using a PHP function defined within a INCLUD file, within a HTML Form

Allison

Hi,

I am fairly new to PHP, and wondered if anyone could help me solve a little probem i have.

I have a INCLUDE file containing my commonly used PHP functions, and i wish to call one of the functions within the ACTION= clause of a HTML form.

this is the code snippet i have so far:

Please log in.<br/>
Username: <input name="username" type="text" /><br />
Password: <input name="password" type="password" /><br/>
<input name="submit" type="submit" />

</form>

where mylib.php is my library, and validate_user is the funcion i wish to call.

kindest
Allison 😕

djjjozsi

<?php
session_start();  //lets start a session
if(isset($_POST))
{
include("myLib.php");
$valid=validate_user($_POST["username"],$_POST["password"]);

/*   and validate function gives you back true if the user wrote a correct password and username*/

if($valid==true)
$_SESSION["logged_in"]="1";
else
$_SESSION["logged_in"]="0";
}


if($_SESSION["logged_in"]=='1')
print "You logged in...go to the restricted page<a href=\"user_details.php\"> Click</a>";


?>
<form method="post"  action="?">

   Please log in.<br/>
   Username: <input name="username" type="text" /><br />
   Password: <input name="password" type="password" /><br/>
   <input name="submit" type="submit" />

</form>

Allison

Thank you soo much... it all seems so simple

Allison

laserlight

You would do well to properly check that both $POST['username'] and $POST['password'] are set before using them. Oh, and indentation makes your code more readable:

<?php
session_start();  //lets start a session

if (isset($_POST['username'], $_POST['password']))
{
    include 'myLib.php';

// validate function returns true if the user provided a correct password and username
$_SESSION['logged_in'] = validate_user($_POST['username'], $_POST['password']);
}

if ($_SESSION['logged_in'])
{
    print 'You logged in...go to the restricted page<a href="user_details.php"> Click</a>';
}

?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">

   Please log in.<br/>
   Username: <input name="username" type="text" /><br />
   Password: <input name="password" type="password" /><br/>
   <input name="submit" type="submit" />

</form>

Note that I have discarded the temporary $valid variable as you can use $_SESSION['logged_in'] directly (though now it properly contains boolean values, but that is fine). Also, I have made the action attribute of the form actually point to the current page.

Strictly speaking, you should not start a session until the user has been successfully authenticated in order to avoid giving valid session identifiers to potential attackers.