NoUser2U Posted December 1, 2010 Share Posted December 1, 2010 Hi there,For practice i'm trying to create a login-system, but since i'm quite new to website creations, I have some questions regarding website-outline in general.For example, my current 'site' has 3 links:- home- registration- loginThe registration link contains a form, where u can input info. (i save the user-info into a .txt file using php because i don't know how to use MySQL yet )Now here come's my problem:The registration proces goes like this:1) fill out form on the registration page2) let user verify/check his info3) user-verification done? complete registrationSo when a user clicks on the - registration link, he'll see the form and can fill in his info. Then, after submitting, i have the form's "action" attribute set to an other page, where i use $_POST[''] (php) to print the user-submitted information on the screen so the user can check his information. Finally, if the user is happy with his info, he can accept it, and this leads to an other page where the users sees the message "Registration complete" and his info is saved into the .txt file.So, for these 3 'processes' I have 3 seperate webpages. Is this the correct way to do it? (that is: usering 3 seperate pages for the 'registration-page', the 'verify' page, and the 'registration complete!' page).To me, it looks like i'm doing it the hard way, like there is a 'shorter' route. For example, using all 3 above descriped processes within 1 page. But i'm not sure if that method 'exists'...so please verify the way i'm doing it. Any tips & advice is verry welcomeMuch thnx in advance !! Link to comment Share on other sites More sharing options...
Dilated Posted December 2, 2010 Share Posted December 2, 2010 So, for these 3 'processes' I have 3 seperate webpages. Is this the correct way to do it? (that is: usering 3 seperate pages for the 'registration-page', the 'verify' page, and the 'registration complete!' page).I imagine you mean you have 3 separate php files (multiple web pages can be generated from a single php file). No, that's not typically how most people would do it.One php file (registration.php for example) could look like this:<?phpif (!$_POST || isset($_POST['revise'])) { //user inputs registration info here and clicks the submit button named "preview"} else { if (isset($_POST['preview'])) { //display the user's info here - have a button named "revise" to allow the user to go back and revise their details //also have a submit button named "complete" } elseif (isset($_POST['complete'])) { //save user's info to a file echo('Registration Completed!'); }}?> I think I should also mention, if you're going to be saving user info to files, make sure the files aren't in a public directory. Most people would recommend a DB for login system like this. Link to comment Share on other sites More sharing options...
NoUser2U Posted December 2, 2010 Author Share Posted December 2, 2010 I imagine you mean you have 3 separate php files (multiple web pages can be generated from a single php file). No, that's not typically how most people would do it.One php file (registration.php for example) could look like this:<?phpif (!$_POST || isset($_POST['revise'])) { //user inputs registration info here and clicks the submit button named "preview" XXXXX} else { if (isset($_POST['preview'])) { //display the user's info here - have a button named "revise" to allow the user to go back and revise their details //also have a submit button named "complete" } elseif (isset($_POST['complete'])) { //save user's info to a file echo('Registration Completed!'); }}?> Thnx for your post Dilated, but i don't understand some things about the code u wrote, mostly about the statements in the first if() which has '!$_POST || isset($_POST['revise'])' inside it. To what is !$_POST referring? And to what does $_POST['revise']? Is 'revise' some input assigned in an other form on an other page?? And how about !$_POST which has no squared brackets?I dó know that "if(!$_POST || isset($_POST['revise']))" means "if $_POST is nót 1 (not set) OR $_POST['revise'] is set" (correct me if i'm wrong though).....but i don't understand to what they are referring.Also, when writing the form in the place where XXXXX is in the above code, what should the form's "action" attribute be if I want to use the forms input values in the sáme page? Link to comment Share on other sites More sharing options...
ShadowMage Posted December 2, 2010 Share Posted December 2, 2010 Thnx for your post Dilated, but i don't understand some things about the code u wrote, mostly about the statements in the first if() which has '!$_POST || isset($_POST['revise'])' inside it. To what is !$_POST referring? And to what does $_POST['revise']? Is 'revise' some input assigned in an other form on an other page?? And how about !$_POST which has no squared brackets?I dó know that "if(!$_POST || isset($_POST['revise']))" means "if $_POST is nót 1 (not set) OR $_POST['revise'] is set" (correct me if i'm wrong though).....but i don't understand to what they are referring.More specifically, it means "if $_POST is false OR $_POST['revise'] is set"Look at the [/url=http://us.php.net/manual/en/language.types.boolean.php]boolean reference page[/url] for details on comparing and converting to boolean values. Basically if it's an empty string (''), 0 (zero), null, undefined, or an empty array it will evaluate to false.As for the $_POST['revise'], Dilated explained that://display the user's info here - have a button named "revise" to allow the user to go back and revise theirMeaning that if they click the button to revise their info, a $_POST value will be set named 'revise' (hence $_POST['revise']) and if that value is present you want to show the form again and let the user change their info.Also, when writing the form in the place where XXXXX is in the above code, what should the form's "action" attribute be if I want to use the forms input values in the sáme page?The action will be blank. A blank action means the form should submit to itself. Link to comment Share on other sites More sharing options...
