Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Feb 2006
    Posts
    262
    Thanks
    23
    Thanked 1 Time in 1 Post

    Post Self submit form problem

    Good day to you all,
    I'm working on a php text based login script.
    I'm at building the script to add, delete or edit account.

    Here my problem :
    When I enter a name password, it add it twice to the txt file.
    Also, it oly add the ame of the field and not it value.


    Here's my code :

    PHP Code:
    <?php


    $username 
    $_POST['username'];
    $password $_POST['password'];
    $url $_POST['url'];

    function 
    add_user($user,$url,$pass)
    {
        
    $fopen fopen('info.text''a');
        
    fwrite($fopen"\n,'".$user."' => '".$url."' => '".$pass."'");
        
    fclose($fopen);
    }

    add_user('username','password','url');
    ?> 


    <html>
       <body>
          <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
             <input type="text" name="username" />
             <input type="text" name="password" />
             <select name="url">
                <option value="Director/index.php">Director</option>
                <option value="Admin/index.php">Admin</option>
                <option value="User/index.php">User</option></select><br />

             <input type="submit" /><br />
             
             
          </form>
          
          
          Preview:<br />
          <?php if(isset($_POST['html'])) echo stripslashes($_POST['html']); ?>
          
          
          
          
       </body>
    </html>

    Thanks !
    Take care !

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Lets see if I can help explain.
    The multiple entries are due to controlling you're post. Since its a self referencing form (no problem with that), it still attempts to execute the writte even if it hasn't been submitted. Thats why you have multiple entries.
    The username/password/url appears without values because you are not providing it with values, as seen here:
    PHP Code:
    add_user('username','password','url'); 
    These are string values, not parsable variables. Here's how to kill both with one stone:
    PHP Code:
    <?php

    function add_user($user,$url,$pass

        
    $fopen fopen('info.text''a'); 
        
    fwrite($fopen"\n,'".$user."' => '".$url."' => '".$pass."'"); 
        
    fclose($fopen); 


    if (isset(
    $_POST['submit']))
    {
        
    $username = isset($_POST['username']) ? trim($_POST['username']) : '';
        
    $password $_POST['password'] ? trim($_POST['password']) : '';
        
    $url = isset($_POST['url']) ? trim($_POST['url']) : '';
        if (empty(
    $username) || empty($password) || empty($url))
        {
            print(
    "<div>Username, password and url must be selected!</div>\n");
        }
        else
        {
            
    add_user($username$password$url);
        }
    }
    ?>

    <html> 
       <body> 
          <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> 
             <input type="text" name="username" /> 
             <input type="text" name="password" /> 
             <select name="url"> 
                <option value="Director/index.php">Director</option> 
                <option value="Admin/index.php">Admin</option> 
                <option value="User/index.php">User</option></select><br /> 

             <input name="submit" type="submit" /><br /> 
              
              
          </form> 
           
           
          Preview:<br /> 
          <?php if(isset($_POST['html'])) echo stripslashes($_POST['html']); ?> 
           
           
           
           
       </body> 
    </html>
    The form needs one change, the submit must be given the name 'submit'. And I'd recommend using $_SERVER['SCRIPT_NAME'] for you're form action; $_SERVER['PHP_SELF'] is XSS exploitable.

    Hope that helps.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • Users who have thanked Fou-Lu for this post:

    Peuplarchie (07-27-2008)

  • #3
    Regular Coder
    Join Date
    Feb 2006
    Posts
    262
    Thanks
    23
    Thanked 1 Time in 1 Post
    Thanks I have figured out with your help, that was exactly what was needed.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •