I was a C/C++ programmer years ago and just started with php a couple of days ago so sorry if my question is a bit simple.
When I use an include blah.php, is that page actually run or just loaded for access to the functions. I was told that it was just loaded far access and that was it. But if that is true how does a - FORM using ACTION = blah2.php work.
I have just downloaded a php security script (LoginRedirect) and the code (to my way of thinking) is all over the place. I may be wrong and prejudging the code but it does not seem to follow logically. Please remember I am new to php and may be thinking too much like a C programmer. This script is what has me confused over the include and Action calls.
Thanks for any advice
Jeremy
Question regarding Include and ACTION
Moderator: General Moderators
Re: Question regarding Include and ACTION
An include simply includes a file to access data for your scripts (eg: classes, functions, etc.) Read more http://hk.php.net/include/ here. It is also good to store these outside of your local web directory for a little more security.
A form action is a predefined variable in PHP which can be called by using $_POST after a FORM is submitted. You can learn more about Predefined variables here http://hk.php.net/reserved.variables
A form action is a predefined variable in PHP which can be called by using $_POST after a FORM is submitted. You can learn more about Predefined variables here http://hk.php.net/reserved.variables
Re: Question regarding Include and ACTION
Thanks for the prompt reply. I have read the pages you posted, thanks.
I am still not sure of the functionality of the Form ACTION = blah.php. I understand POST and the variables situation but I think that is different to ACTION.
The code I have shows in blah.php something similar to the below. This must execute when called by the form as apposed to just loading it like in an include. This file is just code, no definitions etc.
eg. blah.php
<?php
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
session_start();
//require the functions file
require ("config.php");
require ("functions.php");
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql = "UPDATE $table_name SET `verified` = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the users acct has been activated by user
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
$_SESSION['views'] = 1;
header("Location:$_SESSION[redirect]");
?>
<head>
<title>Redirect</title>
</head>
I am still not sure of the functionality of the Form ACTION = blah.php. I understand POST and the variables situation but I think that is different to ACTION.
The code I have shows in blah.php something similar to the below. This must execute when called by the form as apposed to just loading it like in an include. This file is just code, no definitions etc.
eg. blah.php
<?php
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
session_start();
//require the functions file
require ("config.php");
require ("functions.php");
if ((!$lr_user) || (!$lr_pass))
{
$username = $_POST[username];
$password = $_POST[password];
}else{
$username = $lr_user;
$password = $lr_pass;
}
if ($_POST[activate] == "Yes")
{
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql = "UPDATE $table_name SET `verified` = '1' WHERE username = '$_POST[username]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
}
//sets session variables
sess_vars($base_dir, $server, $dbusername, $dbpassword, $db_name, $table_name, $username, $password);
//check to see if the user has to change their password
if ($_SESSION[pchange] == "1")
{
$_SESSION[redirect] = "$base_dir/pass_change.html";
}
//check to see if the users acct has been activated by user
if ($_SESSION[verified] == "0")
{
$_SESSION[redirect] = "$base_dir/not_activated.html";
}
//make the connection to the database
$connection = @mysql_connect($server, $dbusername, $dbpassword) or die(mysql_error());
$db = @mysql_select_db($db_name,$connection)or die(mysql_error());
//build and issue the query
$sql ="SELECT * FROM banned";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($sql = mysql_fetch_object($result))
{
$banned = $sql -> no_access;
if ($username == $banned || $REMOTE_ADDR == $banned)
{
include ('banned.html');
exit;
}
}
$last_log = last_login();
//updates table with last log as now
$sql = "UPDATE $table_name SET last_login = '$last_log' WHERE username = '$_SESSION[user_name]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
if (($_SESSION[redirect] != "$base_dir/errorlogin.html") && ($log_login == "1"))
{
include('loglogin.php');
}
//redirects the user
$_SESSION['views'] = 1;
header("Location:$_SESSION[redirect]");
?>
<head>
<title>Redirect</title>
</head>
Re: Question regarding Include and ACTION
A forms action attribute is where the form's data is sent to when a user presses 'Submit'
Also you should be using ' ' in your brackets so it would be something like
Also you should be using ' ' in your brackets so it would be something like
Code: Select all
$username = $_POST['username'];
$password = $_POST['password'];
- aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
Re: Question regarding Include and ACTION
Yes, a form's action simply allows you to specify a script you'd like to call when your form is submitted.
However, what is also quite useful is that you can leave the action"" blank and the form will submit to itself - and you can include variables within your form's action
e.g.
However, what is also quite useful is that you can leave the action"" blank and the form will submit to itself - and you can include variables within your form's action
e.g.
Code: Select all
echo'<form action="validate.php?id=' . $userId . ' ">';
Re: Question regarding Include and ACTION
Thanks for the help, I understand what is going on now. With the include the php file is just loaded for use as required, and with the form action the php file is actually executed.
Thanks for your help.
Thanks for your help.