NoUser2U Posted December 4, 2010 Author Share Posted December 4, 2010 ***** EDIT *****Thnx for the clarification Shadowmage . I wrote a test-program to test it out. And this is exactly what the testprogram consists of, see below: <?phpif(!$_POST || isset($_POST['revise'])){ echo "<form method=\"POST\" action=\"\">"; echo "Input name: <input type=\"text\" name=\"username\">"; echo "<input type=\"submit\" value=\"preview\" name=\"preview\">"; echo "</form>";} elseif(isset($_POST['preview'])){ echo "<form method=\"POST\" action=\"\">"; echo "Your name is: " . $_POST['username']; echo "<input type=\"submit\" value=\"revise\" name=\"revise\">"; echo "<input type=\"submit\" value=\"Submit!\" name=\"complete\">"; echo "</form>";} elseif(isset($_POST['complete'])){ echo "Registration is complete!";}?> Is this "correct" code? It works though as expected, but can somebody evaluate? Are there any unnecessary things in it or things which may be unsafe to use on the web? Thnx in advance! :)PS: i think this is going more towards PHP than HTML....so maybe a mod can move this thread to the correct forum? Link to comment Share on other sites More sharing options...
Dilated Posted December 6, 2010 Share Posted December 6, 2010 Is this "correct" code? It works though as expected, but can somebody evaluate? Are there any unnecessary things in it or things which may be unsafe to use on the web? Thnx in advance! You have the basic idea down, yeah, that looks good. Now all you need to do is add all the other form fields you want the user to fill out. Once you get that done, you're going to need to add some form validation, to make sure they didn't skip any required fields or fill them out improperly.edit: also, I would ammend your code a bit:<?phpif(!$_POST || isset($_POST['revise'])){ echo "<form method=\"POST\" action=\"\">"; echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">"; echo "<input type=\"submit\" value=\"preview\" name=\"preview\">"; echo "</form>";} elseif(isset($_POST['preview'])){ echo "<form method=\"POST\" action=\"\">"; echo "Your name is: " . $_POST['username']; echo "<input type=\"hidden\" value=\"".htmlspecialchars($_POST['username'])."\" name=\"username\">"; echo "<input type=\"submit\" value=\"revise\" name=\"revise\">"; echo "<input type=\"submit\" value=\"Submit!\" name=\"complete\">"; echo "</form>";} elseif(isset($_POST['complete'])){ echo "Registration is complete!";}?> That will ensure that the username (or other form fields you might add) will get passed from the preview page, back to the original/revise page so it can be displayed, and it also passes the username to the final "complete" page where it can be processed and thrown into a DB or what have you.edit: also forgot to mention, whenever you're outputting any value originally input by a user to a page, its pretty necessary to escape it first by using htmlspecialchars(). Link to comment Share on other sites More sharing options...
NoUser2U Posted December 7, 2010 Author Share Posted December 7, 2010 <?phpif(!$_POST || isset($_POST['revise'])){ echo "<form method=\"POST\" action=\"\">"; echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">"; echo "<input type=\"submit\" value=\"preview\" name=\"preview\">"; echo "</form>";} elseif(isset($_POST['preview'])){ echo "<form method=\"POST\" action=\"\">"; echo "Your name is: " . $_POST['username']; echo "<input type=\"hidden\" value=\"".htmlspecialchars($_POST['username'])."\" name=\"username\">"; echo "<input type=\"submit\" value=\"revise\" name=\"revise\">"; echo "<input type=\"submit\" value=\"Submit!\" name=\"complete\">"; echo "</form>";} elseif(isset($_POST['complete'])){ echo "Registration is complete!";}?> That will ensure that the username (or other form fields you might add) will get passed from the preview page, back to the original/revise page so it can be displayed, and it also passes the username to the final "complete" page where it can be processed and thrown into a DB or what have you.edit: also forgot to mention, whenever you're outputting any value originally input by a user to a page, its pretty necessary to escape it first by using htmlspecialchars(). Thnx for verifing the code Dilated. I was aware of 'processing' the user-input to make sure it is filled out correctly and doesn't contain incorrect information (for example, html code inputted in an input-field).But there are 2 things i don't understand:1. echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">"; About the above, i dont understand why you added the ($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username']). Adding the htmlspecialchars($_POST['username']) in the value-attribute is clear to me (to display the information the user previously inputted, while 'correcting' the coded with htmlspecialchars if it contained bad input). But why did you precede te value-attribute with $_POST['username'] ? "???2. echo "<input type=\"hidden\" value=\"".htmlspecialchars($_POST['username'])."\" name=\"username\">"; And 2, i don't understand the type=hidden attribute. Now i did some research and i found this:"Hidden fields are similar to text fields, with one very important difference!The difference is that the hidden field does not show on the page. Therefore the visitor can't type anything into a hidden field, which leads to the purpose of the field:To submit information that is not entered by the visitor.".But i don't understand why you inserted in my case...Inputting the username for preview is done by echo "Your name is: " . $_POST['username'];" after all...so what is the added value of the hidden input field.Could you explain these 2 things? Much thnx in advance! Link to comment Share on other sites More sharing options...
