PHPSESSID appears in form arbitrarily - forms

I have a login form written in PHP and each time I start the browser and go to the respective page, the first field of the form is this:
<input type="hidden" name="PHPSESSID" value="session_id_code" />
If I close the window, but I don't restart the browser, this doesn't happen. Any idea what's happening and why?
Thanks!
Form's code:
<?php
if (condition) {
?>
<form method="post" action="">
<dl>
<dt>Email:</dt>
<dd><input type="text" name="useremail" /></dd>
<dt>Password:</dt>
<dd>
<input type="password" name="userpass" /></dd>
<dt class="dt-buttons"><input type="submit" name="button_login" value="Login" class="button" /></dt>
</dl>
<input type="hidden" name="formkey" id="formkey" value="224ca00155w2fcda8906e1e40af03a71" />
</form>
<?php
}
?>
The form is simple HTML and is not dynamically generated.
EDIT2:
As I was saying, when I access the page for the first time after I started the browser, this thing happens. If I refresh the page afterwards, the hidden field doesn't show up.
Is it possible to have something to do with the SSL certificate? And if yes, why some pages/forms behave like this and some don't?

Sounds like you've got trans_sid enabled (transparent session id). Using trans_sid can be a security issue, especially if your site links to external content, or you allow link sharing - it lets a user's session ID leak out as part of the URL, meaning the session is highly vulnerable to hijacking.

Related

Ionic 3 form still warning me: "Password field is not contained in a form"

I'm new to the Ionic framework, and I'm using Ionic 3.
Even though I use a form in my app, I'm still getting this warning in the browser:
[DOM] Password field is not contained in a form:
Why is that, and how can I fix it?
What is it?*
Chromium project (mostly Google Chrome) wants to change the world and make all passwords, as well as all form data autosaved and autofilled by default. The people behind this decision claim that will make the web safer†. While Firefox also promotes autosaved and autofilled form data, Chrome goes further admonishing web developers to comply with form element scoping that's more convenient for the browser.
At the same time, Google Chrome uses heuristics to determine what a "form" is on the web page and doesn't actually need individual form elements to be wrapped in a <form> element.
Additionally, Google Chrome treats all web pages, all forms and all form fields as if they are filled by the end user, where password is user's own password. A use-case where e.g. company administrator fills in new joiner's initial password is not supported.
The shortened URL in the form takes you to Create Amazing Password Forms page the the Chromium projects. Today the text there is very patronising, thus I'll omit the link.
†I neither claim to agree with Chrome/Chromium, nor claim that Google is in the position to profit from autofill via lock-in or access to user data; that's out of scope.
How can I fix it?
Simple: ignore it.
It's only a notice in developer tools in one of the major browsers.
Solution 1:
I think you are using Chrome browser. If you will try on Mozilla, it will not give the error. Please refer to this link for more details:
https://github.com/aws-amplify/amplify-js/issues/165
Here is the example:
<div className="myform" onSubmit={this.validateLogin()}>
<div className="myformgroup">
<label>Email</label>
<input type="text" placeholder="Email" id="email"></input>
</div>
<div className="myformgroup">
<label>Password</label>
<input type="password" placeholder="Enter the Password" id="mypassword" value=""/>
</div>
<div className="myformgroup">
<button type="submit" id="loginButton">Login</button>
</div>
</div>
Is returning the password field is not contained in a form.
Solution 1:
After changing the master div tag to a form as I have in the following:
<form className="myform" onSubmit={this.validateLogin()}>
<div className="myformgroup">
<label>Email</label>
<input type="text" placeholder="Email" id="email"></input>
</div>
<div className="myformgroup">
<label>Password</label>
<input type="password" placeholder="Enter the Password" id="mypassword" value=""/>
</div>
<div className="myformgroup">
<button type="submit" id="loginButton">Login</button>
</div>
</form>
it will not return the warning.
Solution 2:
Install aws-amplify in your project directory as explained in https://github.com/aws-amplify/amplify-js.

