Page 1 of 1

form help

Posted: Sun Jul 06, 2003 6:22 pm
by blood
I'm trying to make this as short as possible:

Below is a login form. The line that I want to focus on here is:

<form method="post" action="<?php echo $PHP_SELF ?>">

And in this line I want some one to explain to me in detail what this does insided this line?
Now I know I could do something like this, if I had a *.cgi to execute

<form method="post" action="process.cgi">

But this script is in PHP and there is no cgi or PHP that I know of that needs
to be called on?

<?php echo $PHP_SELF ?>

[LOGIN FORM]

The reason I'm asking is every time I press the submit button the form goes no were
and I get these Apache error. Actually, I get these errors as soon as I load the
form in my browser, even before I press the submit button. This is exactly
when the errors occur. They occur as soon as I load the form. Now the form is an .inc
file called stafflogin.inc. it is shown below.

PATHS: I am using paths such as this

../$templates
include "../variables.php";

and so on. I tried to change all my paths to Absolute paths
but this did not help.

So could some one help me understand why I am receiving these errors (Apache Error Log) and
what exactly is "<?php echo $PHP_SELF ?>" ?

Code: Select all


[client XX.XXX.XXX.XXX] PHP Notice:  Undefined variable:  adminname in D:\usr\www\website\htdocs\phpmanager\admin\index.php on line 27
[client XX.XXX.XXX.XXX] PHP Notice:  Undefined variable:  password in D:\usr\www\website\htdocs\phpmanager\admin\index.php on line 28
[client XX.XXX.XXX.XXX] PHP Notice:  Undefined variable:  submit in D:\usr\www\website\htdocs\phpmanager\admin\index.php on line 45
[client XX.XXX.XXX.XXX] PHP Notice:  Undefined variable:  PHP_SELF in D:\usr\www\website\htdocs\phpmanager\templates\default\admin\stafflogin.inc on line 4[/quote]


/* ---------  HERE IS THE STAFFLOGIN.INC FORM ---------------*/

<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
[color=blue]<form method="post" action="<?php echo $PHP_SELF ?>">[/color]
<table border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right" class="main">
Username: <input type="text" class="formfield" name="adminname">
</td>
</tr>
<tr>
<td align="right" class="main">
Password: <input type="password" class="formfield" name="password">
</td>
</tr>
<tr>
<td align="center">
<input type="Submit" name="submit" value="Login" class="formfield">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>

[color=red]EXTREMELY IMPORTANT TO NOTICE:::::::

WHEN PRESSING SUBMIT I CAN'T LOGIN[/color]

Here is a copy of the form's source code when I go to load it into my
browser. Remember that it is being called from the "staffloggin.inc" 
and notice that [color=red](action="")[/color]. Nothing there for action? This is what and
were my script is locking up or failing. I dont know what "action" to give it.

If someone would be so kind to install the script and test it I will be
more than glad to email it to you.

/*-------------- FORM'S SOURCE CODE WHEN LOADED INTO BROWSER
NOTICE THERE IS NOTHING IN THE action="" ------------*/ #################


<html>
<head>
<title>phpManager - Staff Login</title>
<LINK rel="stylesheet" type="text/css" href="../templates/default/styles.css">
</head>
<body>

<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
[color=blue]<form method="post" [color=red]action=""[/color]>[/color] //;[color=red]#########look at action="" nothing here-WTF?[/color]
<table border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right" class="main">
Username: <input type="text" class="formfield" name="adminname">
</td>
</tr>
<tr>
<td align="right" class="main">
Password: <input type="password" class="formfield" name="password">
</td>
</tr>
<tr>
<td align="center">
<input type="Submit" name="submit" value="Login" class="formfield">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>

Posted: Sun Jul 06, 2003 7:45 pm
by McGruff
Php self is just the current php script. Your form script is also the form processor. It sounds like you maybe don't have the manual from php.net (can get a downloadable copy with user comments - recommended). Check out the "predefined variables" section.

You'll probably see an IF (!isset($_POST['var'])) somewhere: if the POST vars aren't set, the form is displayed, if they are, they get processed.

The undefined variables are just that: variables which haven't been declared but have been referenced in some way by your php script/s, for example if your script tries to echo $var; before $var is assigned a value. For some reason, you have several vars which have not been set which points to another problem (or problems) further up the line. Exactly what I couldn't say.

Take a careful look at the line numbers in question and see if you can work out what's going on. You could try searching for the vars in question in this (or other scripts) to find where they are supposed to be set and then try to figure out why they haven't been declared.

Posted: Mon Jul 07, 2003 12:51 am
by Unifex
I find it odd that the action is empty.

Write a quick phptest.php file with the following;

Code: Select all

<?php
phpinfo();
?>
Hit that script and look for php_self. It should read as the path and filename of the script.

Posted: Mon Jul 07, 2003 3:45 am
by twigletmac
Try replacing $PHP_SELF with $_SERVER['PHP_SELF'].

