Re: [PHP] Form Already Filled Out
On 08/05/2011 12:43 AM, wil prim wrote:
Hello, S i created a simple login system, and I am using sessions
Everything
seems to work fine, however; when I upload my files to my server and type my
domain name my index.php page comes up and the form is automatically filled
out
with a username and password. How do i make it empty when I initially enter
the
site, and yes I did create a logout.php file that destroys a session. Please
help, it is hard to explain this when I cant show it in person. Thanks in
advance!
Here is the login.php code, i didn't md5() the password yet:
?php
if ($_SESSION['user'])
{
header(Location: error.php);
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql=SELECT * FROM members WHERE username='$_POST[user]' and
password='$_POST[pass]';
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo p style='color:red'Wrong Username or Password/p;
}
?
html
head
title/title
link href=style.css rel=stylesheet type=text/css /
/head
body
div id=main
div id=menu
ul
li
a href=#Home/a
/li
li
a href=#Topix/a
/li
li
a href=#Mission/a
/li
/ul
/div
div id='content'
form method='post' action='index.php'
Username: br/
input type='text' name='user' maxlength='30'/br/
Password: br/
input type=password name='pass' maxlength='30'/br/
input type=submit value=Log In! name=login/
/form
a href=register.html Register? /a
/div
/body
/html
Your browser is more than likely filling in the username and password
fields for you, automatically. Most modern browsers offer this
functionality by default. What you're looking for isn't relative to PHP.
Have you tried visiting your page from multiple browsers, to see if you
get the same results?
You could set the value of the username and password fields in the form
to NULL.
e.g.;
input type='text' name='user' value='' maxlength='30'/
input type=password name='pass' value='' maxlength='30'/
I doubt your visitors are going to encounter the same issue you are,
unless they allow their browser or some other 3rd party software to
automatically fill in the form values for them.
Another method would consist of using JavaScript, once the DOM is ready
(all elements rendered), have JavaScript reset the form values.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
Hi,
Use value=$_POST['user'] or sg like that because:
before send value eq null, after if returned -cause of a fail- the inputs
remain
also set *autocomplete=off* (at form) and if it doesn't work use js
to set null values to input boxes (add a name for ur form...)
Another way, use Google: javascript turn off autofill
be careful: http://www.php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.php
*Valentine*
On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote:
On 08/05/2011 12:43 AM, wil prim wrote:
Hello, S i created a simple login system, and I am using sessions
Everything
seems to work fine, however; when I upload my files to my server and type
my
domain name my index.php page comes up and the form is automatically
filled out
with a username and password. How do i make it empty when I initially
enter the
site, and yes I did create a logout.php file that destroys a session.
Please
help, it is hard to explain this when I cant show it in person. Thanks in
advance!
Here is the login.php code, i didn't md5() the password yet:
?php
if ($_SESSION['user'])
{
header(Location: error.php);
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql=SELECT * FROM members WHERE username='$_POST[user]' and
password='$_POST[pass]';
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo p style='color:red'Wrong Username or Password/p;
}
?
html
head
title/title
link href=style.css rel=stylesheet type=text/css /
/head
body
div id=main
div id=menu
ul
li
a href=#Home/a
/li
li
a href=#Topix/a
/li
li
a href=#Mission/a
/li
/ul
/div
div id='content'
form method='post' action='index.php'
Username: br/
input type='text' name='user' maxlength='30'/br/
Password: br/
input type=password name='pass' maxlength='30'/br/
input type=submit value=Log In! name=login/
/form
a href=register.html Register? /a
/div
/body
/html
Your browser is more than likely filling in the username and password
fields for you, automatically. Most modern browsers offer this
functionality by default. What you're looking for isn't relative to PHP.
Have you tried visiting your page from multiple browsers, to see if you
get the same results?
You could set the value of the username and password fields in the form
to NULL.
e.g.;
input type='text' name='user' value='' maxlength='30'/
input type=password name='pass' value='' maxlength='30'/
I doubt your visitors are going to encounter the same issue you are,
unless they allow their browser or some other 3rd party software to
automatically fill in the form values for them.