Submit button for my contact form is not submitting and redirecting

I'm working on my second website and throughout creating this one and my first the people here on StackOverflow have been an amazing help.
I can just browse and find almost anything I wan't to know.
99% of problems I've had, I fixed with answers I've read on here.
So first of thank you all so much!
This is the first time I'm posting something because I'm not able to find the specific answer for my code.
There are people one here with the same problems but when I look at their code I'm just lost.
I know html a fair bit by now. It's the php that I'm clueless about.
I'm not looking for something fancy, I'm just trying to create a simple contact form.
So here is my question and code, I hope some of you are able to help me.
I used an PHP code from a youtube tutorial and it's deadeasy (as said before: first time PHP) yet I can't get it to work. Although I'm doing everything the same as the man in the clip. He shows his is working so I'm extremely curious as to way mine is not?
My form does not 'send' and after clicking the submit button I don't get the 'thank you' line.
here is the html:
<form method="post" action="contactform" name="contactform" id="contactform">
<ol>
<li>
<label for="voornaam">Voornaam</label>
<input type="text" name="voornaam" />
</li>
<li>
<label for="achternaam">Achternaam</label>
<input type="text" name="achternaam" />
</li>
<li>
<label for="telefoon">Telefoon Nummer</label>
<input type="text" name="telefoon" />
</li>
<li>
<label for="email">E-mail Adres</label>
<input type="text" name="email" />
</li>
<li>
<label for="bericht">Type hier je bericht</label>
<textarea name="bericht"></textarea>
</li>
<li>
<input name="submit" type="submit" value="submit" />
<input name="reset" type="reset" value="reset" />
</li>
</ol>
</form>
and the PHP:
<?php
$voornaam = $_POST ['voornaam'];
$achternaam = $_POST ['achternaam'];
$telefoon = $_POST ['telefoon'];
$email = $_POST ['email'];
$bericht = $_POST ['bericht'];
$to = "felicevancuyk#gmail.com";
$subject = "dkl groep bericht";
mail ($to, $subject, $bericht, "From " . $voornaam . $achternaam . $telefoon};
echo "Bedankt. We nemen zo snel mogelijk contact met u op.";
?>
It could be that your action is not set correctly:
<form method="post" action="contactform" name="contactform" id="contactform">
This action tag is the URL that the form is sent to. In the above example you gave, it doesn't appear to be a file name. You want it to be something like this:
<form method="post" action="http://mysite.com/process-form.php" name="contactform" id="contactform">
Also note that in your example PHP code you are emailing responses to the form without cleaning those responses. Someone could send malicious code to your server if you don't clean the data first.
Something like:
$cleaned_voornaam = preg_replace("/[^ 0-9a-zA-Z]/", "_", $_POST['voornaam']);
Good luck!
You have to just change your action attribute of first line of code to the page where you want to process your form. It may be the same page but it is recommend to be on another page. Here is an example to submit the form in the same page:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" name="contactform" id="contactform">
Don't forget if you are submitting on the same page as like the above example then your page should be in .php extension otherwise it will not work.
Another case for submit not submitting is that html is malformed.
Just happened that my code was inserting a php error in the middle of my html form.
fixed the error, the submit is working again.
In my case, no js involved at all

How do I get this Newletter Form to work?

I'm not sure what to put in for href:\ Should I reference a mailhandler.php or use a mailto: command? Or is there something better?
<h3 class="margin-bot">Newsletter!</h3>
<form id="subscribe-form" name="sibscribe" method="post">
<label><input class="subscribetext" type="text" onFocus="if(this.value =='Enter E-mail:' ) this.value=''" onBlur="if(this.value=='') this.value='Enter E-mail:'" value="Enter E-mail:" name="keyword" /></label>
<a onClick="document.getElementById('subscribe-form').submit()" class="button" href="#">subscribe</a>
</form>
I think it is meant for the site to which you get after pressing the subscribe button. Preferably the page the form was implemented in (for example to return to the index.html).
You can try it by testing it here on jsfiddle (http://jsfiddle.net). Just put an URL in the field where now is the # and after pressing subscribe you will see that you'll be redirected to that page.

