Jump to content

Python dev learning PHP - issue with multiple form submit buttons

Morrolan

By Morrolan
in PHP Coding Help

 Share

Recommended Posts

Morrolan Newbie

Morrolan

Posted
Posted

Hi,

 

I'm pretty new to php, having mostly worked with C#, Objective-C and Python.

 

I am trying to write a basic script with 1 input box and 2 buttons.  The first button I want to submit a password, and the hash is then printed to the page.

 

My second button I want to verify the hash, and see if it matches what was submitted.  If it does, I want it to print that it matches.  Simple password form operation basically.

 

However, my second button isn't working and I'm not sure why?

$password_submitted = false;

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $submitted_password = $_POST["password"];
}
?>

<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Password: <input type="password" name="password">
    <br><br>
    <input type="submit" name="submit" value="Submit">
</form>

<?php
if ($submitted_password != "") {
    $hash = password_hash($submitted_password, PASSWORD_DEFAULT);
    echo "Password Hash:  " . $hash;
}
?>

<br><br>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
    <input type="submit" name="submit" value="Compare Passwords">
</form>

<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {

    if ($password_submitted == true) {
        verify_password($submitted_password, $hash);
    }
}

function verify_password($submitted_password, $hash) {

    if (password_verify($submitted_password, $hash)) {
        echo "Password match!\n";
    }
}
?>

Is it because I am submitting to the same script twice?  If so, how would one work around that limitation?

 

Kind Regards,

Morrolan

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

You're submitting an empty form the second time, so if ($password_submitted == true) { fails.

 

What you're trying to do is inherently flawed though. In order to recreate the hash, you have to use the value that was just submitted as a password. But since you're not storing the hash, you'd have to generate a new hash when you try to compare it. Since bcrypt creates a unique salt, the new hash will be different than the first one.

 

You need to be storing the hash in some way (like a session, a database, a file, etc) that persists between page loads.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.