Jump to content
Larry Ullman's Book Forums

Recommended Posts

The login.php script and add_page.php script, in Chapter 9, both begin by creating a new instance of quickform2 as $form.  Then the script tests for "POST" in order to process the $form data ELSE display a blank $form for user input.


How does the login.php script run twice without creating an empty $form object each time it runs?  In other words, when a $form "submit" occurs; how does the $form object RETURN to the "if($_SERVER['REQUEST_METHOD] == 'POST" section of the login.php script, thereby, bypassing the beginning of the script.  The beginning of the script would use the variable $form to create a new instance of quickform2 which would seem to me to over write the form data being submitted?


Thank you, I am excited to learn from your books.



Link to comment
Share on other sites

Sorry, I should have posted the scripts .. they are short as follows:

<?php # login.php - 9.11
// This page both displays and handles the login form.
// Need the utilities file:
// Create a new form:
//set_include_path(get_include_path() . PATH_SEPARATOR . '/usr/local/pear/share/pear/');
set_include_path(get_include_path() . PATH_SEPARATOR .'/home/content/93/11035593/html/PEAR/');
$form = new HTML_QuickForm2('loginForm');
// Add the email address:
$email = $form->addElement('text', 'email');
$email->setLabel('Email Address');
$email->addRule('required', 'Please enter your email address.');
$email->addRule('email', 'Please enter your email address.');
// Add the password field:
$password = $form->addElement('password', 'pass');
$password->addRule('required', 'Please enter your password.');
// Add the submit button:
$form->addElement('submit', 'submit', array('value'=>'Login'));
// Check for a form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form submission
    // Validate the form data:
    if ($form->validate()) {
        // Check against the database:
        $q = 'SELECT id, userType, username, email FROM tblUsers WHERE email=:email AND pass=SHA1(:pass)';
        $stmt = $pdo->prepare($q);
        $r = $stmt->execute(array(':email' => $email->getValue(), ':pass' => $password->getValue()));
        // Try to fetch the results:
        if ($r) {
            $stmt->setFetchMode(PDO::FETCH_CLASS, 'User');
            $user = $stmt->fetch();
        // Store the user in the session and redirect:
        if ($user) {
            // Store in a session:
            $_SESSION['user'] = $user;
            // Redirect:
    } // End of form validation IF.
} // End of form submission IF.
// Show the login page:
$pageTitle = 'Login';
<!-- # login.html - Script 9.12 -->
<section class="threeColumns">
        <p>Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt.</p>
<article class="twoThirds">
   <?php if ($form->isSubmitted() && $form->validate()) {
       echo '<p class="error">The values submitted do not match those on file!</p>';
   <?php echo $form; ?>
Link to comment
Share on other sites

Sorry for the delay. I think the confusion comes from how HTML_QuickForm2 works. Take the login script as an example. On line 10 of the script, a new QF object is created (whether the form has been submitted or not). Then the form object is defined (elements are added). If the QF object has access to matching data (i.e., from a form submission), then QF will automatically populate the values of those fields using that submitted data. So when I check for the server method (to confirm submission), the QF object already has access to the form data. Does that make more sense?

Link to comment
Share on other sites


  • Create New...