IE 9 Clears Form Fields

This is a really strange issue that I cannot seem to solve. On a WordPress site, I have several forms (login, registration, and other) outputted on a site via short codes. When the forms are submitted, their data is processed via an "init" hook that listens for the $_POST data.
Note, the site is running WordPress, but I have deemed this to not be a WordPress issue, which is why I'm posting here.
When the forms are submitted in IE 9, all fields are cleared of the values when clicking submit. For example, let's say there is an input field with a name of "username", and the field's value is set to "johndoe"; when submitting the form through any browser besides IE 9 (include 7 and 8), the data comes in like this:
$_POST['username'] = 'johndoe'
Exactly as expected.
However, when the form is submitted with IE9, it comes out like this:
$_POST['username'] = ''
As far as I can tell, it happens with every form on the site.
The custom login form I've built, for example, looks like this:
<form id="re_login_form" class="re_login_form" action="" method="post">
<fieldset>
<label for="re_user_Login"><?php _e('Username', 're'); ?></label>
<input name="re_user_login" id="re_user_login" class="required" type="text" title="<?php _e('Username', 're'); ?>"/>
</fieldset>
<fieldset>
<label for="re_user_pass"><?php _e('Password', 're'); ?></label>
<input name="re_user_pass" id="re_user_pass" class="password required" type="password"/>
</fieldset>
<fieldset class="form-action">
<input type="hidden" name="refalf_redirect" value="<?php echo $redirect; ?>"/>
<input type="hidden" name="re_login_nonce" value="<?php echo wp_create_nonce('re-login-nonce'); ?>"/>
<input id="re_login_submit" type="submit" class="button re_submit" value="<?php _e('Log In', 're'); ?>"/>
<p class="forgot-password"><?php _e('Lost Password?', 're'); ?></p>
</fieldset>
</form>
One of the things that is extra interesting is that the fields are visibly cleared of their values when clicking submit in IE9. It's also as though the submit button is triggering something in IE9 that clears the fields.
Anyone have any ideas?
I was able to solve this by giving each input field a placeholder attribute. I still don't know why that made it work, but when the placeholder was present, everything worked fine.
You're not alone..
See for instance http://social.msdn.microsoft.com/Forums/en-US/iewebdevelopment/thread/afda3def-b0be-431d-a9fc-c40dd7cb2fa4
Easiest test is at http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_form_mail
I just experienced a bit similar case: IE9 posted back a form only partially; some values were cleared upon submit. I tested submitting form with IE9, IE10, IE11, Chrome36, FF31 and all others worked fine except IE9.
So I checked the markup and there was another form nested inside the main form page which actually did not have any input fields or submit buttons it had been created by some automated template/editor software.
After I removed those extra form nodes, IE9 started to submit all fields. I worked with ASP.NET 4.5 MVC4.

Clicking submit clears file field instead of submitting the form (IE9)

I got a weird error I hope you guys can help with.
Sometimes when the user tries to submit a form the file upload field image just clears and nothing happens. I doesn't seems like the form get submitted at all.
Then the day after everything works fine. The error occurs on random days/times.
First I thought it was a problem with the users computer but this happens on two different computers the customer has. One of the computers has Windows 7 professional & Internet Explorer 9. I don't have the setup on the other one.
I have tried with Google Chrome, Firefox 6.0.2, Internet Explorer 9, 8 (browser compatibility mode), 7 (browser compatibility mode) on windows 7 home with no problems at all on my computer.
Here is the form:
<form action="/user/image" method="post" accept-charset="utf-8" class="form_default" enctype="multipart/form-data">
<fieldset>
<ol>
<li>
<button type="submit" name="save" value="submit" class="button">Save</button>
</li>
<li>
<label for="image">Profile image</label><input type="file" id="image" name="image" />
</li>
<li>
<button type="submit" name="save" value="submit" class="button">Save</button>
</li>
</ol>
</fieldset>
</form>
There should be only 1 submit button per form.
So keep 1 save button as type="submit" ,change another to type="button"
Try using input instead of button, good luck!
ex
<input type="submit" name="mysubmit" value="Click!" />
you should use:
<input type="button" onclick="customFunction" />
write what you want to do in customFunction(javascript)
There is no clever workarounds for this, IE9 does not allow a file to be tampered with via JavaScript probably for security reasons.
First of all, pls let us see your php coding to send this form....
Usually form submission errors such as this have server-side coding errors..
Maybe you should check out your PHP coding and see what happens in your
$_POST['save']
area....
Hope this helps... :)