Mac

Posted: Fri Jul 11, 2003 10:28 pm
by blood
Sorry I replied soon, but things got a little busy.

Ok, the first response: the
<?php
phpinfo();
?>
This did work and php is processing the same directory fine.
Try replacing $PHP_SELF with $_SERVER['PHP_SELF'].
The above didn't work at all.

There is a variables.php so, maybe I should let you guys look at this.
There is no USERNAME or PASSWORD specified in this variables.php and I'm assumeing there shouldn't be anyways, because the script is designed to connect to my MySql Database and retrieve and varify and if success should let me pass on.[/quote]

HERE IS THE "variables.php"

Code: Select all

<?php

$rootdirectory = "/usr/www/website/root2";
include ("$rootdirectory/connect.php");

$sql = "SELECT * FROM variables";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$language = $myrow&#1111;"language"];
$template = $myrow&#1111;"template"];
$clientmanagerlogin_title = $myrow&#1111;"clientmanagerlogin_title"];
$clientmanager_title = $myrow&#1111;"clientmanager_title"];
$accountmanagerlogin_title = $myrow&#1111;"accountmanagerlogin_title"];
$accountmanager_title = $myrow&#1111;"accountmanager_title"];
$admin_email = $myrow&#1111;"admin_email"];
$accounts_email = $myrow&#1111;"accounts_email"];
$supports_email = $myrow&#1111;"supports_email"];
$checkout_email = $myrow&#1111;"checkout_email"];
$revecom_email = $myrow&#1111;"revecom_email"];
$paypal_email = $myrow&#1111;"paypal_email"];
$worldpay_email = $myrow&#1111;"worldpay_email"];
$company = $myrow&#1111;"company"];
$processor = $myrow&#1111;"processor"];
$dateformat = $myrow&#1111;"dateformat"];
$instId = $myrow&#1111;"instId"];
$currency = $myrow&#1111;"currency"];
$worldpayPW = $myrow&#1111;"worldpayPW"];
$cp = $myrow&#1111;"cp"];
$currencytype = $myrow&#1111;"currencytype"];
$adminname = $myrow&#1111;"adminname"];
$password = $myrow&#1111;"password"];

if ($dateformat=="US")&#123;

$dateformat = "%m/%d/%y";

&#125; else &#123;

$dateformat = "%d/%m/%y";

&#125;

?>
If this would make it easier for someone to actually install the script
on a windows platform and run it you should be getting the same
problem.

The script was posted here:

http://dbforums.com/showthread.php?thre ... ight=blood

DOWNLOAD LINK: http://dbforums.com/attachment.php?postid=3079966

Oh and one more thing that I should have mentioned.

The index.php is trying to set a cookie. Maybe something is screwed
up here at the top of the script.

HERE IS THE INDEX.PHP Look at were the cookie info is, maybe its messed up.

Code: Select all

<?php


setcookie ("logonname", "");
setcookie ("logonid", "");

setcookie ("logonname", $adminname);
setcookie ("logonid", md5($password));

include ("/usr/www/website/htdocs/phpmanager/variables.php");
include ("$rootdirectory/languages/$language");

?>

<html>
<head>
<title><?php echo $clientmanagerlogin_title ?></title>
<LINK rel="stylesheet" type="text/css" href="../templates/<?php echo $template ?>/styles.css">
</head>
<body>

<?php

// --------------------------------------------------- IF SUBMIT IS CLICKED ---------------------------------------------------------------
if ($submit)&#123;
if (!$adminname && !$password)&#123; // IF NO USERNAME AND PASSWORD
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_userpass ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; elseif ($adminname && !$password)&#123; // IF NO PASSWORD
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_pass ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; elseif (!$adminname && $password)&#123; // IF NO USERNAME
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_user ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; else &#123; // VERIFY USERNAME AND PASSWORD
$secureuser = md5($adminname);
$encryptedpassword = md5($password);
$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND password='$encryptedpassword'";
$result = mysql_query($sql);
if(mysql_num_rows($result)) &#123; // IF VERIFIED
$myrow = mysql_fetch_array($result);
$id = $myrow&#1111;"id"];
$access = $myrow&#1111;"access"];
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_thankyou ?> <?php echo $adminname ?>.
</td>
</tr>
</table>
<?php
if ($access=="breach")&#123;
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;window.location='http://www.yahoo.com';&#125;</script>";

&#125; else &#123;
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;window.location='index2.php';&#125;</script>";
&#125;
&#125; else &#123;
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_error ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125;
&#125;
&#125; else &#123;
// ----------------------------------------------- END IF SUBMIT IS CLICKED ---------------------------------------------------------------

// ----------------------------------------------- PAGE FORMATTING STARTS HERE ---------------------------------------------------------------

include ("../templates/$template/admin/stafflogin.inc"); //("../templates/default/admin/stafflogin.inc");  //("/usr/www/website/htdocs/phpmanager/templates/default/admin/stafflogin.inc");

&#125;

?>

</body>
</html>
Thanks for you time in helping me on this.