experchange > php

^Bart (01-04-20, 05:41 PM)
Hi guys,

I have this code in my html page:

<body>
<div id="login">
<form method="post" action="" name="login">
<div class="topnav" align="center">
<input type="text" name="usernameEmail" autocomplete="off"
placeholder="Email or Username"/>
<input type="password" name="password" autocomplete="off"
placeholder="Password"/>
<input type="submit" class="button" name="loginSubmit" value="Login">
<a href="#register">Sign Up</a>
<div class="errorMsg"><?php echo $errorMsgLogin; ?></div>
</form>
</div>
</body>

Now I have also php code above in the same file but I'd like to save php
code in an external file named for example login.php but I don't
understand what I should add in the html form to link it to the php's
file :\

Regards.
^Bart
Jerry Stuckle (01-04-20, 07:02 PM)
On 1/4/2020 10:41 AM, ^Bart wrote:
[..]
> file :\
> Regards.
> ^Bart


<?php require_once(xxxix); ?>

Where 'xxxix' is the location of your login.PHP file. Assuming your
file is in the directory 'include' which is one level BELOW your
server's document root this can be (in decreasing order of recommendation):

1. a path relative to your server's document root, i.e.
$_SERVER['DOCUMENT_ROOT' . '/../include/login.php'
2. a full path, i.e. '/var/www/include/login.php'
3. a path relative to your html file, i.e. '../include/login.php'

Your html would have to have a .php extension.
J.O. Aho (01-04-20, 07:02 PM)
On 04/01/2020 16.41, ^Bart wrote:
[..]
> code in an external file named for example login.php but I don't
> understand what I should add in the html form to link it to the php's
> file :\


Then use other ways to communicate, for example you can use ajax, so the
login form calls your login.php file, the login.php responses with a
status of the login attempt and your javascript will display the error
message or redirect to the next page if the login was correct.
Ben Bacarisse (01-04-20, 07:03 PM)
^Bart <gabriele1NOSPAM> writes:

[..]
> </div>
> </body>
> Now I have also php code above in the same file


You mean, I think, some more PHP code that you have not shown us because
there is some in the text you posted!

> but I'd like to save php code in an external file named for example
> login.php but I don't understand what I should add in the html form to
> link it to the php's file :\


PHP code is often "included" or "required" like this:

<?php include 'login.php' ?>

(read the documentation for include and require first, please).

However, this may not be what you are talking about at all, and I have a
feeling you are heading at full speed towards implementing another
unsafe login mechanism. What's the motivation here? Is this a college
exercise?
^Bart (01-11-20, 02:14 PM)
> <?php require_once(xxxix); ?>
> Where 'xxxix' is the location of your login.PHP file.  Assuming your
> file is in the directory 'include' which is one level BELOW your
> server's document root this can be (in decreasing order of recommendation):


Ok!

> Your html would have to have a .php extension.


But... some shared servers point to index.html so I'd like to have a
*.html file where I'd like to link an external *.php file...

^Bart
Tim Streater (01-11-20, 02:48 PM)
In article <qvce7b$c19$1>, ^Bart
<gabriele1NOSPAM> wrote:

>Ok!
>But... some shared servers point to index.html so I'd like to have a
>*.html file where I'd like to link an external *.php file...


You have to tell the server you want to include some PHP, and have that
PHP file be processed by the server. Depending on hw your server is
configured, this is often done by using a different extension on the
html file, such as .php or .phtml.
Jerry Stuckle (01-11-20, 05:45 PM)
On 1/11/2020 7:48 AM, Tim Streater wrote:
> In article <qvce7b$c19>, ^Bart
> <gabriele1NOSPAM> wrote:
> You have to tell the server you want to include some PHP, and have that
> PHP file be processed by the server. Depending on hw your server is
> configured, this is often done by using a different extension on the
> html file, such as .php or .phtml.


Most shared servers will also allow index.php - if they don't you should
find another hosting company - one that knows what they're doing.

