Php Forms

[dspurg7310]

I have been exploring a PHP login form. It's pretty simple for the most part and I like it. I have had a lot of trouble trying to find out how to add additional fields to the form to store additional information about a user in the database such as First Name, Last Name, etc. And more recently I have been working on form integration so when a user is logged into their account and wants to submit a form, the PHP will grab their information from their account and add it to the form so they don't have to. Example: With a contact form I have added a hidden "Username" field. If the user is logged in, it grabs their username from their session and includes it in the email, if the user is not logged in or has no account, it simply adds a message to that spot on the email that basically says "Non-Member or not logged in".

 

I want to do something similar with the email. If the user is logged in, I want the email field to grab their email - which I got it to do, but I wanted to take it a step further and if they are a user, it not only grabs their email but makes the email field hidden (like the username) but if they are not a member or not logged in, it shows them an email form to type in. I got the PHP to grab the email & hide the form when logged in but the form will not submit. When logged out, it shows the email field and everything submits fine. This is the code I came up with and I'm not sure how I could correct it to allow the form to submit:

 

<h1>Email Us</h1>
<form name="contactform1" method="post" action="send_contact_email.php" border="0"><fieldset>
<p><label for="first_name">First Name *</label><br /> <input name="first_name" maxlength="50" size="25" type="text" /></p>
<input type="hidden" name="user_name" maxlength="50" value="
<?php
if($session->logged_in){
  echo $session->userinfo['username'];
}else{
  echo "Non-Member or not logged in";
}
?>">
<p><label for="last_name">Last Name </label><br /> <input name="last_name" maxlength="50" size="25" type="text" /></p> 
<p>
<?php
if($session->logged_in){
?>
<input type="hidden" name="email" maxlength="50" size="25" value="
<?php
  echo $session->userinfo['email'];
?>" DISABLED>
<?php
}
  else {
?>
<label for="email">Email Address *</label><br /><input type="text" name="email" maxlength="50" size="25" value="">
<?php
}
?>
</p>
<p><label for="location">Location</label><br /> <input name="location" maxlength="80" size="25" type="text" /></p>
<p><label for="comments">Message *</label><br /> <textarea name="comments" wrap="soft" rows="2" cols="50" type="textarea"></textarea></p>
<p><input value="Submit" type="submit" /> <input value="Clear" type="reset" /></p>
</fieldset></form>

[BrettHartel]

Im still learning php but I think this is what you can do:

 

Before the form code:

 

if($session->logged_in){
$hiddenemail = $session->userinfo['username'];
}else{
$hiddenemail = '0';
}

 

If there is no session, i believe the value becomes 0 and that will be displayed. You could change it to anything you want really. like "User has no e-mail" or "N/A".

Edited December 20, 2012 by BrettHartel

[BrettHartel]

OR! I just thought of this. You could do this inside your form! It will get the users email if logged in, otherwise it will ask the person to enter an e-mail.

if($session->logged_in){
$hiddenemail = $session->userinfo['username'];
}else{ ?>
Email: <input name="email" maxlength="50" size="25" type="text" />
<?php
}

[BrettHartel]

I think this code would also work if you wanted to echo the html.

 

if($session->logged_in){
$hiddenemail = $session->userinfo['username'];
}else{ echo "Email: <input name='email' maxlength='50' size='25' type='text' />"
;}

[Christian F.]

The primary question is: What framework/premade script are you using for your session & login handing?

In order to help you we need to know this, preferably with a link to it, so that we can have a look at the actual code ourselves. Without the code we're reduced to pure guesswork, which seldom works. :-\

Edited December 20, 2012 by Christian F.

[dspurg7310]

Thanks for the responses! I completely spaced the rest of the code. The login I am using is from here: http://blog.geotitles.com/2011/07/php-login-script/

[Christian F.]

I strongly recommend that you drop that script, and use PHPass instead.

 

Not only is the above script severely outdated, using PHP 4 syntax for classes, but it's also riddled with security issues:

• It stores the passwords in plain text.
  
• It relies upon magic quotes to escape the data going into the database(!).
  
• If magic quotes is deactivated, as it is by default for the last 10 years, it'll use addslashes () instead of the correct mysql_real_escape_string (). (Former only escapes a subset of the meta-characters, and does not take differing charsets into consideration.)
  
• Worst of all: You don't even need the password to log in. All you need to know, is the username and user-ID. Both of which are either publicly available or easily guessable.

 

In short: This script was not even fit for use when it was made, and relies upon practises that weren't even considered "best practice" 10 years ago.

[dspurg7310]

But would it be simple to add additional fields to? I am new at it and what I am going to use it for would be good practice for the introduction into PHP scripting. I was hoping to integrate a First Name, Last Name and Location field into it. Is that possible with this kind of script?

[Christian F.]

Yes, quite possible. In fact, since PHPass only deals with properly securing the password, you have to add those fields yourself.

For a good bade to build from, I can recommend this article about secure login systems. Just ignore its use of the global keyword, and use a constant for the debug flag instead.

[dspurg7310]

So what is the "signature" thing? Is that something else I would need to download and install as well? I am very new at PHP and need the installation be be pretty simple lol