php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #18761 Simple Form Posting
Submitted: 2002-08-06 14:10 UTC Modified: 2002-08-07 14:58 UTC
From: theprizfam at charter dot net Assigned:
Status: Not a bug Package: HTTP related
PHP Version: 4.2.2 OS: Windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2002-08-06 14:10 UTC] theprizfam at charter dot net 
Posting data from a form does not work. I have included a sample login form below that used to work on older versions of PHP. I add two echo statements (which you can see in the code below) for debugging purposes. I uncoment any of the ones that print the posting data and the script works. If I uncomment the ones that print the posted data it never reaches the "Here I am!" echo just before the redirect. It works fine if the user or password are not in the database but if the password and user are correct this is when it fails (i.e. it never gets to the echo statement "Here I am!"). 

Here is the script:

<?php
	// echo ("<p>User Name = $userName, Password = $password, op = $op</p>");
	$fontColor[0] = "color=black";
	$fontColor[1] = "color=black";

$login = "no";

if ($op == "ds")
{
	$login = "yes";

	// check each required field and create an error message.
	// if any of the required fields are blank, set $login to "no".

	if ($userName == "")
	{
		$err = "<p align=\"center\"><font color=red>There are errors!</font></p>";
		$login = "no";
		$fontColor[0] = "color=red";
	}

	if ($password == "") {

		$err = "<p align=\"center\"><font color=red>There are errors!</font></p>";
		$login = "no";
		$fontColor[1] = "color=red";
	}

    if ($login == "yes")
    {

		// echo ("<p>User Name = $userName, Password = $password, op = $op</p>");
		mysql_connect('localhost', 'userlogin', 'password') or die (mysql_error());
		mysql_select_db('database') or die (mysql_error());

		$result = mysql_query ("SELECT * FROM `users` WHERE User='$userName' AND Password=PASSWORD('$password')")
				or die (mysql_error());
		// echo ("<p>User Name = $userName, Password = $password, op = $op</p>");
		if ($row = mysql_fetch_object ($result))
		{
			$userID = $row->UserID;
			$fullName = $row->FullName;
			$userType = $row->Type;
			$email = $row->Email;

			session_start();
			session_register('userID');
			session_register('fullName');
			session_register('userType');
			session_register('userName');
			session_register('password');

			echo ("<p>Here I am!</p>");
			header("Location: http://www.fancc.org/nbosp/menu.php");
			exit;
		}
		else
		{

			$login = "no";
			$err = "<p align=\"center\"><font color=red>The User or Password is incorrect!</font></p>";
		}

    }
}

$form_block = "<form action=\"http://www.fancc.org/nbosp/login.php\" method=\"POST\">
    <p>
    <font size=\"2\" $fontColor[0]><strong>User</strong></font><br>
    <input type=\"text\" size=\"20\" name=\"userName\" value=\"$userName\"><br>
    <font size=\"2\" $fontColor[1]><strong>Password</strong></font><br>
    <input type=\"password\" size=\"20\" name=\"password\" value=\"$password\"></p>
    <p><input type=\"submit\" name=\"B1\" value=\"Login\"></p>
    <p>*If you have forgotten your password press here.</p>
    <input type=\"hidden\" name=\"op\" value=\"ds\">
</form>
";

?>

<html>

<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Microsoft FrontPage Express 2.0">
<title>Spell</title>
</head>

<body background="Images/marble.jpg" bgcolor="#FFFFFF">

<p align="center"><font size="5"><strong>User Login</strong></font></p>

<hr noshade color="#000000">

<?php
		echo "$err";
		echo "$form_block";
?>

</body>
</html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-08-06 14:12 UTC] theprizfam at charter dot net 
Sorry, I ment when I comment out the echos that show the data posted it never reaches the "Here I am!" echo statement.
 [2002-08-06 14:18 UTC] jtate@php.net 
In PHP 4.2.0, the 'register_globals' setting default changed to
be off. See http://www.php.net/release_4_2_0.php for more info.
We are sorry about the inconvenience, but this change was a necessary
part of our efforts to make PHP scripting more secure and portable.
 [2002-08-06 14:19 UTC] jtate@php.net 
Just kidding.  Itchy trigger finger.
 [2002-08-06 14:52 UTC] theprizfam at charter dot net 
I checked the varialbles using phpinfo and it states that 'register_globals' is on.
 [2002-08-07 03:23 UTC] yohgaki@php.net 
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at
http://bugs.php.net/how-to-report.php

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.
 [2002-08-07 14:58 UTC] sander@php.net 
Probably dupe of #18765
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 02:01:29 2024 UTC