Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82843
Newest Member: hx47
Latest Articles

Simple PHP Form

Arrow Image Here is a simple PHP form tutorial to help people whom are just starting PHP



What you will need:
Understanding of HTML Forms
Simple Understanding in PHP
A Web host or Apache (http://www.awardspace.com has ok PHP hosting for free)

In this tutorial I will teach all of you who do not already how to create a basic PHP form. So let\'s begin

First, start with the basic HTML Tags.
<HTML>
<BODY>
<HEAD>
<META>
<TITLE></TITLE>
</HEAD>
</BODY>
</HTML>

After you have your basic HTML done you then need to create a form you do this by putting in the \"form\" tag and setting up all of the requirements, like this:
<FORM ACTION=\"Filename Here\" METHOD=\"POST\">

The form tag begins the form the action is where the code is being sent.... or outputted. POST is what is happening to the information submitted. In this case it is going to be posted into the web page.

After you have the requirements filled out you must add some input fields. Like this
Username:
<BR>
<Input type=\"text\" name=\"uname\">
<BR>
Password:
<BR>
<input type=\"password\" name=\"pass\">
<BR>
<input type=\"submit\" name=\"sub\" value=\"SUBMIT\">
</FORM>

The text that says Username and Password, is just that, text not some kind of code, also you can add more fields to this. The input commands are very straight forward, it shows what will be inputted to the specified area in this case i will use index.php as an example. So the Username that is inserted into that field will be inputted into the web page, this is the same with the Password field. The \"type\" tells what kind of text will be inserted, so type=\"text\" means that you will see plain text and type=\"password\" means that you will see password text i.e. ***** then the name(s) specifies what it is... So the name=\"uname\" means that it is part of the \"uname\" group, the same goes for password.

Now, you need to start out the php.
<?php
?>
That is what you will star with to begin your PHP

Now, you will need to use these commands:
if($_POST[\'sub\'])

{

$u = $_POST[\'uname\'];
$p = $_POST[\'pass\'];

if ($u =\"\" | $p=\"\");

{
echo \'Please enter a username or password\';
}
else
{
echo $_POST[\'uname\'];
echo \'thanks for signing in! Your password is:\';
echo $_POST[\'pass\'];
}
}
?>

Basically, this tells the web page what was inputted and tells it what to do with the information. The if command tells what to do \"if\" something happens, so if it says the beginning code says if ($_POST[\'sub\']) *Note: sub = the name of the submit button* this means that it posts what is submitted. Now, $u = $_POST[\'uname\']; renames the variable, in this case, I changed the variable to u instead of uname, same thing for pass. The if (u=\"\" | p=\"\"); means that if the username has nothing in it or password has nothing in it, it will show up as an error, that I configured with the echo command. The echo command is the command that actually displays something on the webpage through the PHP. The Open brackets { mean that the this is where the code starts then the closed bracket } means the opposite. The closed brackets at the end mean that all the php code is done, then you can end the PHP with ?>

Here is an Example of what the php codes will look like in an actual script:

<HTML>
<BODY>
<HEAD>
<TITLE>HellBoundHackers.org</TITLE>
<STYLE TYPE=\"TEXT/CSS\">
body
{
background-url : ./images/bg
}
a:link {color : black}
</STYLE>
</HEAD>
<FORM ACTION=\"members.php\" METHOD=\"POST\">
Username:
<BR>
<INPUT TYPE=\"text\" NAME=\"uname\" value=\"\">
<BR>
Password
<INPUT TYPE=\"password\" NAME=\"pass\" value=\"\">
<BR>
<INPUT TYPE=\"SUBMIT\" NAME=\"sub\" VALUE=\"Submit Information\">
</FORM>
</Body>
</HTML>

<?php
/***************
*Code By: Coolprogram
****************/

if($_POST[\'sub\'])

{

$uname = $_POST[\'uname\'];
$pass = $_POST[\'pass\'];

if($uname == \'\'| $pass ==\'\' )

{

echo \' <font color=\"red\">You may have misspelled your username or password</font>\';

}

else

{
echo $_POST[\'uname\'];
echo \' thank you for logging in. <BR> Do not forget your password: \';
echo $_POST[\'pass\'];
}

}

?>

I hope this helps some people here with setting up forms in PHP, if you have any questions feel free to PM me.
-Coolprogram

