Jump to content

Recommended Posts

Hello,

Am writing a script that involves user input.

Take an example: a user fills in a wrong username or password at the page login.php, my login processor (processor.php) detects it, how is the error "WRONG USERNAME OR PASSWORD" supposed to be transferred back to login.php.

So far I have been using a session variable to transfer the error but am sure there is a better way to do this without displaying the error on processor.php itself.

 

Thanx in advance

Link to comment
https://forums.phpfreaks.com/topic/233302-error-handling/
Share on other sites

The problem with that method is that users will be able to play around with errors. For example if you call header with the location "login.php?error=17" and then require an error handling file such as error.php to translate $_GET['error']=17 as "WRONG USERNAME OR PASSWORD", then a curious user or hacker could intentionally enter "login.php?error=25" into the address bar to force an error.

Link to comment
https://forums.phpfreaks.com/topic/233302-error-handling/#findComment-1199793
Share on other sites

The problem with that method is that users will be able to play around with errors. For example if you call header with the location "login.php?error=17" and then require an error handling file such as error.php to translate $_GET['error']=17 as "WRONG USERNAME OR PASSWORD", then a curious user or hacker could intentionally enter "login.php?error=25" into the address bar to force an error.

Why is that a problem? It's not a real error since it's just displaying a string based on the error number.

 

Does login.php submit the username/password form to process.php?

Link to comment
https://forums.phpfreaks.com/topic/233302-error-handling/#findComment-1199795
Share on other sites

For a simple login, you can just submit the form to itself. Paste this into a new file, play with it and see how it works. It should give you some ideas as to how to accomplish what you're trying to do.

 

<?php
if( isset($_POST['submitted']) && $_POST['submitted'] == 'yes' ) { //check for hidden field value to indicate form has been submitted
$errors = array(); // initialize an array to hold validation errors
$_POST = array_map('trim', $_POST); // trim all $_POST array values

if( !empty($_POST['name']) ) { // validate the name field
	if( !ctype_alpha($_POST['name']) ) {
		$errors['name'][] = 'Name must be alphabetic characters only.'; // if name has non alpha chars, store error
	}
	if( strlen($_POST['name']) < 3 || strlen($_POST['name'] > 20) ) {
		$errors['name'][] = 'Name must be from 3 to 20 characters.'; // if name has too many/few chars, store error
	}
} else {
	$errors['name'][] = 'Name is a required field.'; // if name is empty, store error
}

if( !empty($_POST['number']) ) { // same validations as in name, above.
	if( !ctype_digit($_POST['number']) ) {
		$errors['number'][] = 'Number must be numeric.';
	}
	if( strlen($_POST['number']) < 5 || strlen($_POST['number']) > 10 )  {
		$error = 'Number must be from 3 to 20 digits. It is currently ' . strlen($_POST['number']) . ' digit';
		$error .= strlen($_POST['number']) == 1 ? '.' : 's.';
		$errors['number'][] = $error;
	}
} else {
	$errors['number'][] = 'Number is a required field.';
}
if( !empty($errors) ) {  // if the $errors array is not empty, display the errors to allow the user to correct them and resubmit the form
	$echo = array();
	foreach( $errors as $v ) {
		if( is_array($v) ) {
			$echo[] = implode('<br>', $v );
		} else {
			$echo[] = $v;
		}
	}
	$err_echo ="<font color=\"red\">The following errors were detected:<br>";
	$err_echo .= implode("<br>\n", $echo);
	$err_echo .= '</font>';
}
}
if( (isset($_POST['submitted']) && !empty($errors)) || !isset($_POST['submitted']) ) {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<style type="text/css" media="screen">
body {
font-family: helvetica, arial, sans-serif;
font-size: 0.85em;
line-height: 1.25em;
letter-spacing: -0.5px;
}
input {
border: 1px solid #336699;
padding: 0.1em;
margin: 5px;
color: #113366;
}
input.error {
background-color: #F2BDCA;
color: #850310;
border: 1px solid red;
}
input.good {
background-color: #D3F5D3;
border: 1px solid #156B15;
color: #156B15;
}
input.submit {
background-color: #CCCCCC;
border: 1px solid #888888;	color: #333333;
padding: 2px;
margin: 0;
font: 0.9em helvetica, arial sans-serif;
}
</style>
<title> Work In Progress</title>
</head>
<body>
<?php
echo !empty($err_echo) ? $err_echo : '';
?>
<form method="post" action="">
Name (3-20 letters):
<input type="text"
class="<?php if( isset($_POST['submitted']) ) { echo !empty($errors['name']) ? 'error' : 'good'; } ?>"
name="name"
value="<?php echo isset($_POST['name']) ? $_POST['name'] : ''; ?>">
<br>
Number (5-10 numbers):
<input type="text"
class="<?php if( isset($_POST['submitted']) ) { echo !empty($errors['number']) ? 'error' : 'good'; } ?>"
name="number" value="<?php echo isset($_POST['number']) ? $_POST['number'] : ''; ?>">
<br>
<input type="hidden" name="submitted" value="yes">
<input class="submit" type="submit" name="submit" value="
<?php echo !empty($errors) ? 'Re-Submit' : 'Submit'; ?>
">
</form>
<?php
} else {
// Form was submitted, and validated with no errors. OK to run db insert, display success message, etc.
echo "Successful submission!";
}
?>
</body>
</html>

[/code]

Link to comment
https://forums.phpfreaks.com/topic/233302-error-handling/#findComment-1199808
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.