PHP-generated form with POST method sending as GET instead
Posted: Mon Dec 21, 2009 8:25 pm
Hi, folks - experienced coder here, but running into something I've never seen before (PHP hasn't been my primary language), and I may just be missing something obvious. Searched for anyone with a similar problem, but my usually effective Google mojo isn't helping me figure the right keyphrases to turn up others with the same problem - or the solution!
Building a site for a client; customized templates, customized databases, and so forth. "index.php" has the following line in it:
"navmenu.php" builds the navigation menu, based on which page the user is on (to highlight and disable that button), and whether or not they're logged in. Nothing fancy there, code-wise - simple "if" statements to determine which versions of each piece of the menu to display. If the user is not logged in, the following lines generate a short username/password form to log in with:
(I've stripped out some irrelevant CSS-related tags and attributes to make it easier to read.)
url_getCurrentUrl() uses $_SERVER variables to reconstruct the current URL (so they can log in from any page and be right back on that page), and is functioning correctly (I've tested it in my sandbox page). (The argument is there in case I want to strip any query info from the current URL.)
The problem I'm having is that, despite the fact that I've specified a method of POST, when the form is submitted, the browser goes to the same page I'm on (that's correct) but appends GET variables on the URL...totally visible in the address bar, which is obviously a problem for a username and password! I have no idea why it keeps sending the form values as GET instead of POST, and this is what I've been trying to figure out.
(As a note, I've done this with a straight up Submit button as well, just for testing purposes - though the client will need the PNG button in the end - but I get the same results, so I don't believe that's the problem.)
Tried it on my own server as well as the client's server - same problem. Then I tried adding a line into index.php itself, which is basically the same form all over again, but with the full text just typed out (including the action value) in HTML instead of using a PHP echo...and that form, in fact, works correctly! Which just baffles me even more - once the HTML page is in the browser, it's running strictly on HTML rules, as far as I knew, and the PHP that constructed it server-side is completely irrelevant...yes? So why would there be a difference between my generating the form in a separate PHP file and requiring it and simply typing out the HTML form manually?
And, more importantly, why would this form be sending the values as GET instead of POST anyway? I've been banging my head against this one for a couple of days now, as it doesn't make any sense to me...and, obviously, the rest of the site (which is working really well) is rather useless if something as simple as a PHP-generated HTML form is getting in the way of the user logging in.
Any ideas, folks? Thanks.
Cheers!
Building a site for a client; customized templates, customized databases, and so forth. "index.php" has the following line in it:
Code: Select all
require('templates/navmenu.php');Code: Select all
$redirectUrl = url_getCurrentUrl(true);
echo '<form name="loginForm" action="' . $redirectUrl . '" method="post"><input type="hidden" name="task" value="loginAttempt" />SIGN IN: <input name="username" type="text" size="15" value="" /><input name="userpass" type="password" size="15" value="" /> <a style="cursor: pointer;" onclick="loginForm.submit();"><img src="img/img_login-button.png" width="14" height="16" border="0" align="top" alt="@"></a> or <a href="register.php">REGISTER</a></form>';url_getCurrentUrl() uses $_SERVER variables to reconstruct the current URL (so they can log in from any page and be right back on that page), and is functioning correctly (I've tested it in my sandbox page). (The argument is there in case I want to strip any query info from the current URL.)
The problem I'm having is that, despite the fact that I've specified a method of POST, when the form is submitted, the browser goes to the same page I'm on (that's correct) but appends GET variables on the URL...totally visible in the address bar, which is obviously a problem for a username and password! I have no idea why it keeps sending the form values as GET instead of POST, and this is what I've been trying to figure out.
(As a note, I've done this with a straight up Submit button as well, just for testing purposes - though the client will need the PNG button in the end - but I get the same results, so I don't believe that's the problem.)
Tried it on my own server as well as the client's server - same problem. Then I tried adding a line into index.php itself, which is basically the same form all over again, but with the full text just typed out (including the action value) in HTML instead of using a PHP echo...and that form, in fact, works correctly! Which just baffles me even more - once the HTML page is in the browser, it's running strictly on HTML rules, as far as I knew, and the PHP that constructed it server-side is completely irrelevant...yes? So why would there be a difference between my generating the form in a separate PHP file and requiring it and simply typing out the HTML form manually?
And, more importantly, why would this form be sending the values as GET instead of POST anyway? I've been banging my head against this one for a couple of days now, as it doesn't make any sense to me...and, obviously, the rest of the site (which is working really well) is rather useless if something as simple as a PHP-generated HTML form is getting in the way of the user logging in.
Any ideas, folks? Thanks.
Cheers!