Access denied

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Access denied

Postby alonushka » 19. June 2010 18:32

Hello
I am using windows 7
I wrote a very simple code in php
I try to run it on localhost but getting access denied
I tryed to set the C:\xampp\apache\conf\extra\httpd-xampp.conf -> allow from all but still no luck
please help me

the code: </html>
<head>
<title>A BASIC HTML FORM</title>
<?PHP
if(isset($submit)) {
print ("SUCCESS!");
}
?>
</head>
<body>
<form action="<?= $php_SELF ?>" method="POST">
<Input Type = "text" Value ="username" Name ="username">
<Input Type = "Submit" Name = "Submit" Value = "Login">
</FORM>
</body>
</html>
alonushka
 
Posts: 1
Joined: 19. June 2010 18:06

Re: Access denied

Postby Altrea » 19. June 2010 20:50

alonushka wrote:Hello
I am using windows 7
I wrote a very simple code in php]/quote]
[...]
the code: </html>
<head>
<title>A BASIC HTML FORM</title>
<?PHP
if(isset($submit)) {
print ("SUCCESS!");
}
?>
</head>
<body>
<form action="<?= $php_SELF ?>" method="POST">
<Input Type = "text" Value ="username" Name ="username">
<Input Type = "Submit" Name = "Submit" Value = "Login">
</FORM>
</body>
</html>


Your code does have several errors:
Code: Select all
</html>
<head>
[...]

The first Tag should be a html-open-tag, no html-end-tag

Code: Select all
[...]
<head>
<title>A BASIC HTML FORM</title>
<?PHP
if(isset($submit)) {
print ("SUCCESS!");
}
?>
</head>
[...]


- All outputs you want to see in your Browser (exept of the Browser-title-bar) have to be placed inside the <body>-Tags, not the <head>-Tags.
btw: you havent defined a $submit variable. I will show you later in this post.

Code: Select all
[...]
<body>
<form action="<?= $php_SELF ?>" method="POST">
<Input Type = "text" Value ="username" Name ="username">
<Input Type = "Submit" Name = "Submit" Value = "Login">
</FORM>
</body>
</html>


- you open a form, but don't close it correct. <form> is not the same as <FORM>.
- You defined two POST-Variables (username. Submit). If you submit your form, these Values will be transformed into the superglobal Array $_POST (in your case to $_POST['username'] and $_POST['Submit']). It will not be automatically transformed to a local variable $Submit! If you want to use a local variable, you had to create it manually (e.g. $submit = $_POST['Submit'];)
- And again: $_POST['Submit'] is not the same as $_POST['submit']!
- <?= is short Syntax. If you want to use this, you have to check if its enabled in the php.ini. Otherwise enable it or better, use the full syntax <?php echo.
- PHP_SELF is part of the superglobal $_SERVER Array. if you want to use it, you had to use the array ($_SERVER['PHP_SELF'] instead of $PHP_SELF).
- It's not safe to use Usergenerated Values without a filter (PHP_SELF is partly User_generated). Use the PHP-function htmlentities() to filter this Value. (e.g. your form open tag should be this: <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" action="POST">

Your correct form could be something like this:
Code: Select all
<?PHP
if(isset($_POST['submit'])) {
print ("SUCCESS!");
}
?>

<html>
<head>
<title>A BASIC HTML FORM</title>
</head>
<body>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="POST">
<input type="text" value="username" name="username">
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>



Some more hints:
Your HTML-Code is not very clean. The mix of tags and attributes with uppercase beginning can produce some unexpected errors in casesensitive languages (like PHP).
Use one of the HTML-Coding-standards (HTML 4.01 or XHTML1.0) and use validators to check your code.


@wole:
wole wrote:Und auch die idotischen Fehler im Quelltext passen nicht zu der Frage.

Macht im ersten Moment den Anschein, doch der Fehlercode 403 ist normal, wenn man sich vor Augen führt, was beim abschicken des Formulars mit short_open_tags passiert, wenn diese deaktiviert sind.

wole wrote:Ich habe hier ein sehr schlechtes Gefühl das mit der Frage bzw. der Antwort Schindluder getrieben werden soll.

So wie der Code geschrieben ist, habe ich eher die Befürchtung, dass hier jemand gerade anfängt mit Formularverarbeitung und auch nochnicht solange HTML schreibt.
Was die Gefahr von PHP_SELF in Hinblick auf XSS betrifft, so ist diese Gefahr nicht größer als bei allen anderen vom User generierten Inhalten. Hier böse Absicht zu unterstellen halte ich vielleicht ein wenig überängstlich :D
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8293
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 63 guests