Sign in to follow this  

[web] A Couple Of Basic Questions

This topic is 4353 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey guys, pretty new to this web stuff so here goes... I'm using PHP. 1. I have an HTML form for authoring something or other, right, but on pressing the submit button, how do i alert the user to the fact that he/she has not filled in the mandatory fields. Where do i perform the php code to verify? Could i do it like this: - Submit button submits the form to the same page ( itself ). - PHP code runs on this page to verify the contents of the fields and display messages accordingly. - If everything was ok, the php code forwards to the following page as if the user logged in ok. Actually i might have just solved the second one, haha. Thanks, Dave

Share this post


Link to post
Share on other sites
that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:

<?php
... // define verification function somewhere

if (!verify_user_login()) {
header('Location: https://your.domain/login.php');
exit; // {EDIT: <- doh, dont forget to exit here }
}

// private content
?>
...


The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.

Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use javascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.

good luck :)

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
the majority of sites i have seen use java script to do client side verification of data which'll catch 90% of problems, then submit to the server where you recheck everything.

Share this post


Link to post
Share on other sites
Quote:
Original post by jul_k
that's a possible solution. another one might be to forward the submit request immediately to the following page, check it there and refer back to the login page if login failed for any reason.
It's best to check every time any page as requested, that has restricted access, if the user is currently loged on. if the check fails, redirect to the login page (or insert login screen instead of private content). Call on top of your restricted pages some verification function:

<?php
... // define verification function somewhere

if (!verify_user_login()) {
header('Location: https://your.domain/login.php');
exit; // {EDIT: <- doh, dont forget to exit here }
}

// private content
?>
...


The user verification function can check the state of your login mechanism (session, db?), but also check any POST (login/logout) or GET (logout) data and handle it accordingly.
Maybe there's a better method but this basic setup works for me quite well.

Some other tips:
1) don't forget you'll want to use https instead of http protocol (some servers use for this private_html dir instead of public_html)
2) always use server side verification of client data, but it's good to use javascripts, maxsize HTML attributes, etc. for client side data verification aswell: less load on your server and faster for the clients.

good luck :)


TY, thats basically all i needed, how to redirect. Thanks

Share this post


Link to post
Share on other sites
I always use javascript for client side verification, to make sure certain fields are filled out etc. It's really simple to do and there are plenty of sites that have examples. It also reduces the work done by the server, but if it isn't a huge traffic site it probably doesn't mean much.

Share this post


Link to post
Share on other sites
That won't do. You can never trust what the client is sending to you. It's very easy to mess with javascript (heck, you can simply type in some javascript in the address bar on the page you that you want to manipulate). javascript checking isn't bad, but you still need to check it on the server as well.

Share this post


Link to post
Share on other sites

This topic is 4353 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this