PHP localhost vs network IP

[Jayel]

Hi,

 

It's been a while since I was in the programming scene and have just started a PHP book, the books great and this is most definitely not their fault.

 

Ok, I have 2 files, login.php & movie1.php.

 

login.php unsets all previous sessions and posts to movie1.php from a simple login and password input form.  When I load up login.php using http://localhost my systems(Ubuntu 10.10) root username and password(with *s) is auto-completed in the input boxes yet when I use http://192.0.0.2(my machines network IP) it is not. 

 

I thought this might be to do with the lo interface so I checked with 127.0.0.1 and nope there is no root/pass auto-completed.

 

Simple question arises.......wtf?  Why does http://localhost do this? (and yes I deleted all stored info; cookies, sessions etc.)

[ChemicalBliss]

Sorry, just for clarification;

 

Do you mean localhost stores usernames and passwords from forms (like firefox and ie etc on pc's)?

Or are you saying that you do not need to specify a user/pass when using mysql_connect() on a localhost request, rather than a direct IP request?

 

Former: Browser dependant, try different browsers.

Latter: Specify the user/pass, or alternatively:

 

[*]check your php.ini for the default user/pass it uses and make sure that user/pass exists and has access

[*]check that mysql allows the user mentioned in php.ini access mysql via those ip-addresses - (host,user,pass)

 

Usually though for the latter, php would use the default "root" account, for which usually only "localhost" is allowed as a hostname. Perhaps your trying to specify an ip-address in the mysql_connect() call, just use localhost if so and it should be fine.

To add hostnames to a mysql user, check google. it is only a few commands but I dont know them off-by-heart.

[Jayel]

Hi thanks for the response.

 

I am not using MySQL at all in this code, it is as follows:

 

<?php
session_unset();
?>
<html>
<head>
<title>Please login</title>
</head>

<body>
<form method="post" action="movie1.php">
    <p>Enter your username:
        <input type="text" name="user">
    </p>
    <p>Enter your password:
        <input type="password" name="pass">
    </p>
    <p>
    <input type="submit" name="Submit" value="Submit">
    </p>
</form>
</body>
</html>

 

When I load this in my browser as http://localhost the input boxes are automatically populated with my root username and password.  This happens in both FF and Chrome even after clearing all history.

[ChemicalBliss]

There are no value attributes in your html so it is _not_ the html (php output) that is creating those stored values. It must be your browser.

 

You can implement this feature using cookies (more permanent session for example) for every browser using php to save form data or w/e from that user (could be lengthy and mysql reccommended).

 

or if you go the other route you can blank all fields by a) putting value="" in each input text/password element and b) add no-cache headers to the response via php header().

 

Note*

also, the reason it only works on certain "routes" to the website (ip's for example), is because you have only submitted the data via the domain that it works on (in this case you have only logged-in on localhost, or, logged in AND chose to save the user/pass - usually browsers give you this option). To test this, login on a browser you know it works on localhost, go to the ip equivalent (127.0.0.1), and log in, now once you logout and refresh it should save the data for that domain too.

[Jayel]

I understand there are much more secure and efficient ways to perform this function but as I say I have just started tutorials.

 

How can it be my browser when both FF and Chrome are doing this and I have deleted every last piece of stored data I can from them?

[ChemicalBliss]

I don't know but if that is indeed the code I garuntee 110% it is not that script.

 

Perhaps google some info about those browsers and how they store passwords. Btw, i hope by "history" you mean "data", since history in browsers is usually just the page caches and not stored cookies or passwords etc.

[Jayel]

I do mean data, I deleted everything closed the browser(both of them) and restarted but still auto-populated.

 

I might also add I have never input my root username and password into any website....ever, so the browser has never had the information to store  :-\

[ChemicalBliss]

I would ask this question in an ubuntu specialist forum, maybe someone there can shed some light on this. I know it's not the code, it is definitely something with your system software/configuration.