PHP form redisplayed

HMoni · February 11, 2020, 12:41am

Hello, I’ve started to learn PHP and I have a .htm page where is simple form, you have to introduce your name, email etc but at the end you have to input username, password and password confirmation. And when you press submit, it should open my .php file where the name, email and all the fields are displayed except the password. Basically it shows all the data the were entered in the form.
But if the passwords don’t match, the form should be redisplayed with an error message that says “Passwords don’t match” and all the fields should be repopulated with the previous data, just the passwords field should be blank.
I wrote this code in my .php file and it redisplays the form, but all the fields are blank.

<?php
	$password1 = $_POST["password"];
	$password2 = $_POST["confirmpassword"];
	if ($password1 != $password2)
	{
		header("Location: ".$_SERVER['HTTP_REFERER']); 
		exit; 
	}
?>

Does anyone know how to display the error message and to repopulate the fields that were completed?
Thank you.

Strider64 · February 11, 2020, 3:15am

You would be better off checking to see if the user has enter the correct information BEFORE they click the submit button. Something like Javascript where it can check it on the client side then when the information is correct they can continue. CAUTION - You will still need to do some PHP Validation on the server side to make sure the information is still correct as the person could have Javascript disable or are up to no good. Though in that case you don’t have to be verbose (and show them all the information, but maybe with a message to them that says something like “Username or Password don’t match”, but never go into details why. Though you still can, but I find it a little bit of a hassle and most people will think that you’re not with the latest website development techniques.

I also think you need to get a better grasp on PHP language also. You are also trying to do something on a backend programming language when it should be done on a client-side programming language like Javascript.

HMoni · February 11, 2020, 10:24am

Sorry I didn’t mention, but this is just an exercise I have to do for my Application Development module and I have to do all the process with redisplaying the form, repopulate the fields and show the error message. I think they want us to learn how to do these things, but I couldn’t find a solution.

astonecipher · February 11, 2020, 3:15pm

They are learning. Let the start slow!

astonecipher · February 11, 2020, 3:21pm

What have you gone over so far?

The easiest way to deal with this is through a GET message in the uri. However, because you are using a html page, that will not work, they can’t be dynamic without adding phtml.

Change your htm page to a php file. Then you can pass values through the url using $_GET.

header("Location: page.php?msg="passwords_do_not_match");

and on the previous page, you access that message through the $_GET super global.

if(isset($_GET['msg'])) // they have been here before. Show a message
{
    $msg = "Your passwords do not match";
}
?>

// html stuff
<?php if(isset($msg)) echo $msg; ?>

HMoni · February 16, 2020, 3:56am

Thank you for your answer. We’ve learned some syntax, when to use the dollar sign, how to create a form and combine html with php, about HTTP requests methods. In the last lecture she told us about storing information with Hidden form fields, URI Modification and Cookies.
So my solution was to put every value entered in a Cookie and also to create a cookie in case the passwords don’t match.
After I changed the file to a php on, I could use the cookies to repopulate the form that was redisplayed and to shiw an error message.

astonecipher · February 16, 2020, 4:10am

The downside of cookies is a user can change their values, because they are stored in the clients storage, not the servers. Just FYI

phdr · February 16, 2020, 11:36am

Keep It Simple (KISS) and Don’t Repeat Yourself (DRY.) Programming is already a tedious, error prone, typing task. You should look for the simplest solution, that doesn’t have you adding logic in multiple places to accomplish a task.

The simplest and safest overall solution is to have the form processing and the form on the same page. Also, since you are redirecting, using the http refer(r)er, to accomplish this, with the existing form data and any error messages coming with the request, you are open to a phishing site stealing your user’s data, then redirecting to your site.