The hosting company (not you) *can* configure the host to parse .html
files as php code - but if I saw a hosting company do that I would run
as fast as I could. It is a security risk as well as a performance
problem because every page will be parsed for php code, whether it
should be or not.
Lew Pitcher (01-11-20, 06:04 PM)
^Bart wrote:

[..]
> code in an external file named for example login.php but I don't
> understand what I should add in the html form to link it to the php's
> file :\


Put your php into another file (say "login.php") accessable as a URL, then
change
<form method="post" action="" name="login">
to
<form method="post" action="login.php" name="login">
which will direct the form's POST to the "login.php" URL
Lew Pitcher (01-11-20, 06:52 PM)
^Bart wrote:

> Ok!
> But... some shared servers point to index.html so I'd like to have a
> *.html file where I'd like to link an external *.php file...


For those servers, if you cannot change them to point directly at index.php,
you could always change those index.html files to read something like
<html>
<head><meta http-equiv="refresh" content="0,url=index.php" /><head>
<body>Please stand by while we direct you to the login page</body>
</html>
which should immediately cause the browser to GET "index.php" once it
retrieves "index.html".

Note that you can vary the target URL to point to any page, including
"login.php".
Lew Pitcher (01-11-20, 06:54 PM)
Lew Pitcher wrote:

> ^Bart wrote:
> For those servers, if you cannot change them to point directly at
> index.php, you could always change those index.html files to read
> something like


Correction...

> <html>
> <head><meta http-equiv="refresh" content="0,url=index.php" /><head>


That should be
<head><meta http-equiv="refresh" content="0;url=index.php" /><head>
Note the semicolon dividing the refresh time and the target url
[..]
Arno Welzel (01-11-20, 07:52 PM)
^Bart:

> I have this code in my html page:
> <body>
> <div id="login">
> <form method="post" action="" name="login"> [...]
> Now I have also php code above in the same file but I'd like to save php
> code in an external file named for example login.php but I don't
> understand what I should add in the html form to link it to the php's
> file :\


I advise you to first learn the basics of HTML, PHP and how web servers
work before you try to create anything which is available to the public.
Pierre Jelenc (01-12-20, 12:23 AM)
In article <qvcqip$6bl$1>,
Jerry Stuckle <jstucklex> wrote:
>The hosting company (not you) *can* configure the host to parse .html
>files as php code - but if I saw a hosting company do that I would run
>as fast as I could. It is a security risk


Why is that?

> as well as a performance
>problem because every page will be parsed for php code, whether it
>should be or not.


Except if every page has PHP scripts anyway...

Pierre
Jerry Stuckle (01-12-20, 01:14 AM)
On 1/11/2020 5:23 PM, Pierre Jelenc wrote:
> In article <qvcqipbl>,
> Jerry Stuckle <jstucklex> wrote:
> Why is that?
> Except if every page has PHP scripts anyway...
> Pierre


Then each page should have a .php extension. Parsing .html files as php
code is still a huge security exposure. And any decent sized site will
have pages that don't contain any php code. TOC and privacy statement
pages come to mind for a start. So do About Us and other common pages.

And that's just the start.
^Bart (01-12-20, 01:45 AM)
> Correction...
> That should be
> <head><meta http-equiv="refresh" content="0;url=index.php" /><head>
> Note the semicolon dividing the refresh time and the target url


Thanks! :)

^Bart
Pierre Jelenc (01-12-20, 02:26 AM)
In article <qvdkrp$eq7$1>,
Jerry Stuckle <jstucklex> wrote:
>On 1/11/2020 5:23 PM, Pierre Jelenc wrote:
>Then each page should have a .php extension. Parsing .html files as php
>code is still a huge security exposure.


But why? I understand that poorly-written PHP is a risk, but that's
independent of the file extension.

> And any decent sized site will have pages that don't contain any php
>code.


Not all sites are large, though.

> TOC and privacy statement pages come to mind for a start. So do
>About Us and other common pages.


Unless they all contain common elements, that are conveniently inserted
via include, require, auto-prepend, auto-append, and the like. Sure, it's
wasting a few cpu cycles and file overheads, but that's not much a problem
with modern hardware, while it makes maintenance far easier when there's
only one file to edit instead of 20. Any site with a menu will benefit
from needing to edit a single included file.

Of course there's SSI, but that does not allow tweaking the include on the
fly, such as highlighting the name the page currently loaded and disabling
its link in the menu.

Pierre