Page 1 of 1
$_POST not working after first time through
Posted: Fri Jan 08, 2010 3:58 pm
by chris8421
Hi, I am pretty new to php. I am trying to set up a section on my website that is password protected. Everything was working fine on my local server, but I am running into a problem testing it with godaddy.
When the user types in the wrong username or password, the page notifies them and then the second time the enter in information in the html form, the php variables do not read the POST variables unless I wait 20 seconds before trying again. I've tried a few things and nothing changes the fact that the second time the php script runs, the $user and $password variables are blank, unless I wait 20 seconds. Here is the php script that runs after the html form is filled out.
Code: Select all
<?php
$user = $_POST['username'];
$pass = $_POST['password'];
include("dbinfo.inc.php");
mysql_connect('$myhostname',$myusername,$mypassword);
mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM userinfo WHERE username='$user'";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
if ($num == 0){
echo "$user, $pass"; //Troubleshooting, first time correct output, after the result is " , "
include("signininc.html"); //goes to form with error message
}
else{
$passwordcheck=mysql_result($result,0,"password");
if ($pass != $passwordcheck){
include("signininc.html"); //goes to form with error message
}
else{
$folder=mysql_result($result,0,"folderid");
include("$folder/$folder.html");
}
}
?>
Any help is much appreciated, I've been stuck a whole day on this.
Chris
Re: $_POST not working after first time through
Posted: Fri Jan 08, 2010 4:02 pm
by parino_esquilado
the $_POST variables are unset once you navigate away or whatever.
Re: $_POST not working after first time through
Posted: Fri Jan 08, 2010 4:07 pm
by chris8421
I get that they are unset, the problem is then when I return to this script through the same form less than 20 seconds later they dont get set again, if that makes sense.
Re: $_POST not working after first time through
Posted: Fri Jan 08, 2010 4:13 pm
by parino_esquilado
chris8421 wrote:I get that they are unset, the problem is then when I return to this script through the same form less than 20 seconds later they dont get set again, if that makes sense.
do you have a link that I could see what you mean?
Re: $_POST not working after first time through
Posted: Fri Jan 08, 2010 9:48 pm
by manohoo
Post the code of signininc.html
Re: $_POST not working after first time through
Posted: Sat Jan 09, 2010 12:02 am
by Weiry
Try this updated code, there is no need to do multiple checks for username and password etc.
Code: Select all
<?php
include("dbinfo.inc.php");
$connection = mysql_connect($myhostname,$myusername,$mypassword);
mysql_select_db($database, $connection) or die( "Unable to select database");
$query = "SELECT * FROM `userinfo` WHERE `username`='{$_POST['username']}' AND `password` = '{$_POST['password']}'";
$result = mysql_query($query, $connection);
mysql_close($connection);
if (!$result || empty($result)){
print "{$_POST['username']}, {$_POST['password']}";
include("signininc.html");
}else{
$folder = mysql_result($result,0,"folderid");
include("$folder/$folder.html");
}
?>
In a way, only returning a single error if the username or password is incorrect can be better as it can help prevent unauthorized login's as the user will not know if the username is correct or if the password is wrong.
But as for your 20 second delay, im not 100% sure what could be causing it, although there could be a possibility that because your opening and closing a mysql connection each time the page loads, the web server its hosted on may have some sort of timeout before a new connection is made.
Try commenting out the mysql_close($connection) line and see if that makes a difference. The downside to this is that your leaving your mysql connection open.
Re: $_POST not working after first time through
Posted: Sat Jan 09, 2010 5:14 am
by MichaelR
Don't use the code above as it is. You need to escape the $_POST data before you pass it through an SQL query.
Re: $_POST not working after first time through
Posted: Sat Jan 09, 2010 8:47 pm
by Weiry
MichaelR wrote:Don't use the code above as it is. You need to escape the $_POST data before you pass it through an SQL query.
"Need" is not entirely correct. It depends on the situation and whether you want to allow special characters.
Older username systems and password systems don't allow users to have ' " \ characters as a part of their information.
However, newer systems are allowing users to use special characters in passwords which would need to be escaped.
If escaping did need to be done, you would first pass the information through some sort of validation class which you could then return a addslashes($str) string.
Re: $_POST not working after first time through
Posted: Sat Jan 09, 2010 9:38 pm
by Eran
You should * always * escape user input, and this has nothing to do with special characters. As it stands, this query is extremely vulnerable to SQL injection attacks and even non-malicious input can easily break it.
Re: $_POST not working after first time through
Posted: Mon Jan 11, 2010 11:51 am
by chris8421
Thank you for all the replies over the weekend. I have updated the code to escape the $_POST data and to check username and password simultaneously, but I am still getting the same problem. I also get this error message that I think might help figure this out:
If I enter a username or password that is incorrect and then go back and try to reload the first sign in page right away this message shows up:
Method Not Implemented
username=oji&password=mobileGET to /MU/signin.html not supported.
Invalid method in request username=oji&password=mobileGET /MU/signin.html HTTP/1.1
I think the way I am incorporating the html with the php script might not be the right way of going about this. I have the initial signin.html page that is basically this form in the body:
Code: Select all
<form action="sessionstart.php" method="post">
Username<br>
<input type="text" name="username" size="15">
<br>
Password<br>
<input type="password" name="password" size="15">
<br>
<input type="Submit" value="Sign In">
</p>
</form>
then heres my updated sessionstart.php:
Code: Select all
<?php
include("dbinfo.inc.php");
$connection = mysql_connect($hostname,$username,$password);
mysql_select_db($database) or die( "Unable to select database");
$query = sprintf("SELECT * FROM userinfo WHERE username='%s' AND password='%s'",
mysql_real_escape_string($_POST['username']),
mysql_real_escape_string($_POST['password']));
$result=mysql_query($query, $connection);
$num=mysql_numrows($result);
//mysql_close($connection);
if ($num == 0){
include("signininc.html");
}
else{
$folder=mysql_result($result,0,"folderid");
include("$folder/$folder.html");
}
?>
then my signininc.html is basically the same as the signin.html except for the text saying the username or password is incorrect:
Code: Select all
<b><small><font color="#FF0000">Username or Password is Incorrect - Try Again</font></small></b><br>
<form action="sessionstart.php" method="post">
Username<br>
<input type="text" name="username" size="15">
<br>
Password<br>
<input type="password" name="password" size="15">
<br>
<input type="Submit" value="Sign In">
</p>
</form>
So the error message pops up only when I go back and try to reload the signin.html page after entering already entering a username and password. Any ideas?
Thanks again for the previous responses!
Chris
Re: $_POST not working after first time through
Posted: Tue Jan 12, 2010 11:46 am
by chris8421
I changed everything to GET instead of POST and it works! I guess I need to go learn the details of the differences between the two...