...

View Full Version : Self submit form problem



Peuplarchie
07-26-2008, 10:42 PM
Good day to you all,
I'm working on a php text based login script.
I'm at building the script to add, delete or edit account.

Here my problem :
When I enter a name password, it add it twice to the txt file.
Also, it oly add the ame of the field and not it value.


Here's my code :



<?php


$username = $_POST['username'];
$password = $_POST['password'];
$url = $_POST['url'];

function add_user($user,$url,$pass)
{
$fopen = fopen('info.text', 'a');
fwrite($fopen, "\n,'".$user."' => '".$url."' => '".$pass."'");
fclose($fopen);
}

add_user('username','password','url');
?>


<html>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<select name="url">
<option value="Director/index.php">Director</option>
<option value="Admin/index.php">Admin</option>
<option value="User/index.php">User</option></select><br />

<input type="submit" /><br />


</form>


Preview:<br />
<?php if(isset($_POST['html'])) echo stripslashes($_POST['html']); ?>




</body>
</html>




Thanks !
Take care !

Fou-Lu
07-27-2008, 02:19 AM
Lets see if I can help explain.
The multiple entries are due to controlling you're post. Since its a self referencing form (no problem with that), it still attempts to execute the writte even if it hasn't been submitted. Thats why you have multiple entries.
The username/password/url appears without values because you are not providing it with values, as seen here:


add_user('username','password','url');

These are string values, not parsable variables. Here's how to kill both with one stone:


<?php

function add_user($user,$url,$pass)
{
$fopen = fopen('info.text', 'a');
fwrite($fopen, "\n,'".$user."' => '".$url."' => '".$pass."'");
fclose($fopen);
}

if (isset($_POST['submit']))
{
$username = isset($_POST['username']) ? trim($_POST['username']) : '';
$password = $_POST['password'] ? trim($_POST['password']) : '';
$url = isset($_POST['url']) ? trim($_POST['url']) : '';
if (empty($username) || empty($password) || empty($url))
{
print("<div>Username, password and url must be selected!</div>\n");
}
else
{
add_user($username, $password, $url);
}
}
?>

<html>
<body>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<select name="url">
<option value="Director/index.php">Director</option>
<option value="Admin/index.php">Admin</option>
<option value="User/index.php">User</option></select><br />

<input name="submit" type="submit" /><br />


</form>


Preview:<br />
<?php if(isset($_POST['html'])) echo stripslashes($_POST['html']); ?>




</body>
</html>

The form needs one change, the submit must be given the name 'submit'. And I'd recommend using $_SERVER['SCRIPT_NAME'] for you're form action; $_SERVER['PHP_SELF'] is XSS exploitable.

Hope that helps.

Peuplarchie
07-27-2008, 08:59 AM
Thanks I have figured out with your help, that was exactly what was needed.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum