$_POST not working after first time through

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
chris8421
Forum Newbie
Posts: 5
Joined: Fri Jan 08, 2010 3:56 pm

$_POST not working after first time through

Post by chris8421 »

Hi, I am pretty new to php. I am trying to set up a section on my website that is password protected. Everything was working fine on my local server, but I am running into a problem testing it with godaddy.

When the user types in the wrong username or password, the page notifies them and then the second time the enter in information in the html form, the php variables do not read the POST variables unless I wait 20 seconds before trying again. I've tried a few things and nothing changes the fact that the second time the php script runs, the $user and $password variables are blank, unless I wait 20 seconds. Here is the php script that runs after the html form is filled out.

Code: Select all

 
<?php
 
   $user = $_POST['username'];
   $pass = $_POST['password'];
 
   include("dbinfo.inc.php");
   mysql_connect('$myhostname',$myusername,$mypassword);
   mysql_select_db($database) or die( "Unable to select database");
 
   $query="SELECT * FROM userinfo WHERE username='$user'";
   $result=mysql_query($query);
   $num=mysql_numrows($result);
 
   mysql_close();
 
   if ($num == 0){
        echo "$user, $pass"; //Troubleshooting, first time correct output, after the result is " , "
      include("signininc.html"); //goes to form with error message
 
   }
   else{
      $passwordcheck=mysql_result($result,0,"password");
      if ($pass != $passwordcheck){
         include("signininc.html"); //goes to form with error message
      }
      else{
      $folder=mysql_result($result,0,"folderid");
      include("$folder/$folder.html");   
      }
   }
 
?>
Any help is much appreciated, I've been stuck a whole day on this.
Chris
parino_esquilado
Forum Newbie
Posts: 13
Joined: Wed Apr 22, 2009 12:22 pm

Re: $_POST not working after first time through

Post by parino_esquilado »

the $_POST variables are unset once you navigate away or whatever.
chris8421
Forum Newbie
Posts: 5
Joined: Fri Jan 08, 2010 3:56 pm

Re: $_POST not working after first time through

Post by chris8421 »

I get that they are unset, the problem is then when I return to this script through the same form less than 20 seconds later they dont get set again, if that makes sense.
parino_esquilado
Forum Newbie
Posts: 13
Joined: Wed Apr 22, 2009 12:22 pm

Re: $_POST not working after first time through

Post by parino_esquilado »

chris8421 wrote:I get that they are unset, the problem is then when I return to this script through the same form less than 20 seconds later they dont get set again, if that makes sense.
do you have a link that I could see what you mean?
User avatar
manohoo
Forum Contributor
Posts: 201
Joined: Wed Dec 23, 2009 12:28 pm

Re: $_POST not working after first time through

Post by manohoo »

Post the code of signininc.html
User avatar
Weiry
Forum Contributor
Posts: 323
Joined: Wed Sep 09, 2009 5:55 am
Location: Australia

Re: $_POST not working after first time through

Post by Weiry »

Try this updated code, there is no need to do multiple checks for username and password etc.

Code: Select all

 
<?php
    include("dbinfo.inc.php");
    $connection = mysql_connect($myhostname,$myusername,$mypassword);
    mysql_select_db($database, $connection) or die( "Unable to select database");
    
    $query = "SELECT * FROM `userinfo` WHERE `username`='{$_POST['username']}' AND `password` = '{$_POST['password']}'";
    $result = mysql_query($query, $connection);
    
    mysql_close($connection);
    
    if (!$result || empty($result)){
        print "{$_POST['username']}, {$_POST['password']}";
        include("signininc.html");
    }else{
        $folder = mysql_result($result,0,"folderid");
        include("$folder/$folder.html");  
    }
 
?>
In a way, only returning a single error if the username or password is incorrect can be better as it can help prevent unauthorized login's as the user will not know if the username is correct or if the password is wrong.

But as for your 20 second delay, im not 100% sure what could be causing it, although there could be a possibility that because your opening and closing a mysql connection each time the page loads, the web server its hosted on may have some sort of timeout before a new connection is made.

