Re: [PHP] Form Already Filled Out
On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
if you want to force the browser to not be able to have this behaviour you need the name tag to always change a quick example would be that ?php // keep the name in session $_SESSION['formRandomName']=time(); ? input type=password name=?php echo $_SESSION['formRandomName'];?[password] / 2011/8/4 Bálint Horváth hbal...@gmail.com Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
On Thu, 2011-08-04 at 17:02 +0100, jean-baptiste verrey wrote: if you want to force the browser to not be able to have this behaviour you need the name tag to always change a quick example would be that ?php // keep the name in session $_SESSION['formRandomName']=time(); ? input type=password name=?php echo $_SESSION['formRandomName'];?[password] / 2011/8/4 Bálint Horváth hbal...@gmail.com Hi, Use value=$_POST['user'] or sg like that because: before send value eq null, after if returned -cause of a fail- the inputs remain also set *autocomplete=off* (at form) and if it doesn't work use js to set null values to input boxes (add a name for ur form...) Another way, use Google: javascript turn off autofill be careful: http://www.php.net/manual/en/security.database.sql-injection.php http://php.net/manual/en/security.php *Valentine* On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote: On 08/05/2011 12:43 AM, wil prim wrote: Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html Your browser is more than likely filling in the username and password fields for you, automatically. Most modern browsers offer this functionality by default. What you're looking for isn't relative to PHP. Have you tried visiting your page from multiple browsers, to see if you get the same results? You could set the value of the username and password fields in the form to NULL. e.g.; input type='text' name='user' value='' maxlength='30'/ input type=password name='pass' value='' maxlength='30'/ I doubt your visitors are going to encounter the same issue you are, unless they allow their browser or some other 3rd party software to automatically fill in the form values for them. Another method would consist of using JavaScript, once the DOM is ready (all elements rendered), have JavaScript reset the form values. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Please don't top-post, the gremlins don't like it :) Going back to Bálint's post, the autocomplete=off can be set either at the form or form element (input) level. Bear in mind though that if you do this, the HTML will not validate. This isn't normally an issue, and may be an acceptable tradeoff for your website. -- Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Form Already Filled Out
Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance!Here is the login.php code, i didn't md5() the password yet: ?phpif ($_SESSION['user']){ header("Location: error.php"); exit();}include('connect.php');if ($_POST['login']){ $user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ $_SESSION['user'] = $user; header('location: home.php');}else echo "p style='color:red'Wrong Username or Password/p";}?html head title/title link href="" rel="stylesheet" type="text/css" / /head body div id="main" div id="menu" ul li a href=""Home/a /li li a href=""Topix/a /li li a href=""Mission/a /li /ul /div div id='content' form method='post' action='' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type="password" name='pass' maxlength='30'/br/ input type="submit" value="Log In!" name="login"/ /form a href="" Register? /a /div /body/html
Re: [PHP] Form Already Filled Out
Hmmm looks like you saved the password and your browser or OS may be filling it for you. Em 04/08/2011 01:42, wil prim wilp...@me.com escreveu: Hello, S i created a simple login system, and I am using sessions. Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance! Here is the login.php code, i didn't md5() the password yet: ?php if ($_SESSION['user']) { header(Location: error.php); exit(); } include('connect.php'); if ($_POST['login']){ $user=$_POST['user']; $pass=$_POST['pass']; $sql=SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'; $result=mysql_query($sql, $con); $count=mysql_num_rows($result); if ($count==1){ $_SESSION['user'] = $user; header('location: home.php'); } else echo p style='color:red'Wrong Username or Password/p; } ? html head title/title link href=style.css rel=stylesheet type=text/css / /head body div id=main div id=menu ul li a href=#Home/a /li li a href=#Topix/a /li li a href=#Mission/a /li /ul /div div id='content' form method='post' action='index.php' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type=password name='pass' maxlength='30'/br/ input type=submit value=Log In! name=login/ /form a href=register.html Register? /a /div /body /html