Another method would consist of using JavaScript, once the DOM is ready
(all elements rendered), have JavaScript reset the form values.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
if you want to force the browser to not be able to have this behaviour you
need the name tag to always change
a quick example would be that
?php // keep the name in session
$_SESSION['formRandomName']=time();
?
input type=password name=?php
echo $_SESSION['formRandomName'];?[password] /
2011/8/4 Bálint Horváth hbal...@gmail.com
Hi,
Use value=$_POST['user'] or sg like that because:
before send value eq null, after if returned -cause of a fail- the inputs
remain
also set *autocomplete=off* (at form) and if it doesn't work use js
to set null values to input boxes (add a name for ur form...)
Another way, use Google: javascript turn off autofill
be careful:
http://www.php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.php
*Valentine*
On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote:
On 08/05/2011 12:43 AM, wil prim wrote:
Hello, S i created a simple login system, and I am using sessions
Everything
seems to work fine, however; when I upload my files to my server and
type
my
domain name my index.php page comes up and the form is automatically
filled out
with a username and password. How do i make it empty when I initially
enter the
site, and yes I did create a logout.php file that destroys a session.
Please
help, it is hard to explain this when I cant show it in person. Thanks
in
advance!
Here is the login.php code, i didn't md5() the password yet:
?php
if ($_SESSION['user'])
{
header(Location: error.php);
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql=SELECT * FROM members WHERE username='$_POST[user]' and
password='$_POST[pass]';
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo p style='color:red'Wrong Username or Password/p;
}
?
html
head
title/title
link href=style.css rel=stylesheet type=text/css /
/head
body
div id=main
div id=menu
ul
li
a href=#Home/a
/li
li
a href=#Topix/a
/li
li
a href=#Mission/a
/li
/ul
/div
div id='content'
form method='post' action='index.php'
Username: br/
input type='text' name='user' maxlength='30'/br/
Password: br/
input type=password name='pass' maxlength='30'/br/
input type=submit value=Log In! name=login/
/form
a href=register.html Register? /a
/div
/body
/html
Your browser is more than likely filling in the username and password
fields for you, automatically. Most modern browsers offer this
functionality by default. What you're looking for isn't relative to PHP.
Have you tried visiting your page from multiple browsers, to see if you
get the same results?
You could set the value of the username and password fields in the form
to NULL.
e.g.;
input type='text' name='user' value='' maxlength='30'/
input type=password name='pass' value='' maxlength='30'/
I doubt your visitors are going to encounter the same issue you are,
unless they allow their browser or some other 3rd party software to
automatically fill in the form values for them.
Another method would consist of using JavaScript, once the DOM is ready
(all elements rendered), have JavaScript reset the form values.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Already Filled Out
On Thu, 2011-08-04 at 17:02 +0100, jean-baptiste verrey wrote:
if you want to force the browser to not be able to have this behaviour you
need the name tag to always change
a quick example would be that
?php // keep the name in session
$_SESSION['formRandomName']=time();
?
input type=password name=?php
echo $_SESSION['formRandomName'];?[password] /
2011/8/4 Bálint Horváth hbal...@gmail.com
Hi,
Use value=$_POST['user'] or sg like that because:
before send value eq null, after if returned -cause of a fail- the inputs
remain
also set *autocomplete=off* (at form) and if it doesn't work use js
to set null values to input boxes (add a name for ur form...)
Another way, use Google: javascript turn off autofill
be careful:
http://www.php.net/manual/en/security.database.sql-injection.php
http://php.net/manual/en/security.php
*Valentine*
On Thu, Aug 4, 2011 at 8:54 AM, James Yerge ja...@nixsecurity.org wrote:
On 08/05/2011 12:43 AM, wil prim wrote:
Hello, S i created a simple login system, and I am using sessions
Everything
seems to work fine, however; when I upload my files to my server and
type
my
domain name my index.php page comes up and the form is automatically
filled out
with a username and password. How do i make it empty when I initially
enter the
site, and yes I did create a logout.php file that destroys a session.
Please
help, it is hard to explain this when I cant show it in person. Thanks
in
advance!