ShadowMage Posted December 7, 2010 Share Posted December 7, 2010 1. echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">"; About the above, i dont understand why you added the ($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username']). Adding the htmlspecialchars($_POST['username']) in the value-attribute is clear to me (to display the information the user previously inputted, while 'correcting' the coded with htmlspecialchars if it contained bad input). But why did you precede te value-attribute with $_POST['username'] ? "??? That's what is known as a ternary statement. It's a shortened form of an if/else structure. The full form looks like this:echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">";(...condition...)?"value if true":"value if false";Expand that out to use an if else structure and you'd end up with something like this:echo "Input name: <input type=\"text\" name=\"username\"";if ($_POST['username']) {echo " value=\"".htmlspecialchars($_POST['username'])."\"";} else {echo "";}echo ">";2. echo "<input type=\"hidden\" value=\"".htmlspecialchars($_POST['username'])."\" name=\"username\">"; And 2, i don't understand the type=hidden attribute. Now i did some research and i found this:...But i don't understand why you inserted in my case...Inputting the username for preview is done by echo "Your name is: " . $_POST['username'];" after all...so what is the added value of the hidden input field. The echo that prints out the username doesn't create any form input. With no form inputs, no values will be submitted to PHP. So that's why he used a hidden input, so the username would be submitted when the user submits the form. The same could have been done if you would echo "Your name is: <input type='text' value='".$_POST['username']."' />"However you probably don't want to show an input on the confirmation page, so that's why he chose the method he did. Link to comment Share on other sites More sharing options...
Dilated Posted December 7, 2010 Share Posted December 7, 2010 Yeah, what ShadowMage said.The hidden input is there to carry the username from the preview page to the completed page (or back to the revision/first page to display what the username is currently set to). Link to comment Share on other sites More sharing options...
NoUser2U Posted December 11, 2010 Author Share Posted December 11, 2010 That's what is known as a ternary statement. It's a shortened form of an if/else structure. The full form looks like this:echo "Input name: <input type=\"text\" name=\"username\"".($_POST['username'] ? " value=\"".htmlspecialchars($_POST['username'])."\"" : "").">";(...condition...)?"value if true":"value if false";Expand that out to use an if else structure and you'd end up with something like this:echo "Input name: <input type=\"text\" name=\"username\"";if ($_POST['username']) {echo " value=\"".htmlspecialchars($_POST['username'])."\"";} else {echo "";}echo ">";Wow thnx!! Now i remember about abbreviated if/else structure (i have a PHP book i read it about a while ago, but the book recommended to use the full form of the if/else structure if the reader is a beginner, which i am ).Thnx for clarifying, it is completely clear to me now! The echo that prints out the username doesn't create any form input. With no form inputs, no values will be submitted to PHP. So that's why he used a hidden input, so the username would be submitted when the user submits the form. The same could have been done if you would echo "Your name is: <input type='text' value='".$_POST['username']."' />"However you probably don't want to show an input on the confirmation page, so that's why he chose the method he did. Yeah, what ShadowMage said.The hidden input is there to carry the username from the preview page to the completed page (or back to the revision/first page to display what the username is currently set to).Aaaah i see. At first, it was not clear to me why it was implemented in my case. So i just copied the code and ran it with and without the line that contains the hidden input field, and it is completely clear to me now! I didn't understand to whát the hidden input field will get submitted...but now i saw that without the line containing the hidden input field, the 'inputted' value will NOT get submitted to the 'edit-page' where the user can edit his info .Thank you both a lot for helping me out! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.