PHP cannot read POST sent by Javascript

Asked

Viewed 154 times

3

I am creating a login system for my site following this tutorial, but I have a problem when it comes to logging in. Apparently, the Javascript code does not pass the form parameters correctly. The login page code is:

function hex_sha512(value) {
    // apenas para simular
    return 'hashed-value';
}

function formhash(form, password) {
    // Crie um novo elemento de input, o qual será o campo para a senha com hash. 
    var p = document.createElement("input");

    // Adicione um novo elemento ao nosso formulário. 
    form.appendChild(p);
    p.name = "p";
    p.type = "hidden";
    p.value = hex_sha512(password.value);

    // Cuidado para não deixar que a senha em texto simples não seja enviada. 
    password.value = "";

    // Finalmente, envie o formulário.
    form.submit();
}
<form action="includes/process_login.php" method="POST" name="login_form">
  <div class="form-group">
    <input class="form-control" placeholder="E-mail" name="email" type="email" autofocus>
  </div>
  <div class="form-group">
    <input class="form-control" placeholder="Password" name="password" type="password" value="" id="password">
  </div>
  <div class="checkbox">
    <label>
      <input name="remember" type="checkbox" value="Remember Me">Remember Me
    </label>
  </div>
  <!-- Você também pode alterar este botão para um input como opção de envio -->
  <input type="button" value="Login" onclick="formhash(this.form, this.form.password, this.form.p);" class="btn btn-lg btn-success btn-block"/>
</form>

For some reason, when I test, on the page process_login.php, if the variables $_POST['email'] and $POST['p'] are set, it returns false, as if they were not set.

process_login.php:

    if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    $password = $_POST['p'];

    if (login($email, $password, $mysqli) == true) {
        // Login com sucesso
    } else {
        // Falha de login 
    }
} else {
    // As variáveis POST corretas não foram enviadas para esta página. 
    echo 'Invalid Request';
}

System always falls into "Invalid Request".

What could be?

  • The this refers to the current element, not only.

  • But when I do an Alert(form.name) or Alert(password.value) it returns the values correctly.

  • That’s because the form is general reference.

  • 1

    There is no problem in the codes you presented. What do you mean by "javascript does not send correctly"? By chance you are trying to rescue $_POST['password']? If that’s the case, you’re wrong $_POST['p'], which contains the encrypted password. This is the idea of the tutorial.

  • the code is correct, it seems that the problem is a typo: $POST['p'] should be $_POST['p'] (lacked a "_")

  • The code of the page is correct. It is only when writing there that I forget the "_". I added the code to the question for you to evaluate. Thank you very much!

  • if the code is correct, then should not give problem... for questions, give a print_r in $POST..

Show 2 more comments

1 answer

-1

Do you need to use Javascript? If you don’t need it, you can do the following:

Login page

<form action="includes/process_login.php" method="POST">
    <div class="form-group">
            <input class="form-control" placeholder="E-mail" name="email" type="email" autofocus>
    </div>
    <div class="form-group">
            <input class="form-control" placeholder="Password" name="password" type="password" value="" id="password">
    </div>
    <div class="checkbox">
      <label>
         <input name="remember" type="checkbox" value="Remember Me">Remember Me
     </label>
    </div>
     <!-- Você também pode alterar este botão para um input como opção de envio -->
     <button type="submit" class="btn btn-lg btn-success btn-block"/>Login</button>
</form>

Page: process_login.php

<?php
$email = $_POST['email'];
$password = $_POST['password'];
?>

This way, you are submitting the form with the POST method, and receiving the form inputs on the other page with the same method.

I use this way because I still do not know much the functions of JS and I believe that can meet your needs.

Just remembering that this way there is no hash, but apparently you already know how to do it. If you need more material, follows: How to hash passwords securely?

  • I use JS to hash the password, so I need it.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.