQL Injection Attacks @JayBlanchard – Tejas Patil Apr 26 '17 at 18:03
1

@TejasPatil: **Do not** vandalize people's answers. – David Apr 26 '17 at 18:04
1

Sorry I am new to stackoverflow @David I accidentally edited the answer – Tejas Patil Apr 26 '17 at 18:07
Tejas if your problem is solved you should check the answer as right – Otávio Barreto Apr 26 '17 at 18:08
I am still having the same issue onsubmit i stay on the same page login.php is not executed – Tejas Patil Apr 26 '17 at 18:09
Did you change your vars from `input($_POST['uname']);` to `$_POST['uname']` ? – Otávio Barreto Apr 26 '17 at 18:11
make sure your db config is right , also test the request with `echo $_POST['uname'];` if value is not received make sure you have a .htacess if so it's probally blocking the request. – Otávio Barreto Apr 26 '17 at 18:22

Html form action field is not executed

2 Answers2