1

Basically, I'm trying to create a login system, and I'm using it what I call "Dynamically" meaning it's included from my other files, and if I wanted to use a different database I would simply pass that database to the login function. I know how to do this by default, but as soon as using a button came in I got a little confused.

Here's what I have in it's most basic form.

<?php
    createLogin('test', 'test2');

    function createLogin($SQLConnection, $SQLConfig) { 
        echo "<h1> You are currently not logged in!</h1>";
        echo "<form action='handleLogin(".$SQLConnection.",".$SQLConfig.") method='post'>";
        echo "<div align='center'>";
        echo "<table style='width: 475px'>";
        echo "<thead>";
        echo "<th>";
        echo "<tr>Enter your e-mail and password.</tr>";
        echo "</th>";
        echo "</thead>";
        echo "</table>";
        echo "<input type='submit' value='Login' />";
        echo "</form>";
    }

    function handleLogin($foo, $bar) {
        echo $foo . " || " . $bar;
    }
?>

When I click the submit button however, it simply takes me here...

http://localhost/handleLogin%28test,test2%29%20method=

Now, I read about using Javascript to do this, and to do something like 

<script>
    function processLoginRequest($SQLConnection, $SQLConfig) {
        alert("<?php handleLogin($SQLConnection, $SQLConfig) ?>");
    }
</script>

Then I could use 

echo "<form action='processLoginRequest(".$SQLConnection.",".$SQLConfig.") method='post'>";

However, the code causes the entire php script to die. (Without error?)

Improve this question
2
  • PHP = server side, HTML/JS = client side. Hence PHP will be outputted before your webpage is rendered. Commented May 29, 2014 at 4:57
  • You are missing a bunch of quotes when you are printing out JS with PHP. This is wrong: processLoginRequest(".$SQLConnection.",".$SQLConfig."). This is correct: processLoginRequest('".$SQLConnection."','".$SQLConfig."') Commented May 29, 2014 at 4:58

3 Answers 3

Reset to default
1

You're using action incorrectly, and the result is as expected. action stores the page to which the form will be submitted. So, yes, when you hit submit it is trying to take you to a page called handleLogin%28test,test2%29%20method= because that is what your action says to do.

What you can do is simply leave the action blank, which will submit the form to the current page. Then, on that page, check if the form has been submitted, and if so, call your function.

Inside the function that creates the form make these changes:

function createLogin() { 
    ...
    echo "<form action='' method='post'>";
    ....
    echo "<input type='submit' value='Login' name='login'/>";
}

Then, at the top of the page that renders the form, add something like this:

// Check if login form has been submitted - if so, handle
if (isset($_POST['login'])) {
    handleLogin($SQLConnection, $SQLConfig);
}

// Render login form. No need to pass config parameters here.
createLogin();

If you really want to keep everything in a single function, I suppose you could also do it like this:

function createLogin($SQLConnection, $SQLConfig) { 
    if (isset($_POST['login'])) {
        handleLogin($SQLConnection, $SQLConfig);
    }
    else {
        echo "<h1> You are currently not logged in!</h1>";
        echo "<form action='' method='post'>";
        echo "<div align='center'>";
        echo "<table style='width: 475px'>";
        echo "<thead>";
        echo "<th>";
        echo "<tr>Enter your e-mail and password.</tr>";
        echo "</th>";
        echo "</thead>";
        echo "</table>";
        echo "<input type='submit' value='Login' name='login'/>";
        echo "</form>";
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, I guess I was overthinking it.
1

You do NOT want to pass your SQL Configuration parameters back to JavaScript, because anyone can look at your JavaScript code when they browse your page, and then they'll have everything they need to connect and play around in your database.

You will have to pass some kind of flag to your form, to let your PHP code know (when it receives the form's data later) what kind of SQL settings it should use.

Example:

<form method="POST" ...>
    <type input="hidden" name="loginMode" value="<?php echo $loginMode; ?>" />
</form>

Again, don't pass any sensitive data in there, just have some kind of unique value like "mySql" for $loginMode or the other options.

And then, when you're handling the HTTP POST in your PHP:

if ($_POST['loginMode'] == 'mySql') 
{ 
    // ... create connection based on $SQLConnection, $SQLConfig
}
else if ($_POST['loginMode'] == 'otherMethod') ...
Improve this answer

Comments

0

Your JavaScript is probably failing because of the the contents of $SQLConnection and $SQLConfig. If you have a double quote in them it would fail.

Also designing and implementing a safe and robust login system is actually pretty difficult and you should opt using a framework that has been tested over time.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.