0

I am making a simple PHP login with POST. However, every time I load the page, the function gets fired before I even hit submit on the html form. I have tried the method below and isset($_POST['submit']) but both ways are firing every single time I load the page. How do I stop this from occuring? Thank you.

//PHP CODE ABOVE HTML

    <?php
    
    $serverName = "localhost";
    $dBUserame = "blake";
    $dBPassword = "password";
    $dBName = "database";
    
    session_start();
    
    $conn = mysqli_connect($serverName, $dBUserame, $dBPassword, $dBName);
    
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
    
    
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
    
        $email = mysqli_real_escape_string($conn, $_POST['email']);
        $password = mysqli_real_escape_string($conn ,$_POST['password']);
    
            $sql = "SELECT * FROM users WHERE email = '$email' AND password = '$password'";
    
            $result = $conn->query($sql);
    
            if ($result->num_rows > 0) {
    
                $_SESSION['useremail'] = $email;
    
                header('Location: https://allevohealth.com/admin/newsletter/contacts.php');        
    
                // output data of each row
    
                while ($row = $result->fetch_assoc()) {
    
                   $_SESSION['name'] = $row["fullname"];
    
                   $_SESSION['email'] = $row["email"];
    
                   $_SESSION['useridid'] = $row["id"];
    
                   echo "<br> Full Name: ". $row["fullname"]. " - Email: ". $row["email"]. " " . $row["passsword"] . "<br>";
    
                }
            } else {
    
                echo "0 results";
            }
    
            $conn->close();
    }
    
    ?>


//HTML CODE BELOW PHP

                <div class="col-lg-12 row justify-content-center">
                    <div class="col-lg-4 col-md-8 col-sm-9 mb-5">
                        <div class="p-5" style="border-radius: 20px !important; background-color: #161621">
                            <form id="myform" method="post">
                                <h2 class="h4 text-white mb-5">ACCOUNT LOGIN</h2>
                                <div class="row form-group">
                                    <div class="col-md-9">
                                        <label class="text-white" for="email">EMAIL</label>
                                        <input type="email" id="input-email" name="email" class="form-control rounded-0">
                                        <p id="result" style="padding-top: 2%; font-weight: bold;"></p>
                                    </div>
                                </div>
                                <div class="row form-group">
                                    <div class="col-md-7 mb-3 mb-md-0">
                                        <label class="text-white" for="password">PASSWORD</label>
                                        <input type="password" name="password" id="input-password" class="form-control rounded-0">
                                    </div>
                                </div>
                                <div class="row form-group">
                                    <div class="col-md-12" style="padding-top: 5%">
                                    </div>
                                </div>
                                <input type="submit" name="submit" value="LOGIN" style="width: 150px" class="btn btn-primary mr-4 mb-2">
                            </form>
                        </div>
                    </div>
                </div>
Blake Price
  • 43
  • 6
  • This post happens on clean page load? or on reload/refresh/F5? – Ron Jul 07 '22 at 15:57
  • Does this answer your question? [How to implement 303 redirect?](https://stackoverflow.com/questions/13003192/how-to-implement-303-redirect) – Ron Jul 07 '22 at 15:57
  • @Ron on clean page load and refresh/reload – Blake Price Jul 07 '22 at 16:10
  • setting a header then echoing won't work look at your source your see *Warning: Cannot modify header information - headers already sent by (output started at /var/www/allevohealth.com/public_html/admin/login.php:48) in ...*, then what your doing is clicking reload in browser which will repeat the POST request – Lawrence Cherone Jul 07 '22 at 16:22
  • @LawrenceCherone okay I removed the echos, but still even on initial page load, it is firing the post and attempting to query sql? – Blake Price Jul 07 '22 at 16:59
  • What do you get if you do `var_dump($_SERVER["REQUEST_METHOD"]); var_dump($_POST);`? – aynber Jul 07 '22 at 17:01
  • @aynber string(3) "GET" array(0) { } – Blake Price Jul 07 '22 at 17:07
  • Then there's no way it should be getting into your if statement. How do you know it's firing the function? And by firing the function, do you mean going inside the POST block? If you add some debugging lines, such as `echo "On line ".__LINE__."
    ";`, at various points in the script (before the if statement, inside if of it in random spots), what do you get?     – aynber Jul 07 '22 at 17:15
  • So it looks like on initial page load it does not fire, but after the first time and I refresh it keeps automatically firing the function. – Blake Price Jul 07 '22 at 17:43
  • If you refresh the page after submitting the form, the page is may be prompting you "do you want to submit this form again?" in which case it's still a POST instead of a GET request. – aynber Jul 07 '22 at 18:16
  • that is why I asked if it is after a first refresh... or on initial load... in which case the link I sent is the solution! – Ron Jul 07 '22 at 21:21

0 Answers0