Try commenting out the mysql_close($connection) line and see if that makes a difference. The downside to this is that your leaving your mysql connection open.
MichaelR
Forum Contributor
Posts: 148
Joined: Sat Jan 03, 2009 3:27 pm

Re: $_POST not working after first time through

Post by MichaelR »

Don't use the code above as it is. You need to escape the $_POST data before you pass it through an SQL query.
User avatar
Weiry
Forum Contributor
Posts: 323
Joined: Wed Sep 09, 2009 5:55 am
Location: Australia

Re: $_POST not working after first time through

Post by Weiry »

MichaelR wrote:Don't use the code above as it is. You need to escape the $_POST data before you pass it through an SQL query.
"Need" is not entirely correct. It depends on the situation and whether you want to allow special characters.

Older username systems and password systems don't allow users to have ' " \ characters as a part of their information.
However, newer systems are allowing users to use special characters in passwords which would need to be escaped.

If escaping did need to be done, you would first pass the information through some sort of validation class which you could then return a addslashes($str) string.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: $_POST not working after first time through

Post by Eran »

You should * always * escape user input, and this has nothing to do with special characters. As it stands, this query is extremely vulnerable to SQL injection attacks and even non-malicious input can easily break it.
chris8421
Forum Newbie
Posts: 5
Joined: Fri Jan 08, 2010 3:56 pm

Re: $_POST not working after first time through

Post by chris8421 »

Thank you for all the replies over the weekend. I have updated the code to escape the $_POST data and to check username and password simultaneously, but I am still getting the same problem. I also get this error message that I think might help figure this out:

If I enter a username or password that is incorrect and then go back and try to reload the first sign in page right away this message shows up:
Method Not Implemented
username=oji&password=mobileGET to /MU/signin.html not supported.

Invalid method in request username=oji&password=mobileGET /MU/signin.html HTTP/1.1
I think the way I am incorporating the html with the php script might not be the right way of going about this. I have the initial signin.html page that is basically this form in the body:

Code: Select all

<form action="sessionstart.php" method="post">
    Username<br>
    <input type="text" name="username" size="15">
    <br>
    Password<br>
    <input type="password" name="password" size="15">
    <br>
    <input type="Submit" value="Sign In">
    </p>
</form>
then heres my updated sessionstart.php:

Code: Select all

<?php 
    
    include("dbinfo.inc.php");
    $connection = mysql_connect($hostname,$username,$password);
    mysql_select_db($database) or die( "Unable to select database"); 
    
    $query = sprintf("SELECT * FROM userinfo WHERE username='%s' AND password='%s'",
        mysql_real_escape_string($_POST['username']),
        mysql_real_escape_string($_POST['password']));
    $result=mysql_query($query, $connection);
    $num=mysql_numrows($result); 
 
    //mysql_close($connection);
    
    if ($num == 0){
        include("signininc.html");
    }
    else{
    $folder=mysql_result($result,0,"folderid");
    include("$folder/$folder.html");    
    }
 
?>
 
then my signininc.html is basically the same as the signin.html except for the text saying the username or password is incorrect:

Code: Select all

<b><small><font color="#FF0000">Username or Password is Incorrect - Try Again</font></small></b><br>
<form action="sessionstart.php" method="post">
    Username<br>
    <input type="text" name="username" size="15">
    <br>
    Password<br>
    <input type="password" name="password" size="15">
    <br>
    <input type="Submit" value="Sign In">
    </p>
</form>
So the error message pops up only when I go back and try to reload the signin.html page after entering already entering a username and password. Any ideas?

Thanks again for the previous responses!
Chris
chris8421
Forum Newbie
Posts: 5
Joined: Fri Jan 08, 2010 3:56 pm

Re: $_POST not working after first time through

Post by chris8421 »

I changed everything to GET instead of POST and it works! I guess I need to go learn the details of the differences between the two...
Post Reply