Here is the login.php code, i didn't md5() the password yet:
?php
if ($_SESSION['user'])
{
header(Location: error.php);
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql=SELECT * FROM members WHERE username='$_POST[user]' and
password='$_POST[pass]';
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo p style='color:red'Wrong Username or Password/p;
}
?
html
head
title/title
link href=style.css rel=stylesheet type=text/css /
/head
body
div id=main
div id=menu
ul
li
a href=#Home/a
/li
li
a href=#Topix/a
/li
li
a href=#Mission/a
/li
/ul
/div
div id='content'
form method='post' action='index.php'
Username: br/
input type='text' name='user' maxlength='30'/br/
Password: br/
input type=password name='pass' maxlength='30'/br/
input type=submit value=Log In! name=login/
/form
a href=register.html Register? /a
/div
/body
/html
Your browser is more than likely filling in the username and password
fields for you, automatically. Most modern browsers offer this
functionality by default. What you're looking for isn't relative to PHP.
Have you tried visiting your page from multiple browsers, to see if you
get the same results?
You could set the value of the username and password fields in the form
to NULL.
e.g.;
input type='text' name='user' value='' maxlength='30'/
input type=password name='pass' value='' maxlength='30'/
I doubt your visitors are going to encounter the same issue you are,
unless they allow their browser or some other 3rd party software to
automatically fill in the form values for them.
Another method would consist of using JavaScript, once the DOM is ready
(all elements rendered), have JavaScript reset the form values.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Please don't top-post, the gremlins don't like it :)
Going back to Bálint's post, the autocomplete=off can be set either at
the form or form element (input) level. Bear in mind though that if you
do this, the HTML will not validate. This isn't normally an issue, and
may be an acceptable tradeoff for your website.
--
Thanks,
Ash
http://www.ashleysheridan.co.uk
[PHP] Form Already Filled Out
Hello, S i created a simple login system, and I am using sessions Everything seems to work fine, however; when I upload my files to my server and type my domain name my index.php page comes up and the form is automatically filled out with a username and password. How do i make it empty when I initially enter the site, and yes I did create a logout.php file that destroys a session. Please help, it is hard to explain this when I cant show it in person. Thanks in advance!Here is the login.php code, i didn't md5() the password yet: ?phpif ($_SESSION['user']){ header("Location: error.php"); exit();}include('connect.php');if ($_POST['login']){ $user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql, $con);$count=mysql_num_rows($result);if ($count==1){ $_SESSION['user'] = $user; header('location: home.php');}else echo "p style='color:red'Wrong Username or Password/p";}?html head title/title link href="" rel="stylesheet" type="text/css" / /head body div id="main" div id="menu" ul li a href=""Home/a /li li a href=""Topix/a /li li a href=""Mission/a /li /ul /div div id='content' form method='post' action='' Username: br/ input type='text' name='user' maxlength='30'/br/ Password: br/ input type="password" name='pass' maxlength='30'/br/ input type="submit" value="Log In!" name="login"/ /form a href="" Register? /a /div /body/html
Re: [PHP] Form Already Filled Out
Hmmm looks like you saved the password and your browser or OS may be filling
it for you.
Em 04/08/2011 01:42, wil prim wilp...@me.com escreveu:
Hello, S i created a simple login system, and I am using sessions.
Everything seems to work fine, however; when I upload my files to my server
and type my domain name my index.php page comes up and the form is
automatically filled out with a username and password. How do i make it
empty when I initially enter the site, and yes I did create a logout.php
file that destroys a session. Please help, it is hard to explain this when I
cant show it in person. Thanks in advance!
Here is the login.php code, i didn't md5() the password yet:
?php
if ($_SESSION['user'])
{
header(Location: error.php);
exit();
}
include('connect.php');
if ($_POST['login']){
$user=$_POST['user'];
$pass=$_POST['pass'];
$sql=SELECT * FROM members WHERE username='$_POST[user]' and
password='$_POST[pass]';
$result=mysql_query($sql, $con);
$count=mysql_num_rows($result);
if ($count==1){
$_SESSION['user'] = $user;
header('location: home.php');
}
else
echo p style='color:red'Wrong Username or Password/p;
}
?
html
head
title/title
link href=style.css rel=stylesheet type=text/css /
/head
body
div id=main
div id=menu
ul
li
a href=#Home/a
/li
li
a href=#Topix/a
/li
li
a href=#Mission/a
/li
/ul
/div
div id='content'
form method='post' action='index.php'
Username: br/
input type='text' name='user' maxlength='30'/br/
Password: br/
input type=password name='pass' maxlength='30'/br/
input type=submit value=Log In! name=login/
/form
a href=register.html Register? /a
/div
/body
/html
