Jump to content

Error session variable not displaying message in another php file


Go to solution Solved by cyberRobot,

Recommended Posts

Hi!
I have 2 files based on the Model View Arhitecture.

The file login.php and the config file containing the db connection are in the model folder and the login_view is in view folder.

I am trying to make a login form am display some error messages to the user, but I don't get the error messages.

Can you help me figure it out?

PS: the connection to the db works fine!

Thx!

LOGIN.PHP

<?php
 //start the session
 session_start();
 foreach (glob("model/*.php") as $filename) {
    include $filename;
}

 //form defaults
 $error["alert"]= "";
 $error["user"]= "";
 $error["pass"]= "";
 $input["user"]= "";
 $input["pass"]= "";

if(isset($_POST["submit"]))
{
    //process form
    if($_POST["username"] == "" || $_POST["password"] == ""){
        //display errors
        if($_POST["username"] == ""){$error["user"] = "required";}
        if($_POST["password"] == ""){$error["pass"] = "required";}
        $error["alert"] = "Please fill in the required fields";

        //get the values for the username and password
        $input["user"]= $_POST["username"];
        $input["pass"]= $_POST["password"];
   
        include("../views/login_view.php");
    }
}else{
    include("../views/login_view.php");
}
LOGIN_VIEW.PHP

<?php
    session_start();
    foreach (glob("model/*.php") as $filename) {
        include $filename;
    }
?>
<link href="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
<script src="//maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<!------ Include the above in your HEAD tag ---------->

<!--author:starttemplate-->
<!--reference site : starttemplate.com-->
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <meta name="keywords"
          content="unique login form,leamug login form,boostrap login form,responsive login form,free css html login form,download login form">
    <meta name="author" content="leamug">
    <title>Unique Login Form | Bootstrap Templates</title>
    <link href="/styles/style.css" rel="stylesheet" id="style" type="text/css">
    <!-- Bootstrap core Library -->
    <link href="//netdna.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
    <script src="//netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js"></script>
    <script src="//code.jquery.com/jquery-1.11.1.min.js"></script>
    <!-- Google font -->
    <link href="https://fonts.googleapis.com/css?family=Dancing+Script" rel="stylesheet">
    <!-- Font Awesome-->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
</head>
<body>

<!-- Page Content -->
<div class="container">
    <div class="row">
        <div class="col-md-offset-5 col-md-4 text-center">
            <h1 class='text-white'>Login Form</h1>
            <form action ="" method="POST">
              <div class="form-login"></br>
                </br>
                <?php
                    if($error["alert"] != ''){
                        echo "<div class='alert'>".$error["alert"]."</div>";
                    }
                ?>
                <div>
                    <input type="text" name ="username" id="userName" class="form-control input-sm chat-input" placeholder="Username" value= "<?php echo $input['user'] ?>" required/>
                    <?php echo $error['user'] ?>
                </div>
                </br></br>
                <input type="text" name ="password" id="userPassword" class="form-control input-sm chat-input" placeholder="Password" value= "<?php echo $input['password'] ?>" required/>
                <div class="error"> <?php echo  $error['pass'] ?>
                </br></br>
                <div class="wrapper">
                <input type="submit" class="btn btn-primary" value="submit">
                 
                </div>
            </div>
        </div>
    </form>
    </div>
</div>
</body>
</html>

 

Edited by Alexa
Link to post
Share on other sites

Try adding some echo statements to your if constructs where you test the form input. That way you can make sure the code is executing properly. For example, you could try something like this:

if(isset($_POST["submit"]))
{

    echo '<br>form submission detected';

    //process form
    if($_POST["username"] == "" || $_POST["password"] == ""){

        echo '<br>either username or password is blank';

 

Note that you'll want to comment out or remove the session code in your login_view.php file to avoid errors caused by the above echo statements. That session code isn't necessary anyways since you already started the session in your login.php file.

Link to post
Share on other sites

What was the problem that you noticed? Are you getting an error? If so, what is it?

If you haven't done so already, it may help to set PHP to display all errors. You could add the following code to the top of login.php:

//REPORT ALL PHP ERRORS
error_reporting(E_ALL);
ini_set('display_errors', 1);

Just remember to remove the code when you are done debugging the script.

Link to post
Share on other sites

You have made a classic mistake of depending on the name of a button to be submitted for your code to work instead of checking the POST Request Method. Since you didn't name your submit button, the code does not do anything. The fix is NOT to add a name to the button, but to instead check the REQUEST METHOD instead.

Depending on the name of a button to be submitted will completely fail in certain cases.
 

if($_SERVER['REQUEST_METHOD'] == POST’){

// Do stuff

}

Your error checks will also fail. You need to trim the entire POST array and then check for empty.

Do not create variables for nothing.

Your code is also vulnerable to an XSS Attack. You are allowing user supplied data directly in your form.

Edited by benanamen
  • Great Answer 1
Link to post
Share on other sites
20 hours ago, cyberRobot said:

What was the problem that you noticed? Are you getting an error? If so, what is it?

If you haven't done so already, it may help to set PHP to display all errors. You could add the following code to the top of login.php:


//REPORT ALL PHP ERRORS
error_reporting(E_ALL);
ini_set('display_errors', 1);

Just remember to remove the code when you are done debugging the script.

So, I had some undefined variable errors and I solved them by deleting that code from the login_view.php file, as  I don't need them now. But if I leave the input fields empty and hit submit, the problem remains the same: nothing happens, no error messages displayed

Link to post
Share on other sites
16 hours ago, benanamen said:

You have made a classic mistake of depending on the name of a button to be submitted for your code to work instead of checking the POST Request Method. Since you didn't name your submit button, the code does not do anything. The fix is NOT to add a name to the button, but to instead check the REQUEST METHOD instead.

Depending on the name of a button to be submitted will completely fail in certain cases.
 


if($_SERVER['REQUEST_METHOD'] == POST’){

// Do stuff

}

Your error checks will also fail. You need to trim the entire POST array and then check for empty.

Do not create variables for nothing.

Your code is also vulnerable to an XSS Attack. You are allowing user supplied data directly in your form.

I tried and implemented your suggestion, but the problem remains the same..

Link to post
Share on other sites
  • Solution

Just to make sure, for benanamen's suggestion, you should replace the following line:

if(isset($_POST["submit"]))

With the line below. Note that I removed the curly / smart quotes around POST.

if($_SERVER['REQUEST_METHOD'] == 'POST')

I would also add some sort of debug code to see if the if test is working. For example,

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    echo '<br>form submission detected';

Does the script display "form submission detected" after submitting the form? Also, if the script still doesn't work as you expect, please post your most recent code.

  • Thanks 1
Link to post
Share on other sites
22 hours ago, cyberRobot said:

Just to make sure, for benanamen's suggestion, you should replace the following line:



if(isset($_POST["submit"]))

With the line below. Note that I removed the curly / smart quotes around POST.



if($_SERVER['REQUEST_METHOD'] == 'POST')

I would also add some sort of debug code to see if the if test is working. For example,



if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    echo '<br>form submission detected';

Does the script display "form submission detected" after submitting the form? Also, if the script still doesn't work as you expect, please post your most recent code.

So, I tried your suggestion. The problem was that the form got submitted before entering the data. Anyway, https://codeshack.io/secure-login-system-php-mysql/ I found this site and from here I made a working login. I need to read more about php sessions and post and get. But one last question, for example if I start a session on the config/database.php file must I start another one in the login.php? Or the session must be uniquely defined in one folder?

 

Thank you for all the help. I will mark both answers as solution as they helped me kind of figure out the problem.

Edited by Alexa
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.