Jump to content

php form file calling itself


Go to solution Solved by Ch0cu3r,

Recommended Posts

In the program below I would like to process the variables from the the php generated form by using this same file with code I haven't written yet. The problem is if I add this very script to the action attribute of the form, the page will start at the top again and keep asking the user to enter a password. I would like to continues processing the form variables just further down the page/file of this document, how can I, or can I accomplish this? Thanks.

 

<?php
session_start();

$hash = $_SESSION['hash'];
$email = $_SESSION['email'];
$passwd = $_POST['passwd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $result = $db->query("SELECT oldpasswd, hash FROM users WHERE email='$email'");
    $row = $result->fetchArray();

    if($row['oldpasswd'] == $passwd)
    {
        echo "<form>";
        echo "<table>";
        echo "<tr><td>";
        echo "New Password<input type='text' name='newpasswd1'</td></tr>";
        echo "<tr><td>";
        echo "Re-Enter Password<input type='text' name='newpasswd2'</td></tr>";
        echo "</table>";
        echo "</form>";
    }
    else
    {
        echo "Invalid password<br />";
    }
}

?>
Link to comment
https://forums.phpfreaks.com/topic/282869-php-form-file-calling-itself/
Share on other sites

You'll want to add more logic to your code. Only display the reset password form when the form has not been submitted

 

Something like

if(isset($_POST['newpass1'))
{
   // update password
   // and display new form or page
}
else
{
   // display form for resetting password
}

 

You'll want to add more logic to your code. Only display the reset password form when the form has not been submitted

 

Something like

if(isset($_POST['newpass1'))
{
   // update password
   // and display new form or page
}
else
{
   // display form for resetting password
}

Thanks. So what if I want my current form to vanish while being replaced my the new form rather than just stacking the forms one on top of the other? Thanks again.

It doesn't stack the forms, it'll display one or the other. Do you understand how the if/else control structure works?

 

php.net/if

php.net/else

 

Example code

<?php
// check if form has been submitted
if(isset($_POST['submit'])) {
   // display what was entered
   echo 'You entered: ' . $_POST['entry'];
} else {
   // form hasn't been submitted display form
   echo '<form action="" method="post">
  <input type="text" name="entry" placeholder="Type Something here" />
  <input type="submit" name="submit" value="GO" />
</form>';
}
?>

 

It doesn't stack the forms, it'll display one or the other. Do you understand how the if/else control structure works?

 

php.net/if

php.net/else

 

Example code

<?php
// check if form has been submitted
if(isset($_POST['submit'])) {
   // display what was entered
   echo 'You entered: ' . $_POST['entry'];
} else {
   // form hasn't been submitted display form
   echo '<form action="" method="post">
  <input type="text" name="entry" placeholder="Type Something here" />
  <input type="submit" name="submit" value="GO" />
</form>';
}
?>

Yes, I understand how an if/else system works. I was referring to a form that may have already been printed to the browser. I've adjusted the code but I keep getting "Invalid password" no matter what I enter into the form just above it. Take note that the IF the creates this form is based upon outside variables, the invalid message should only run if the variables the feed the IF statement that creates the form are incorrect, invalid should not be displayed as a result of anything that's entered into the form you see here, or at least that what I intended. So my if(isset) functions never runs.

<?php
session_start();

$hash = $_SESSION['hash'];
$email = $_SESSION['email'];
$passwd = $_POST['passwd'];

$db = new SQLite3('./users.db', SQLITE3_OPEN_READWRITE);

if(!$db)
{
    echo "Could not open/access DB";
}
else
{
    $result = $db->query("SELECT password, rstring FROM users WHERE email='$email'");
    $row = $result->fetchArray();

    if($row['password'] == $passwd)
    {
    echo "<form>";
    echo "<table>";
    echo "<tr><td>";
    echo "New Password<input type='text' name='newpassword1'</td></tr>";
    echo "<tr><td>";
    echo "Re-Enter Password<input type='text' name='newpassword2'</td></tr>";
    echo "<tr><td><input type='submit' value='submit'></td></tr>";
    echo "</table>";
    echo "</form>";
    }
    else
    {
    echo "Invalid password<br />";
    }

    if(isset($_POST['newpassword1']) && isset($_POST['newpassword2']))
    {
    echo "This is from the form $_POST[newpassword1]<br />";
    echo "This is from the form $_POST[newpassword2]<br />";
    }
}

?>

 

Well this line

 if($row['password'] == $passwd)

Is checking to see if the password in the database matches the password the user entered. 

 

Is the passwords in your database encrypted (eg md5, sha1 etc)? If you're storing the passwords in their encrypted form, then you'll have to encrypt the password the user entered when comparing the passwords, example

 if($row['password'] == md5($passwd))

 

Well this line

 if($row['password'] == $passwd)

Is checking to see if the password in the database matches the password the user entered. 

 

Is the passwords in your database encrypted (eg md5, sha1 etc)? If you're storing the passwords in their encrypted form, then you'll have to encrypt the password the user entered when comparing the passwords, example

 if($row['password'] == md5($passwd))

That's not the if I'm having trouble with, it's the fact that the next one is not being ran at all. The next IF "if(isset($_POST['newpassword1']) && isset($_POST['newpassword2']))", is an IF statement unto itself so I don't see why it isn't running by default after the above if/else statements gets through. After the user enters the new password twice in the form following the if/else should run by default, which in this case is my isset IF, but all I'm getting is "Invalid Password" from the preceding if/else. Oh, and how the passwords are not encrypted.

  • Solution

Just noticed the form you're echo'ing out, the form doesn't have a submit method defined.

    echo "<form>";

By default forms submit method is GET. You need to set the forms submit method to post.

    echo "<form method='post'>";

Also the input tags for the password fields are not closed properly either.

echo "New Password<input type='text' name='newpassword1'></td></tr>";

echo "<tr><td>";     echo "Re-Enter Password<input type='text' name='newpassword2'></td></tr>";

Edited by Ch0cu3r
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.