Comments

spywareon June 18 2008 - 18:18:57
Ugh. Horrid coding style. Rating this the worst I can.
Feralason June 18 2008 - 21:07:54
Vulnerability meter is at 100% on this one.
fashizzlepopon June 18 2008 - 22:34:41
Not smart to teach people the most WRONG way they can possibly do it.
coolprogramon June 19 2008 - 01:31:37
Spyware: I am sorry that you do not like my coding style, that is all I can say about your post, I wish I could say something more Sad LOLz Feralas: Read the Description it says "Here is a simple PHP form tutorial to help people whom are just starting PHP" This means that it is for people that do not know very much PHP or any at all. Hence I did not see it necessary to put in any codes that may confuse them. Again, this is basic that is why it is so vulnerable. As I said before I did not want to add anything that may confuse people who are new to PHP. fashizzle: I ask you 'o wise one how is there a wrong way to code? That's like saying there is a wrong way to breath in air. There is no wrong way to code, some techniques may be better than others like I am sure as of right now, from your post, that your style of coding is so much more superior to everyone else's. Quite frankly, I could care less that you all posted these comments, I just do not wish to have the same comments over and over on this article. And if I seem angry at you because of your comments, I am sorry. I am a little agitated but not angry. *Although I am sure you wouldn't even care if I was angry at you LOLz.* Again, if it comes off as me being angry I am sorry. Thank You -Coolprogram
fashizzlepopon June 19 2008 - 06:49:35
I'm sorry coolprogram if I came off as I'm superior to everybody else. I just meant that HBH tests SECURITY and VULNERABILITIES and I would hope that the basic is NOT just good enough(and when it comes to security i consider it the most "wrong way" of doing it). I thought you should have at least put a disclaimer about what the security issues were and why they are important. Now for anybody reading the comments hopefully they will fully understand a "next step." I would hope that would come out with a second article covering the security and advanced features of PHP and forms whilst still keeping it basic. (Maybe this was your plan. Smile idk)
Mouzion June 19 2008 - 08:07:09
"Again, this is basic that is why it is so vulnerable." I think SECURITY should be the BASIC thing. It should be the thing to learn first before you go and get your site messed up. Also I think people should learn writing valid (X)HTML right from the beginning. It's not that confusing and at least you don't have to learn it later when it's more difficult to get rid of your habits. And btw is this even working? if ($u ="" | $p=""Wink; Shouldn't it be == for this to work? And I'd use null in place of "" : P
fashizzlepopon June 19 2008 - 09:01:36
Exactly my point Mouzi
coolprogramon June 19 2008 - 09:36:58
Yes, security is important. Yes, I should have put a disclaimer in the article stating that the codes were very vulnerable. Yes, null is better than "". Yes, it should be == LOLz I made two errors which in fact would screw up the entire script,thank you for bringing that to the attention of everybody Smile but if you look at the code at the end, it is == LOLz. Mouzi have you had experience with PHP? I am guessing so. Therefore you would obviously think Security to be a basic necessity, which it would be if this tutorial was aimed for those who have a good grip on PHP. This was not meant to actually be put up on a site, but just an introduction to what PHP forms are and can do. Also, when I began learning PHP the first time I learned about forms I did not learn about vulnerabilities as I am sure a lot of people out there *Not necessarily here* did not. If anybody else sees something wrong with the code that I did not see while I was proofing it please post it here. I will not have very much time on these forums after tonight but, if someone does not, I will try to make a tutorial about more security rather than just basic PHP. Thank you all for the comments, at least your reading the article LOLz -Coolprogram
mastergameron June 19 2008 - 12:07:23
Coolprogram: Do you actually have any idea about PHP? The code you posted is not only horribly formatted and explained poorly, it doesn't even work. Comparing the values of variables needs two = signs, and OR needs two |'s. Also, you're not "renaming" the variables, you're declaring a new one with the value of the original. The original variable is unchanged. Rated poor.
mastergameron June 19 2008 - 12:09:41
Addition: Your HTML isn't even correct or standards compliant.
Uber0non June 19 2008 - 14:30:20
Also, the <BODY> tag shouldn't begin before the <HEAD> tag... It's supposed to start after </HEAD> :right:
Mouzion June 19 2008 - 15:39:54
"Also, when I began learning PHP the first time I learned about forms I did not learn about vulnerabilities as I am sure a lot of people out there *Not necessarily here* did not." I didn't mean that it is how people HAVE learned it, I meant that it is MY OPINION of what SHOULD be learned first before you go and get your site messed up. : ) I didn't learn about security either when I was learning PHP for the first time. But have you seen many tutorials talk about security? Well maybe they should talk more about it. : P That's my point.
ranmaon June 20 2008 - 01:36:29
I'm sorry, but this is the first 'poor' rating I've ever given (mostly because I don't rate much). The code was not compliant with standards and messy. I'm sorry everyone came down hard on your attempt to help. Better luck next time.
korgon June 29 2008 - 03:29:19
Terrible, Learn html,php and some basics. Too busy puking to type more -10/10
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.